Feeds

Orange pushes for ‘pocket money’ SPV cert costs

'$10-20'...

  • alert
  • submit to reddit

Security for virtualized datacentres

Orange is pushing to cut smartphone application certification costs to "pocket money" levels, and having opened the gates for small developers by providing an unlock/lock procedure for the SPV (Unlocks all round! Orange frees SPV developers), it does not propose to slam them shut again.

The company didn't make any clear statement of terms and conditions when it introduced the 'official' handset unlocking process, apart from saying it was intended for developers, but speaking to The Register earlier this week Orange VP Nick Balderson provided one. Orange will take the view that you can unlock your handset if you want, and that there's nothing it can do about it. This means that even in the case of the scenario we put to him, whereby a developer distributed 'unofficial' apps to run on unlocked handsets, outside of the Orange-approved route, Orange would take no action. The company does say that it won't give support on unlocked phones, but that seems relatively reasonable.

The locking process is intended to ensure that only certified apps will run on the SPV. This allows Orange's business customers a measure of control over what their employees can run, and also allows Orange to protect itself against network crashing/threatening apps. However as anybody who wanted to launch an attack on the network could just unlock their handset first using one of the unofficial mechanisms, locking is a mainly about having the ability to revoke a bad app quickly, therefore reducing the damage it can cause. Balderson notes also that the position as regards locking is slightly different in France, where he says it's a legal requirement that Orange offer users the choice of locked or unlocked.

Orange is therefore not particularly religious about locking, but by choosing locked as its preferred shipping default, it has presented itself with another problem to tackle - app certification cost. Verisign, according to Orange, currently charges $595 for 75 'events' (an event here is an exe or DLL, so an app would consist of a minimum two events), and although this might come down to reasonable levels if you were able to split it across a number of apps, small developers and or enthusiasts producing just one small app aren't likely to be impressed or lured. Balderson reckons the rate ought to be $10-20, says Microsoft sets the level, and that Orange is lobbying to bring the prices down.

The Register, incidentally, is impressed by Orange's attempt to turn itself into the developer's friend, and feels we should all encourage the process while observing it closely, just in case. But Microsoft's fault? We asked again, he said he thought so, but maybe we should check with Microsoft. So we did.

Microsoft's view, naturally, is that it is for the companies providing the certificates to determine their prices, and that this is nothing to do with Microsoft. OK, so do you think the prices are too high? "It isn't really a big barrier to entry." Even for people who might want to do shareware, or give apps away for free? "I think there are other ways to remove these barriers." So you think price levels are fine, and you're not joining Orange in trying to get them down?

Well no, Microsoft isn't prepared to say that categorically either, because someone, somewhere might be up to something. It does however seem reasonable to read all this as meaning that as far as the company's Mobile Devices Division is concerned, the status quo is just fine. And maybe you could therefore read it as being to some extent Microsoft's fault; small developers who can't or won't pay $600 aren't going to be particularly good business for Microsoft, they quite likely won't be 'serious,' and practically none of them will make a significant impact on the platform. We certainly got the impression that Microsoft felt that anybody who couldn't afford the tab wasn't serious, so go figure, and consider the possibility that Orange and Microsoft are not exactly lined up together on this.

Orange, incidentally, confirmed that it will be releasing version 1.5 of the SPV software "in April," so it's possibly there already, although it wasn't earlier today. The prior version is 1.35, which Orange says 85-90 per cent of users downloaded. ®

Related stories:
MS smartphones: Pope Juha marshalls his divisions

Protecting against web application threats using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Turnbull: NBN won't turn your town into Silicon Valley
'People have been brainwashed to believe that their world will be changed forever if they get FTTP'
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.