This essay might have also been titled *The Coming Differentiation of Trust* but that seemed like a really ugly slug.
### The (In)Security of Apps
Only on rare occasions do I wander into the territory of security, a domain I consider to be almost as complex as religious experience in America, but the recent scare on the Google Martketplace as well as the ongoing furor over the slow, and often byzantine, nature of app reviews at Apple’s iTunes Store has got me thinking about where the acquisition of apps might be going in the future.
For those who are not familiar with the news story, the gist (from USAA’s own press release):
> USAA recently stopped a software developer from selling an imposter USAA application designed for use with Google’s new Android phone. The developer had posted it for sale within Google’s Android Marketplace, but USAA took immediate action and had the application removed.
The scary part, from the point of view of victims of this fraud is that it could have captured their sensitive banking data — user id, login, password, account information — without their realizing that there was anything wrong other than the app didn’t work correctly.
One possible response to this is that Apple’s App Store is better because applications there have to pass a vetting process. A number of stories — too many to link here; I leave it to my readers to search on their own — have revealed that (1) the app store reviewers are mostly looking for applications that misbehave within the context of the operating system or misbehave in terms of the content they deliver and (2) app store reviewers are incredibly overworked and prone to make mistakes as a result.
Is there an alternative to [Google’s bazaar and Apple’s cathedral][esr]? I would argue that when it comes to applications, especially those that deal with sensitive data, there is: the vendor itself. That is, the very best place for me to download an application with which to do on-line banking is from my bank itself. Why would I want to risk either downloading from an open third-party site — be it Marketplace or VersionTracker (both fine places for software to be sure but not sites that can guarantee certain levels of trustworthiness — and nor should they be in that business)? My relationship is with my bank.
I can’t help but imagine that much the same thing would be preferable for other kinds of applications as well. After all, there already exists at least one decent platform for the [on-line distribution of games][steam]. Why wouldn’t I want to use them as well for my iPhone games?
This suggestion is sure not to go over well with Apple. After all, it looks like everyone wants to be in the content distribution/delivery business. (The middle man always makes his/her money.)
But the promise of the internet was the disintermediation of middle-men. And I think we should continue to hold out that as an ideal. Buying my software and content directly from its producers means the producers get more money and could, as a result, potentially afford to sell to me for less.
At the same time, one of the things we’ve discovered during this initial foray into disintermediation is that curation is, well, it’s nice to have. Librarians add value. Middlemen, in fact, add value. They add value in the form of potentially being objective purveyors and reviewers of comparable apps that then must compete. Functionality and features increase in such an environment, where the relationship is the more complex producer-channel-consumer as opposed to the simpler producer consumer dyad — which always seems ideal.
Middlemen are bound to proliferate in some fashion as more devices — including now things like cars (see Ford’s [Sync][sync]) for example — become capable of extending their functionality through software, i.e., apps. Middlemen offer us curation and the creation of certain kinds of trust but we are going to have accept that trust must now be differentiated: apps for my car should come from my car’s manufacturer and apps having to do with banking should come from my bank.
The flip side of “get your apps a lot of places” is the dangerous nature of just how easily people will download apps from a variety of websites or will swap things with friends and family. That is, we have not yet had a disaster of such scope and significance that most Americans practice any form of safe computing. Too many people are just too ready to click on PowerPoint slideshows or go to websites found in e-mails from people they don’t know. (Hi, mom and dad, thanks for all those PowerPoint shows! Really!)
Finally, my thanks to [Jon Gruber](http://daringfireball.net/) for writing the way he does and encouraging people like me to stretch my legs a bit.