Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

PhoneGap toolkits tame mobile app development

Peter Wayner | Jan. 16, 2014
The very first road to the various app stores from Apple and Google was paved with native code. If you wanted to write for iOS, you learned Objective-C. If you wanted to tackle Android, Java was the only way. Similar issues popped up with all the other smaller players in the smartphone market.

Of course you can do all this yourself. You can fire up Xcode, Android Studio, or the tools for the other smartphones and create each on your own. PhoneGap is really six or more projects for different platforms that all implement more or less the same API. Your code should come close to running the same on all the machines, although issues often arise due to differences in hardware.

After building apps for the iPhone and Android, I can recommend the build process. Just downloading all the tools takes a long time. The job of building code has migrated to the Web, and Adobe is offering one of the first concrete and compelling tools. You put in one chunk of code for your browser and out come six different apps that run on six different platforms. That's amazing.

Though the entire process takes plenty of weight off our shoulders, it is neither as simple nor as perfect as it could be. The platforms have plenty of details that need to be filled out endlessly. The documentation, while good, can't begin to offer enough detail for every possibility.

One of the trickier issues involves creating the digital signature. Apple, Android, and BlackBerry all ask the developer to "sign" the code, essentially acting like the signature an artist applies to a masterpiece or the President creates during a fancy signing ceremony in the Rose Garden. While there's always a big gap between the symbolism and reality, there's no doubt of the legal and emotional power behind the digital signature.

Adobe asks you to upload the private keys and the passwords to its cloud. This may appear as a service, but it gives Adobe the power to create anything it wants and distribute it any way it likes. Would the company act upon this power? I'm sure the public answer approximates the word "never," but who knows about others poking around Adobe's infrastructure? What if Adobe employs someone like Ed Snowden with the ability to read files at will and impersonate others? That person could create extra apps and distribute them easily.

Adobe is not alone here. You court this potential security hole with AppGyver and Icenium as well, and in any case you can work around it. Last week I had to sign a new app, and the safest way was for me to download the complete source code, build it from scratch, then let Apple's built-in signing tool handle it automatically. The mathematics don't require a cloud of servers. Anyone can sign any digital file with the algorithms. But using Apple's tool seems to be the safest path through the system.

 

Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.