Christian Huitema's blog

Cloudy sky, waves on the sea, the sun is
shining

Walled gardens, walled spyware

05 Dec 2011

Steve Jobs justified the "walled garden" approach of the IPhone's App Store by saying that it provided freedom, freedom from spam, freedom from viruses, freedom from porn. In theory, he had a point about viruses. In theory, if all apps are properly vetted, we would never get a virus on our phone. Whether that's true in practice is matter of debate. But if Julian Assange is correct, the walled gardens allow for something even more ominous, spyware installed with the consent of the walled garden owner, such as spyware in Apple's iTune. This is even worse that installing logging spyware for the carriers' benefit, as did CarrierIQ. With the walled garden, we may not get regular spyware in theory, we just get walled spyware in practice.

Of course, there are probably layers of indirections that provide plausible deniability to the walled garden operators. Maybe they are not actually installing the spyware themselves. It seems that the various spy agencies are perfectly capable of planting a virus on somebody's PC or phone, without asking anything like a judge's permission or a search warrant. So maybe the walled garden operators do not install the spyware themselves. Maybe they just left the door open. Maybe they just forgot to fix a bug here or there.

I worked on Windows long enough to understand that eradicating all security bugs in a complex product is very hard, almost impossible. We were using all kinds of tools to improve the software quality, from manual testing to automated code analysis, stress tests, fuzz tests and many more. Our software quality improved dramatically, but we would still hear of bugs found after the code was realized. I have thus a hard time believing that the walled gardens are perfect. They may well adequately protect their operators' businesses, ensuring that the services generate enough revenues. But the average smart phone software cannot possibly be completely free of bugs, and we can be sure that hackers and spy agencies will indeed find these bugs.

The spread of viruses may well be a consequence of the openness of the PC, but the same openness also enables us to install all kinds of security products. On a PC, I can install a variety of anti-virus and other spyware detection tools. I can reinstall the software as I see fit, or I can get it reinstalled by a technician whom I trust. On a walled phone, on a walled tablet, no such luck. I will only get the software that is approved by the walled garden operators.

As Benjamin Franklin said, "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." Well, they who accept the walled gardens to obtain a little safety will get neither liberty nor safety!