Mobile security risks: carelessness

There are a lot of scary reports about mobile security risks, usually promoted by companies offering solutions to the alleged problems. Most FUD is targeted at Android because it allows apps more freedom. However most people ignore the most obvious risk: owner carelessness.

The biggest risk for any mobile device - phone, tablet or laptop - is loss or theft. And while theft is a large risk, simple carelessness is the biggest one. When we were working on mobile betting apps the biggest risk we identified was simply leaving the phone on a table in a bar while going to the toilet and friends larking about it with it.

While a number of solutions have been envisaged to stop you losing a phone, the simplest approach is to ensure that it itself is protected with a password or pin and a timeout. You may still lose the phone, but at least people can't get into it.

From an enterprise point of view it is possible to enforce security for email protocols (Microsoft Exchange does this, for example), but it is equally important for consumers. Do you really want someone picking up your phone having access to your Facebook and email?

So far I've never lost my phone - although I've had the occasional panic - but I was convinced of the need for protection a couple of years ago as the amount of information invested in my device rose above a certain threshold. I use a seven digit security code which is quick and easy to type, certainly much easier than having to re-enter passwords in each app. This is one of the basic anti-carelessness protections I've written into IT mobility policies, especially for BYOD, and recommend to everyone.

Zombie Mobiles

We're all very quick to talk about RIM disappearing, Symbian vanishing, the end of Windows Mobile, although all of these systems have made huge contributions to where we are now. In the industry we're always clamouring for new toys and usually enjoy upgrading.

But outside in the real world most people don't know what kind of phone they have, nor do they care. And for many people changing or upgrading brings fear and uncertainty to the point they would rather leave well alone and stick with it. Given that many of these devices are rather well made they can stick around for some time. Welcome to the Zombie Operating Systems that Refuse to Die.

In the world of computers this is a well known, although little discussed problem. There are people still running their businesses on Windows 95 out there storing their data on Zip drives. Some large companies still refuse to upgrade from Windows XP. There are probably people still running industrial processes with PDP-11s.

While the users of these systems are perfectly happy (at least until things break when panicked searches of eBay start), they create issues for software vendors and employers who are considering encouraging staff to use their own devices, or BYOD as it's known.

There are only two possible responses: make a huge effort to support everything with a gracefully degrading mobile internet site for those with older devices, or just tell everyone to get with the program and get something decent. I strongly favour the latter, accompanied by a recommendation and even purchase program. But you may have to go down the former route if, for example, the chairman cherishes his ancient golden Nokia 8800 too much to let it go.

This is, of course, only one of the BYOD issues. The consumer mobile app world has already voted with its revenues and moved to newer grounds. Enterprise providers may not have that option, as a key customer demands back support. More on other challenges later in the week.

Patents 2.0

Google has now spoken out about how software patents are unhelpful and the tech press is buzzing about the futility of it all. Perhaps it's time for us all to think about how to actually improve the process and provide a new framework - Patent 2.0 to use a slightly out of fashion style of name.

Before launching into that I think it's worth reminding people that until recently software could not be patented. Indeed many patent offices still do not accept software patents. The reason being that there had to be a system, production method or device being protected, not a business method or process.

It is also worth looking to two other sources of ideas. The first is the academic review process where research only counts if it has been peer reviewed and published. The ease with which people can publish material on the web has perhaps pushed that a little of sight, but the concepts are still very valid. A little bit of effort should be required before claims can be asserted. Otherwise we descend directly into politics, which is what is effectively happening in the Apple vs Samsung vs Microsoft vs Motorola vs Nokia battles.

The other is the Open Source movement, where anybody can post any piece of code they have knocked up, but only the good ones are propagated as the community will not adopt anything else.

These are both very similar - the only real difference is that the academic process is formalised and anointed by professional bodies like the IEEE and professorial status.

So how can we get Patent 2.0 working? First of all the convoluted existing system is way too complex to fix overnight. And it probably works fine for other industries - I have no idea if there are a group of pharmaceutical engineers having a similar debate - so perhaps we just need to revert to the original status of not permitted software.

Next step is to make a new, global registration service for soft concepts: software, design and perhaps other things that may come into play like music and sounds although they may be adequately covered by copyright.

This global service would be peer reviewed to ensure that prior art and really obvious stuff isn't accepted. Of course this needs some definitions. What's obvious to you and me might be rocket science to someone else so we need some objective definitions. Here are some criteria that I think help define obvious:

• Moving something (action, method, system) from one domain to another. As example, watching a video on a portable device is not an innovation from watching it on a static device.
• Incremental changes to something else that make no new contribution. As example Apple's lawyers claiming that rotating pinch zoom by 45º makes it new.
• Something that is really well known and taught in basic CS class, for example doubly-linked lists. (Thanks to Crawford Currie for the link.)
• Claims are challenged at point of registry by the peers, not "lazy evaluated" at the litigation stage, which is the current process, eliminating the vast majority of the basics.

I've been trying to come up with some kind of minimum intellectual value concept but so far not found one. Besides which I tend to feel that market competition will determine which one wins and that's probably better anyway. In a non-commercial framework this seems to work well, with many open source packages offering the same facilities but some becoming industry standards due to their quality while others fade away.

What else could we add to Patent 2.0 to make it work better than the present system?

Avoiding the negative spiral

So now Google Motorola Mobility join the patent litigation frenzy. They hadn't really been left much choice by the aggressive tactics of certain other players who think that there is a huge amount of legal fees innovation in a gesture being rotated by 45º.  Even the usual fanboi trolls on techcrunch kept quiet about that.

So just as Seth Godin is talking his usual good sense about avoiding the race to the bottom we see exactly that happening to the protection of intellectual property.

