From Steve Jobs: Third-party iPhone SDK in early '08

Steve Jobs just issued a letter in response to criticism of Apple's decision to keep iPhone closed to third-party developers. The full text of the letter can be found at Apple Hot News. What follows is my commentary on Jobs' text. I have not included his full letter, only the portions on which I chose to comment. Jobs' text is set off in italics.

Let me just say it: We want native third party applications on the iPhone, and we plan to have an SDK in developers’ hands in February. We are excited about creating a vibrant third party developer community around the iPhone and enabling hundreds of new applications for our users.

iPhone crackers can quit gloating. This isn't their win. It's a response to customers and alignment of policy with the state of the mobile device market. iPhone can't reach consumers like me because show-stopper apps and functionality, like TeleNav turn-by-turn navigation and Java MIDP, will never work on the phone, but work on all other devices I'd carry.

It will take until February to release an SDK because we’re trying to do two diametrically opposed things at once—provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc.

Agreed. Having an SDK without tight security is as inadvisable as having no SDK. I'm adamant on this point.

Mobile devices are constantly connected to the Internet, and like PC users, most wireless subscribers haven't the faintest idea how to respond to firewall pop-ups like "Grant application xxx access to the Internet?" All a hacker needs to do is give malware an important-sounding name like "cingular_update" to get 95 percent of phone users to let it run amok.

This is no easy task. Some claim that viruses and malware are not a problem on mobile phones—this is simply not true.

Correct, but for balance's sake, let's say that cell phone users assume that the cellular network is safe and secure, and that operators cultivate that assumption because it's good for business.

Some companies are already taking action. Nokia, for example, is not allowing any applications to be loaded onto some of their newest phones unless they have a digital signature that can be traced back to a known developer.

Requiring signed apps is cool with me as long as phone manufacturers don't turn software registration into a developer tax. Nokia grants free signatures to freeware authors, and developers can self-sign software for testing, but commercial signatures cost money.

Nokia also lets users disable application signature checking on their phones.

Prior to delivering an SDK, I'd be pleased if Apple initiated support for Java MIDP and Flash Lite, both of which are extremely secure environments for local applications.

P.S.: The SDK will also allow developers to create applications for iPod touch.

Very smart.

Thank you, Steve.