Security fears may handcuff iPhone

Everybody knows that Apple Inc.'s iPhone is more than just a wireless telephone. But how much more?

That depends on software developers who are building programs that add new features to the iPhone. It also depends on Apple, which has tightly limited developers' access to the iPhone's core operating system.

"They have the one phone in the world that runs a modern operating system . . . and they won't open it up to developers," complained Ken Aspeslagh, chief engineer at Ecamm Network LLC, a Somerville company that develops software for Apple's Macintosh computers.

Apple says the limitations protect iPhone users from rogue programs that could steal data or disrupt their phone service. "Obviously, there's an important security aspect to this," said Bob Borchers, Apple's senior director of iPhone worldwide product marketing.

The iPhone's vulnerability to attack was underscored last week, when software researchers at Independent Security Evaluators in Baltimore demonstrated how an attacker could plant software on a Web page that would seize control of any iPhone that visited the page. Jake Honoroff, a security analyst for the Baltimore group, said Apple's restrictions on iPhone software are aimed at keeping such breaches to a minimum. "The less applications are running on it," Honoroff said, "the less opportunities for holes."

The iPhone is the latest thing in "smartphones" -- cellphones that also have many of the features found on full-fledged computers. Smartphones have powerful processors and complex operating systems that can support advanced programs. The most popular smartphone operating systems include Research In Motion Ltd.'s BlackBerry, Palm Inc.'s Palm, Symbian Software Ltd.'s Symbian, and Microsoft Corp.'s Windows Mobile. Each of these systems let software developers write sophisticated programs to run on the phones. Thousands of such programs have been written, many of them for specialized business applications. For example, many companies use smartphone software to let mobile employees remotely access corporate databases or e-mail systems based on Microsoft's Exchange e-mail server.

The iPhone is certainly capable of such feats. It relies on a downsized version of the powerful Mac OS X operating system that drives desktop Mac computers. Apple encourages developers to write code for OS X desktop machines, but the company has refused to provide the necessary tools and documentation for writing iPhone programs.

Instead, Apple wants programmers to write "applets" -- little pieces of code that run inside the iPhone's Safari Web browser. Programs run inside a browser have very limited access to the operating system. That means they're far less likely to cause security breaches, but it also means that such programs are far more limited in what they can do.

Still, programmers have scrambled to create applets for the iPhone. Over 100 are available, mostly free of charge, at websites like applists.com or getleaflets.com, with new applets released every day. Most are handy programs that simplify common tasks, like booking an airplane flight, checking your bank balance, or finding the nearest movie theater showing "Ratatouille." The user can bookmark the applet's Internet address, then return to it as necessary over the iPhone's wireless data network.

Some advanced software programs have Web-based interfaces so they can be run on an iPhone. NetSuite Inc., a California maker of business management software, worked with Apple to allow its customers to run their software through the iPhone's browser. "The customers that we've had who went out and bought it over the first couple of weeks have been pretty enthusiastic," said NetSuite senior product manager Malin Huffman.

But software designers agree that they'll never exploit all the iPhone's power until they can write code directly for the operating system, as they can with other smartphones. Honoroff said while Apple prevents this partly for security concerns, it also wants to prevent users from running software that could undercut its business, or that of AT&T Inc., the wireless phone company that has an exclusive deal to sell the iPhone.

For example, a fully programmable iPhone could run software to let users place voice calls over a WiFi Internet connection, rather than over AT&T's network. That could save users a lot of money, and cost AT&T a lot of revenue. "They made design decisions that protect the revenue model," Honoroff said.

As the early buzz wears off, Apple might encourage the development of more sophisticated iPhone software, to compete against its less elegant but more useful rivals. Apple's Borchers kept the door open. "We always have the ability to update the iPhone over time, with new software, et cetera," he said. "What we wanted to do is make sure we walked before we ran."

And some programmers believe Apple will relent and allow more powerful iPhone programs. "It has the capability to do so much more," said Aspeslagh. "I think Apple will allow it in time."

Hiawatha Bray can be reached at bray@globe.com.