Last week Apple unveiled the much-anticipated iPhone SDK (software development kit), which will enable software developers, such as Open Door Networks, to create and distribute applications that can run on the iPhone. We’ve been hard at work ever since evaluating that SDK, both from a security and an opportunity perspective. Our conclusion: the SDK is a bit too secure for our tastes!

Apple has done an excellent job with the SDK. So excellent that it looks like there may well be scant opportunity or need for Open Door security software on the iPhone. The two go hand-in-hand. In particular we feel (and remember, this is a very preliminary evaluation) that the SDK provides just the right tradeoff between opening the iPhone up too much (and thereby exposing it to the same set of security issues as any other Internet-connected general-purpose computer) and too little (thereby greatly limiting the potential of developers to supplement and enhance the platform).

As an example, an SDK-developed application cannot access the full iPhone (Mac OS X) file system. It can only access files that are local and relevant to it. But most iPhone applications only need this local access; anything more would introduce additional security risks. Likewise iPhone applications can not perform any operations that require what on the Mac would be called administrative access. They run pretty much in their own “sandbox,” which is fine for 95% of the potentially useful applications out there. Yes, maybe 5% of the useful applications (including ones Open Door would tend to do) may be un-writable, but the system will be 95% more secure than if those 5% were allowed. As much as we hate to admit it, this seems like a good tradeoff.

As further compensation for this 5% limitation, the SDK contains an amazing amount of functionality. Developers get easy access to almost all general (Mac OS X) operating system features, including network services such as Bonjour. We also get access to most iPhone-specific features like the multi-touch screen, accelerometers, camera, and device auto-location, and great tools such as an excellent looking Mac-based iPhone simulator and debugger. This great stuff is all the more reason that Open Door continues to look hard for an area in which we can add value via the SDK. It just might be that we need to look a bit outside our traditional security area. But who knows -- the jury is definitely still out right now. What is clear is that Apple has done an amazing job with the SDK.