Saturday 19 July 2008

iPhone 2.0

The big tech story of the last couple of weeks has been Apple’s release of the iPhone 3G and the accompanying upgrade of the iPhone OS to V2.0. I haven’t had a chance to compare the new hardware with my existing 1.0 iPhone but there are only a handful of differences and none that are compelling for me, yet at any rate.

The 2.0 OS upgrade is a very different matter. The changes are significant and bring huge improvements to the platform – there are still some rough edges to be honest but the iPhone \ iPod Touch can actually now truthfully claim to be a computing platform, rather than just a (very) pretty phone or mp3 player with a good web browser.

For me there have been two significant changes that made the upgrade to 2.0 an absolute must.

3rd Party App Support. Apple are determined to stick to their walled garden model and the initial big bang launch of the App Store in iTunes had a lot of issues, especially for those of not in the US. They seem to have got a handle on things over the last few days and now that the most serious teething problems have been sorted the upside of Apple’s approach is pretty clear. Finding and deploying applications is simple enough for almost anyone to use. iTunes on either a Mac or PC provides an interface that any iTunes music store user will be instantly comfortable with and the 2.0 firmware comes with a built in App store browser that is even easier to use. The quality of the apps so far has been mostly average but the process works well, is easy for users and will hopefully provide a solid platform for third party developers to use for both commercial and free apps.

Exchange Push Mail Support. Exchange mail now works and is simple to set up (provided you or your company have already configured your Exchange Service for Push Mail support). Even better Apple provide an iPhone Profile generator for both Mac and PC platforms that allows anyone to package an entire phone configuration (including Certificates, Exchange Server Setup, WiFi profiles (including 802.1x security options), VPN and device access (PIN) policies) into a compact XML file that can be distributed to users’ iPhones either via e-Mail or from a web site. As a configuration process it is very similar to the WAP\OMA DM Provisioning protocol that I’ve used in the past to provision Windows Mobile devices but the device side integration is much tighter. The end result makes it very simple for small to medium sized business to deal with limited iPhone deployments with the out of the box Profile generator provided but larger organizations are likely to want to build their own as the protocol is pretty easily to automate. Using the documentation provided by Apple I was able to build sample configuration profiles myself and the process could easily be integrated into the sort of authorization and approval processes that larger or more security conscious organizations require. Remote device wipe is supported and can be user initiated via Outlook Web Access in the same way that is used for Windows Mobile remote wipe.

From a usability perspective the iPhone Exchange Push mail implementation is pretty good in terms of  performance – like Windows Mobile devices it tends to receive inbound mail slightly faster than my Notebook’s Outlook client but the difference is only a fraction of a second. Battery life when Push Mail is enabled seems to be poorer but I still manage to get a working day from my phone – then again I don’t use it as a phone a lot at the moment so a busy user would probably struggle to get a full day from it. Calendar integration works but the features are basic and the UI lacks an option for a week view which I find particularly annoying. The big problem area for me is Contacts – on first syncing with Exchange the iPhone deletes all of your current contacts, without warning. I shit thee not as they say in the movies, had I not read about this in advance I might actually have lost all my contacts as I hadn’t backed up my contacts to my PC since I last rebuilt it and I would have been seriously annoyed had that happened. It’s a very odd problem as both Calendar and Mail both support multiple accounts so failing to provide the same multiple identity capability for something as important as Contacts on a phone is a major disappointment. At least they managed to integrate GAL right off the bat – that was a glaring gap in Microsoft’s own initial Push Mail offering with WM5. Other significant Outlook features that are not supported (for now) are: Folder management, opening embedded links to Sharepoint hosted documents, task synchronization, managing “Out of Office” settings, creating meeting requests and flagging mails for follow up.

One serious complaint that I have about the iPhone’s rev 1 Enterprise feature set is the nature of the support for client side x.509 certificates. The provisioning XML protocol allows administrators to embed full Certificate/Key files so it is possible to deploy full client authentication certificates however that’s a very poor model for secure Enterprise certificate deployment. Ideally one wants client side certificates to be generated using a secure requesting protocol ( PKCS#10 ) that keeps the private keys on the device and submits the request to the CA which can then authenticate the request and then return the (public) Certificate back to the device (in PKCS#7 format) where it is linked to the keys.  This type of certificate deployment (or enrollment if you prefer) avoids the security nightmare that goes hand in hand with deploying full credentials in easily copied files. As it stands I can’t see that any organization that cared about security enough to want to use certificates for client authentication would choose to use this deployment mechanism for any significant volume. I’m quite surprised about this but I'm hoping that the reasoning was that this helps small outfits solve the problem of deploying certificates easily while there are better options available within the iPhone SDK that will allow serious Enterprise customers to build a proper certificate enroller.