Review: 3 PhoneGap toolkits tame mobile app development

Adobe PhoneGap

PhoneGap began as an open source project before it was absorbed by Adobe. There's still an open source version called Cordova available from the Apache Foundation and a very similar version called PhoneGap that's available under an open source license (ASF).

The principle difference is that Adobe offers a smooth Web service that turns your HTML into apps. You write the HTML, and Adobe's cloud turns it into something that runs on iOS, Android, Windows Phone, BlackBerry 5/6/7, and webOS. There's a free version that lets you build an unlimited number of open source apps, but only public apps. Professional developers can pay $10 a month for unlimited private apps.

Of course you can do all this yourself. You can fire up Xcode, Android Studio, or the tools for the other smartphones and create each on your own. PhoneGap is really six or more projects for different platforms that all implement more or less the same API. Your code should come close to running the same on all the machines, although issues often arise due to differences in hardware.

After building apps for the iPhone and Android, I can recommend the build process. Just downloading all the tools takes a long time. The job of building code has migrated to the Web, and Adobe is offering one of the first concrete and compelling tools. You put in one chunk of code for your browser and out come six different apps that run on six different platforms. That's amazing.

Though the entire process takes plenty of weight off our shoulders, it is neither as simple nor as perfect as it could be. The platforms have plenty of details that need to be filled out endlessly. The documentation, while good, can't begin to offer enough detail for every possibility.

One of the trickier issues involves creating the digital signature. Apple, Android, and BlackBerry all ask the developer to "sign" the code, essentially acting like the signature an artist applies to a masterpiece or the President creates during a fancy signing ceremony in the Rose Garden. While there's always a big gap between the symbolism and reality, there's no doubt of the legal and emotional power behind the digital signature.

Adobe asks you to upload the private keys and the passwords to its cloud. This may appear as a service, but it gives Adobe the power to create anything it wants and distribute it any way it likes. Would the company act upon this power? I'm sure the public answer approximates the word "never," but who knows about others poking around Adobe's infrastructure? What if Adobe employs someone like Ed Snowden with the ability to read files at will and impersonate others? That person could create extra apps and distribute them easily.

Adobe is not alone here. You court this potential security hole with AppGyver and Icenium as well, and in any case you can work around it. Last week I had to sign a new app, and the safest way was for me to download the complete source code, build it from scratch, then let Apple's built-in signing tool handle it automatically. The mathematics don't require a cloud of servers. Anyone can sign any digital file with the algorithms. But using Apple's tool seems to be the safest path through the system.

Adobe's Build tool also offers one other nice feature: The binary wrapper for your app can also look for new versions of the software on startup, something that Adobe calls "Hydration." This allows you to push new builds to your users without going through the standard update mechanism.

Adobe sells the Build service as part of the Creative Cloud, its latest plan to bundle all of its applications for one monthly fee that tops out at $75. There's also a free plan for testing out the service that offers one "private app" and an unlimited number of open, public apps. Separate paid programs begin at $10 a month and offer many more private apps with controlled access.