For those who have no experience of dealing with patents, the process is very long and very expensive. In order to have effective protection you need to cover at the very least in Europe and the US as well as any market in which your product can be expected to make an impact.

While some patent offices will rely on other ones for approval, each one still requires separate applications and usual local agents. But that's assuming you get as far as having some kind of acceptable filing - and that's likely to take years and many thousands of £/$/€.

You also have to go through an interminable and disconnected process of review against prior art which includes huge numbers of patent applications to which you have no access at the time of submission. And many of these are astoundingly broad and often meaningless. And the broader and more meaningless they are you can be sure that the authors are from larger corporations. Unlike startups where filing patents is an investor-driven distraction, these companies have whole departments of lawyers who are paid to argue with the examiners about minutiae which your or I would ignore as being absolutely obvious. Read some existing patents alongside the examiner's response to your own work and you'll wonder whether there are two sets of standards being applied: one for big companies and one for the rest of us.

Clearly this is not right. We need to change the whole way intelectual property is protected, streamlined for an efficient workflow, accessible to everyone, and with a minimum level of genuine originality.

Patent nonsense

Scan by Bart Solenthaler

I've written six software patent applications and read hundreds more. Generally they are difficult to understand, generic, and written in an arcane jargon that borders on steampunk in its delight of Victorian language. While it might work for mechanical systems and processes, I would argue, is not a good way to describe algorithms or software concepts.

Not that the real subject of this piece is about anything as complex as that. It's been well summed up as being about rectangles. I am referring, of course, to the Apple vs Samsung patents case.

Anybody with even a basic knowledge of computer history will know that Apple basically borrowed the whole Macintosh look and feel from Xerox PARC research. And then claimed they invented it and tried to prevent anybody else from using it. Unsuccessfully, thankfully.

Now the battle is over the rather boring square shape of phones and tablets, as well as some simple but powerful software concepts around touch screen usage. It would seem that a surprising number of people think Apple invented the touch screen phone, which is not true. The first one we had as a test device was the Sony Ericsson P800, which was launched in 2002 and had such obvious things are tapping numbers and emails to activate them.  The keyboard folded down to expose a much larger screen, or could be completely removed for those who had escaped candybar land.

My experience of the US Patent Office in particular was that even complex and genuinely original algorithmic concepts came back with an examiner's comment to the effect that it was obvious. So how come Apple's attorneys can get really obvious stuff, like making a tablet, well, rectangular accepted as a patent? This is what I don't understand. Nor can I understand some academics supporting claims of obvious things like one-figure scrolling with the P800 had in its browser years before Apple even made phones.

But the real concern is the impact on free thought, innovation and progress. Not to mention intellectual honesty and a desire to push the industry forwards.

I think it's time for Patent 2.0, but that's the subject of another post.

Start, stop, smooth

I've just come back from holiday where I was driving a rental Peugeot 308 Eco which had an interesting feature: it automatically cuts the engine when it isn't in use. At traffic lights or junctions the engine simple turns off. At first I thought there was a problem with the car and turned the ignition key to start it again, but after a couple of tries I discovered that it started itself instantly when I pushed in the clutch and engaged a gear.

Timing was essential and for the first couple of days the car and I didn't quite synchronise, resulting in it beeping plaintively at me to push the clutch back in and let the engine start. Once this little dance had been worked out between us it was much smoother than I had expected.

Smoothness is absolutely essential in user interface design and all too many people rushing into the mobile and web app space don't seem to understand this. While Peugeot's engineering team probably didn't think in terms of user experience, they knew that if the eco mode on/off function wasn't blended into normal driving nobody would use it no matter how much fuel it saved.

Another example from the world of cars it the Toyota Prius, which shifts from battery to petrol engine without the driver being aware of the change. Without the animated dashboard display the occupants of the car would be completely unaware of what was powering the vehicle as it is incredibly smooth.

UX designers should reflect on this. Perhaps they are used to using delay-free, lossless local connections. Perhaps they only work on pretty Photoshop comps and don't think about the actual interaction. Whatever it is, it's a pain and will hold up adoption by normal folks.

At a design level, think dynamic from day one and ensure that delays are packed together in natural points. From an engineering point of view, pipeline data downloads while users are reading the last so that their next move is instant. You can almost always predict the most likely action, if they do something other than the obvious next step then they'll expect a delay. Delays break focus and are likely to cause people to click away or sigh and fire up another app that is more responsive.

Fruits of machine vision

Visual search is often touted as being a way to get consumers to research products online while in a store. Moral issues aside, this has never appealed much to me as a model as I reckon that the immediate gratification outweighs any price benefit. However I've now seen a different use of visual product recognition that was stunningly good.

While buying holiday supplies in Carrefour TNL in Nice, I was rather surprised to find that there were no queues at the fuit and veg scales. For those unfamiliar with the process, you have to weigh the produce yourself before heading for the checkouts. Normally this involves a lengthly hunt through the user interface for whatever you were buying, leading to lines building up.

First thing I weighted were green beans - boom, no sooner had I put the bag of beans on the scales than the display offered me green beans as first choice! Next was a bag of flat peaches - again, that was the first choice offered.

Curiosity raised, I looked underneath the screen, and sure enough there is a camera focussed on the scale pan. Clearly there is some very nice software behind the camera as recognising flat peaches through a translucent plastic bag is impressive.

But my next purchase foxed it. The system was unable to identify six Royal Gala apples. Not surprising since they could have been one of several red apple variants all about the same EU-regulated size, but shows there is some way to go. I was taken back to the default menu to hunt through several screens of different types of fruit.

Despite that limitation, I am still deeply impressed by the practicality of the system and the smartness of recognising odd-shaped items through a translucent material. From a retail perspective it is a big step forward towards the holy grail of increasing throughput.