There was a story which surfaced yesterday about vulnerabilities exposed in a wide swath of Android apps.  SMobile Systems conducted research in the Android app space and found that some 20% of the apps allow third-party apps to gain access to sensitive or private information.

It would be easy to dismiss this article by pointing out that by simply downloading an app, a customer is making a explicit allowance to an app to access data on the phone.  What I found troubling about the findings wasn’t necessarily the point about access to the data, but rather that, 5% of the apps surveyed could make calls and 2% could send premium SMS messages.  Talk about a surprise cell phone bill.

The key word in the above statements, however, is “could.’”  Yes, customers make the decision to download those apps, but they have no way of knowing with certainty what those apps are doing behind the scenes.  UPDATE: Ben points out below that the customer us warned of all the APIs used, which is true, but they aren’t told *how* they are used.

Further, because of the multi-tasking architecture of Android, the apps have the potential to be doing a bunch of bad things in the background when the phone is not in use.

Google has been quick to point out that the architecture of Android would limit what actual damage one of these apps could do, but that’s really not the point.  What is being lost in this discussion is that there is no curation of the Android marketplace.  For all the grumbling and grousing about the Apple AppStore, their review process would likely catch these abuses.  There is no such level of certification for the Android marketplace.  Customers don’t want to think about needing anti-spyware software for their phone, as the article implies is one solution for Android.

The Windows Phone Marketplace certainly believes in the curation model, and we have placed user security as a top priority.  This is one of the main reasons that we have our app certification process, and why (UDPATE: “at least in version 1”) apps are run in sandboxes, with no access to any data other than its own isolated storage, or the ability to communicate with other apps.  UPDATE: The goal is to ensure that absolute best customer experience when using their phone.

UDPATE 6/25/10

I’m not one who believes in conspiracy theories or anything, but I do find the timing of this announcement from Google that they can remotely wipe apps from phones a bit curious.  I have to go do some digging, but I’d be interested to know if the Android developer agreement has specificity about what would constitute grounds for a remote wipe.

Inspired by the always entertaining Mike Klucher, I snapped this pic of my own avatar on my daily use Windows Phone 7.  He talks about the very way I felt when my avatar showed up on my phone this week.  It made me smile.  I even went into the XBox Marketplace to change around some clothing options to see how long before it appeared on my phone.  I was not disappointed.

I also felt great sadness because my achievements were so dated.  Not that the system wasn’t working.  No,no.  This was a stark reminder that I haven’t been playing nearly as much XBox as I should be!!  So, off to GameStop I went and picked up my copy of Red Dead Redemption.  I very much plan to use the “hey, it’s Father’s Day” excuse all weekend long.

Well, there’s an old adage that you should be careful what you ask for because you might just get it.  The avalanche of emails and phone calls looking for developer devices was a welcome development.  There are some out there who think that we might as well pack it in on this whole mobile thing.  Developers, however, know better.  New markets == new opportunities for big ideas to break through.

I personally have seen, erm, a surge in the amount of email I get on a daily basis, thanks in no small part to Long Zheng.  I love that there are so many developers with so many great ideas wanting to get phones, and I particularly love all the electrons being harmed to fill my inbox.  My email is the one that’s out there [brwatson (at) microsoft], but there’s a whole team of evangelists who will be getting the phones to developers.  I’m just acting as a switch, and have been fortunate enough to be something of a public face.  We’re still working on the specific plan details for devices going out next month, but we wanted to lay out some principles for how we are going to actually get phones in developers’ hands, as well as what we are hearing from developers.

First, we are going to prioritize for apps being built by large and small teams, which represent some pretty big ideas, specifically targeting the launch timeframe.  At Mix10 we showed a pretty long list of partners, and we have continued to add to that over the last few months.  Second, as some of you may have heard, we are getting phones to our existing published Windows Phone Marketplace ISVs.  There’s several thousand apps and companies who are part of the 6.x marketplace, and we want to help jump start their transition to Windows Phone 7.  Finally, we are prioritizing for those committed developers who are building apps for Windows Phone 7 and sharing their knowledge about Silverlight, XNA and Windows Phone 7.

Read the rest of this entry »

It’s been an interesting handful of weeks.  I’ve been spending a lot of time in the field with our country managers as we get ready for the coming launch of Windows Phone 7.  That’s a post for another day.

I’m here at TechEd, and there’s a lot of talk about Windows Phone 7 devices and when they are going to be made available.  One cool thing that the team is doing is handing out coupons to event attendees redeemable for general availability devices when they start shipping.  We’re only handing out around 50 or so of these coupons, so it’s definitely not a broad distribution.  It’s meant for people who are attending sessions or wearing Windows Phone hats around the show floor.

Developer devices are also on everyone’s lips.  During the Windows Phone session yesterday, Terry Myerson (he runs engineering for Windows Phone 7) stated that we will start putting phones into select developers’ hands next month.  That’s exciting stuff.  Obviously we’re starting with the developers who have invested in the Silverlight and .NET platforms, registered at Windows Phone Marketplace and have begun building apps with the Windows Phones Developer Tools.  Specifics of the programs are TBD, but we are going to want to get phones into large ISV hands, small team hands…you name it.  We’re definitely not going to carpet bomb phones; we want to get maximum leverage for our phone distribution to developers.

Stay tuned, and go download the developer tools.  If you need inspiration about what amazing apps you can build, check out this post from Anand about the Imagine Cup winners.  And if you want to show some gumption and reach out to me directly, have at it.