The Apple iPhone Kill Switch - Should Enterprise Developers Worry?
The recent CIO article "Apple Trips Up Enterprise iPhone Apps" by Tom Kaneshige outlined the current status -- and some concerns -- regarding Apple's Enterprise Developer program. Much was made of the "Apple Kill Switch". Since iOS can verify an app's enterprise profile certificate at some point, it is possible that an app (or a company's developer license itself) could be turned off by Apple. However, I think that this makes sense. First of all, Apple has done a good job with providing a real sense of security for apps downloaded from the iTunes App Store. Unlike mobile devices that operate in the "wild west" they curate the apps and ensure that nothing "bad" can get into a users hands (at least, not for long). There is the question of their "policies", the time it takes to approve app, etc., but the basic value that this adds from a security standpoint cannot be questioned. You don't need anti-virus software on an iPhone! Now, if Apple allowed the enterprise developer to create apps with no certificate checking, it could be easily argued that a rogue developer could let loose an iPhone/iPad app, with no way to stop the damage. An "emergency cutoff" is required. I have never heard of it being used, but I think that having the feature is responsible. And, now that Apple has opened the program to any developer (see Apple Opens iOS Developer Enterprise Program) this is probably more important than ever. There are a few minor caveats in the agreement, such as the request not using apps for certain purposes (GPS for emergency location), or excessive bandwidth use. But, I'm really not too concerned about this, and understand that Apple needs some legal protection. Here are some suggestions for Apple to make the program even better:
- Specifically explain what is or is not acceptable, and also make clear to enterprises that they are not intending to interfere in their business.
- Examine extending the 1-year limit on the profile "time to live". An enterprise should be able to get a multi-year license (3- or 5- years), and set the expiration of profiles to anything they wish within that period.
- Extend the use of the Enterprise Developer program beyond employees to include business partners. If necessary, make it clear that companies cannot create public "app stores" or sell directly, but allow them to offer apps to a clearly defined community.
Apple has great devices, and the consumerization of IT has brought these into organizations for the first time. The iOS Developer Enterprise Program is excellent, with a great SDK and support. The good news is Apple has the opportunity to improve policies to make their program even better and expand the use of iOS in the enterprise.