Jeffrey I. Schiller
Networking, Security and Cavies

iPhone to Android

So I recently "upgraded" my iPhone 3G to a Samsung Infuse 4G. People have asked me what I think of Android after having been an iPhone user since iPhone OS 2.0 (when the 3G was released in July of 2008).

Now I will state it up front. I am biased.

I have been a linux laptop user for at least 15 years. So I am very familiar with Linux (and Unix in general). Of course both the iPhone OS (and its modern version, iOS) and Android are Unix based.

Because I am mostly a Linux user, the iPhone was never a great fit for me, because it really wants to be tethered to iTunes which runs only on Mac OS or Windows, not Linux.

I originally obtained the iPhone because MIT needed someone to add support to our certificate server to issue client X.509 certificates for the iPhone (yep, the iPhone's version of Safari supports client X.509 certificates but that, as they say, is another story). Soon afterwards I upgraded my laptop to a MacBook Pro. However I mostly used the MacBook to run VMware to run a Linux system (!!). But I had iTunes and life was OK. But for the last year I have mostly been using a Linux netbook computer instead of my MacBook Pro (I wanted to carry around a smaller and lighter load). So my iPhone was mostly never tethered. Which means updates (and for the most part uploaded media, like songs) pretty much stopped. I had also jailbroken the phone so that I could run apps that Apple did not approve of (more on this shortly). Updating a jailbroken phone is a pain...

So a few weeks ago I purchased my Samsung phone. I chose the Samsung because it seemed to have the features I wanted, and was available on the AT&T network. I won't go into why I stayed with AT&T, but I have my reasons (maybe in another post). I will say that I have been satisfied with the service I get from AT&T, so I didn't feel compelled to switch.

I am very happy!

Of course the new phone is a much more capable hardware platform, having the benefit of 3 years of evolution in the smartphone business. It has a better camera, a nicer (and larger) screen, etc. The Samsung does not have a hardware keyboard, so like the iPhone you use an on screen virtual keyboard.

But let's compare iOS to Android... that is sort of the point, though I seem to have taken my time getting to it :-)

The first thing I noticed was the larger number of buttons, in particular where the iPhone simply had a "Home" button, the Sumsung (and I believe other Android phones) have a series of four buttons on the botton, "Menu", "Home", "Back" and "Search."

All of the apps that I used on the iPhone were available for the Android phone. I have read in the press that there are more apps available for the iPhone. Of course the real question should be does the iPhone have more *useful* apps. I don't know.

In particular the Android came with Google's turn by turn directions app. On the iPhone I only found two kinds of navigation apps. Apps that were expensive, but had a one time fee. Such apps were also slow because they contained all of the map tiles as part of the app. And apps such as Mapquest's navigator which requires a monthly or yearly fee, paid via in-app purchase. I will note that I wasn't able to use the navigator app for the last few months because in-app purchase for the version of iPhone OS I was running stopped working. And upgrading was going to be a pain (see above).

But ultimately one of the key benefits of the Android platform can be reduced to one word: "Freedom!"

Whereas only software (and apps) approved by Apple can run on the iPhone, there is no similar central authority for Android. This has its negatives, namely there is a bit more of "buyer beware" on Android, as there isn't Apple's nannies to watch out for you. But it also means that you can do things that Apple has decided that you shouldn't be able to do, for their own business reasons. For example recently Apple changed their terms and conditions for app developers so that if they use in-app purchase (say for a Book via Amazon's Kindle app), Apple gets a 30% cut. Which quite frankly is ridiculous! Yet they do it because they can get away with it. The result is that most publishers have removed the ability to purchase content from within their apps. Instead the end-user has to use Safari to go to the publisher's website to make a purchase. There is no such nonsense on the Android platform.

iOS only runs on Apple hardware. However Android is really an eco-system, complete with competing hardware vendors. I am a big fan of competition, so I like this. The phone vendors can also customize Android as they need to (whether or not this is a good thing is yet to be determined). For me this means that my phone came with a choice of three different virtual keyboards. The normal "Android" style virtual keyboard, which is quite nice. A "Samsung" variant, which I like less, but to be fair I haven't worked with it as much. The third one, which is the one I have settled on for now is called the "Swype" keyboard. You just glide you fingers from key to key to use it. Its quite cool (http://swypeinc.com/).

I jailbroke my iPhone. Have I "rooted" (the Andoid equivalent) my Android phone? Yes and No. I am a hacker (in the good sense of the term) at heart, so of course I want to poke around with my phone, particularly since it is running Linux. I have manually run the current exploit code to obtain a "root" shell on my phone to poke around with (mostly peek really). But I have not made any modifications to the phone itself, so it isn't permanently "rooted."

What is interesting is that whereas I needed to jailbreak my iPhone in order to do the things I wanted to do with it, I don't need to "root" my Android phone to do those same things. Keep in mind that none of the things I want to do involve stealing service or unlocking the phone or SIM.

I'll conclude with a comment about security. There is a real conundrum in the security world. As professionals we have yet to come up with a security paradigm that offers freedom for end-users as well as strong security.

The Android platform offers a secure sandbox for apps to run in. Yet we hear about all kinds of malware on the Android platform. How is that? Keep in mind that malware doesn't have to violate the security policies (or sandbox) on the phone to be malware. It just has to do things that are "nasty" either to the end-user or to the community in general (like say, sending text messages to overseas numbers that then charge a fortune). Such functions are restricted by the Android sandbox. However legitimate apps need to do things (like send text messages!) from time to time. So one aspect of the sandbox is that when you install an app, you are presented with a list of privileges that it requires. You have to approve the installation with the knowledge of these requirements.

The problem is that people just hit "OK" granting whatever permission an app wants. The trade press have articles where they tell people to be careful with what privileges an app asks for. A simple app that plays a game probably shouldn't be allowed to dial the phone! Yet people are not careful.

Apple's solution is to funnel all apps through their approval process. And here the conundrum surfaces. The problem is that Apple doesn't just vette the app for security purposes, but also for its own business purposes. For example it held up the publishing of the Google Voice app for a very long time. Also Apple can enforce their terms and conditions, including things like requiring app authors to only do in-app purchasing through Apple (and pay the 30% cut to Apple).

Some would claim that Apple is behaving like a monopoly and should be sanctioned or regulated like one. However at the end of the day, you don't have to buy an iPhone (or iPad), there are other choices in the market, and I have made MY choice.

Your mileage may vary :-)

Comments: