Tuesday, August 25, 2009

Innocent Until Proven Guilty by Joe Hewitt

I'd like to add my voice to the stream of complaints about the iPhone App Store, but before I say anything critical, I have to promise one thing. No matter how annoyed I get, I will not stop developing for Apple's platforms or using Apple's products as long as they continue to produce the best stuff on the market. I never forget how deeply Apple cares about making their users happy, and that counts more than how they treat their developers. Besides, when I have a problem with a friend, I don't threaten to boycott our friendship until they change, so I'm not going to do that to Apple either.

Having said that, I have only one major complaint with the App Store, and I can state it quite simply: the review process needs to be eliminated completely.

Does that sound scary to you, imagining a world in which any developer can just publish an app to your little touch screen computer without Apple's saintly reviewers scrubbing it of all evil first? Well, it shouldn't, because there is this thing called the World Wide Web which already works that way, and it has served millions and millions of people quite well for a long time now.

Oh, but you say that iPhone apps are different, because they run native code and can do scary things that web pages can't? Again, you're wrong, because iPhone apps are sandboxed and have scarcely any more privileges than a web app. About the only scary thing they can do outside the sandbox is access your address book, but Apple can easily fix that by requiring they ask permission first, just like they must do to track your location.

The fact is this: Apple does not have the means to perform thorough quality assurance on any app. This is up to the developer. We have our own product managers and quality assurance testers, and we are liable to our users and the courts if we do anything evil or stupid. Apple may catch a few shallow bugs in the review process, but let's face it, the real things they are looking for are not bugs, but violations of the terms of service. This is all about lawyers, not quality, and it shows that the model of Apple's justice system is guilty until proven innocent. They don't trust us, and I resent that, because the vast majority of us are trustworthy.

I shouldn't have to argue for why it is better to assume people are innocent until proven guilty. There are plenty of successful platforms out there which free developers to publish anything, but punish them if they do something harmful. This allows developers to move fast, fix bugs immediately, get feedback from users at a very low cost. Any bug that Apple finds after their two week delay would have been found by users on day one, and fixed on day two. I'd rather have a bug in the wild for one day than have an app in the review queue for two weeks.

If you think that all apps should be held prisoner by Apple until proven safe, you should also be able to convince yourself that this is how the web should work. Perhaps I am just spoiled by my many years of web development. The next time I create a web app I will probably feel a little guilty when I upload the files to my web server, knowing that I didn't have to ask the web police to review the app first to make sure I wasn't evil.

(I should probably add the disclaimer that the opinions expressed here are my own, and not my employer's.)

No comments: