The analogy between cars and operating systems is not half bad, and so let me run with it for a moment [. …] Customers come to this crossroads in throngs, day and night. Ninety percent of them go straight to the biggest dealership and buy station wagons or off-road vehicles. They do not even look at the other dealerships. –Neal Stephenson, In the Beginning…Was the Command Line
I am a child of the late-90s and early-2000s.
I remember when things like computers still weren’t as ubiquitous as they are now. I remember dial-up, young’uns. Those who understand this old world know that one of the things that cropped up quite often was proprietary software and hardware. To paraphrase Neal Stephenson, the computer industry was much like the car industry, with a few large players and a bunch of no-names running around. Most people, and there were few exceptions, bought the from the big names like Microsoft. On occasion, when someone had money, they bought an Apple device with its own proprietary software. Much like cars, people stuck with what was familiar or easy to buy, understand, and get working out the box the fastest.
In the early 2000s, the computer software industry was dominated by the likes of Microsoft, with Apple coming, fairly far behind, offering expensive, and to use Neal Stephenson’s language, hermetically sealed software packages that made it fairly hard to understand what was going on underneath the hood.
This changed, I believe, with the rise of iPhone and Android phones, the steady increase in cheap computing power and electronics miniaturization, and, of course, the ubiquity of faster Internet connections. This confluence of technological progress created a rather unique period in consumer electronics and software history.
iPhones offered a unique proposition to consumers, albeit it wasn’t a new proposition, just something uniquely packaged and hawked by Apple. Apple offered consumers a lifestyle change, something that went beyond the squarish business types and their smartphones complete with Windows or some unusual proprietary operating system. Apple offered people a chance to buy cool, but it came at a price. You had to agree to some rather unusual “Terms and Conditions,” you had to download Apps from Apple’s store, and, more importantly, you had to dish out some serious cash to pay for it. The iPhone, like any technology of our age, came with strings attached.
A few months after the original iPhone began going on sale, the first Android phone came out. Thus, began the duopoly (see infographic above) of iOS and Android, dominating the smartphone market. And, again, Neal Stephenson’s apt analogy of operating systems mirror the car industry could be seen being played out in front of our eyes. However, interesting enough, the smartphone operating system industry, as of 2018, has been dominated by open-source software: Android. If we take Statista’s infographic (see above) seriously, we find that Android dominates the market with nearly eighty percent of phones shipped and used today. While Apple’s proprietary software still dominates around fifteen percent of the market, the dominance of Android is quite perplexing and offers a rather interesting case study for those looking at the future of design, development, and adoption of technology, including software.
Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. —Former Microsoft CEO Steve Ballmer (2001)
From the looks of it, the future is open-source. It is my argument here that open-source software is a sort of Pandora’s Box, one in which, if opened, could (very well) bring about unintended consequences. These consequences could be issues pertaining to security, privacy, and crime. However, I am not taking the alarmist route by saying, “Open-source is going to be the scourge of humanity and civilized society.” Instead, I want to make clear that open-source could offer interesting challenges and opportunities we haven’t considered yet. The future is open-source, but how we prepare and handle this future could mean the difference between a software apocalypse and a techno-utopian landscape.
I am a lazy person, which is why I like open source, for other people to do work for me. — Linus Torvalds
Security and Its Discontents.
One of the features that makes Apple’s iOS somewhat secure is Apple’s mixture of “security through obscurity” and an iron grip on what can and cannot be in Apple’s App Store. The problem with Android is that the App Store is a minefield for spam, malicious software, and, of course, insecurity. This makes it nearly impossible to truly (and fully) trust the software on Android phones. (With that said, I’m not saying Apple is much better, but they do have a few things going for them. More on that later.)
Another issue that comes that puts Android at a disadvantage is the lack of centralized security updates. Apple’s updates, albeit a real shitshow as a late, are far superior to anything put forth by Android. Android has numerous versions running across the globe. As an Apple user, all my devices, including my iPad, my iPhone, and my MacBook, are always running up-to-date software. Why? Blame it on Apple’s need to maintain some semblance of order over the chaos. This provides Apple devices with an added measure of security, security that Android devices lack out of the box.
How do we solve this issue?
The question above is a good deal more complicated than we might like. Some blockchain-enthusiasts suggest we can secure future smartphone operating systems using blockchain. (For those looking for an interesting read on blockchain technology, consider reading Wired’s blockchain reference piece.) Others have suggested that Google needs to take hold of the reigns and find some amicable solution to the security update apocalypse facing the Android operating system. Still others, including myself, believe that Android can find an innovative solution that ensures democratization and safety from malicious software, spam, etc.
The approach I see pertains to the design of Android. Security needs to be priority one. In other words, Android needs to be developed as a secure platform from the beginning. This is difficult, as the number of users operating on Android and the parties interested in cracking open Android using various security flaws are growing each year. Thus, Android needs to consider approaching security in innovative ways.
Using blockchain technology, or something similar, Android could force updates, especially critical security updates, in a way that is both secure and public in nature. The blockchain ledger could be used by the phone’s OS to ensure the security and validity of the updates. More importantly, blockchain could offer a sort of secure layer for payment systems on Android phones that are constantly under attack by governments and even criminal organizations. Further, blockchain-like ledgers could offer security in the form of whitelisted software, OS versions, etc.
To ensure security, organizations like Google could offer serious rewards for zero-day exploits and unpatched areas requiring serious security updates. This would ensure some security flaws are turned over to those working on Android’s security. To add to this, it would also require that Google, and other organizations, take Android security seriously and maintain transparency about exploits and fixes for said exploits.
Another way to secure Android would be to start taking the complaints seriously when it comes to Android’s App Store. These security flaws could be mitigated if Google took a firmer stance against software that acted maliciously. Another way to approach security here would be to bypass the Google-dominated app store and offer more secure alternatives by third parties that have taken security more seriously than Google has in recent years.
Privacy: I Have Nothing to Hide, Why Should I Care?
With security comes the issue of privacy. Following the Snowden leaks, many Americans (and people worldwide) became nihilistic in the face of privacy and security. The old argument, “I have nothing to hide, so why should I care?” cropped up over (and over). Privacy needs to be another design consideration when developing the future, particularly the open-source future.
Again, this is where Apple shines — to a point. The company has made it a point to secure user information from third parties and even government agencies. Android doesn’t have this kind of support from Google, and there are few, if any guarantees, concerning real privacy shared by Android users. Instead, Android, much like many Americans following the Snowden leaks, is facing a sort of privacy nihilism. This needs to stop.
In an age where private matters, conversations, etc. can become political fodder, there is a need to secure user privacy so that it isn’t ripped from its original context and weaponized by governments, corporations, or criminal organizations. Again, this is where a sort of decentralized security feature could ensure the safety of privacy. Android could adopt more secure hardware and software mechanisms to ensure privacy is still available to its users.
In Apple, iPhones are armed with hardware that ensures secure encryption, allowing for private information to be somewhat secure. Why not go this route for Android? Why can’t Android force certain hardware requirements? To say that Apple or any company has total security and privacy is bogus, but we can try to push software and hardware packages closer to this ideal. Android must look at itself and ask, “What will allow for democratization and ensure security and privacy for Android users?” The answer to democratization might not be in hardware but, rather, in the realm of software. Android could secure user privacy by offering better crypto and the ability to completely wipe one’s data out of existence. This would, probably, mean distancing itself from Google and other corporate interests. Android, most likely, needs to be an independent and self-sufficient entity, one that secures its own future and doesn’t rely on the whims of tech giants like Google.
Crime: Just the Facts, Ma’am.
Criminal enterprises are appreciative of open-source operating systems like Android, with millions of vulnerable devices saturating the marketplace. However, they aren’t the only ones, as government agencies are appreciative as well for the numerous security flaws in Android. However, Android doesn’t have to be synonymous with security flaws and privacy violations. Instead, Android could secure itself to ensure that it doesn’t become a safe haven for criminal enterprises and government surveillance programs. Android could, very well, become synonymous with security and privacy, but it needs to take drastic steps. These might include distancing itself from Google, allowing for real competition with Google’s Android app store, and, more importantly, embracing innovative technologies that secure the OS and user privacy.
There is no doubt that open-source is the future, especially when it comes to software for smartphones. However, to ensure this future doesn’t turn ugly and land us in a dystopian hellscape, we need to reconsider how we design open-source software like Android. Moreover, we need to make security and privacy a priority when it comes to the design of future open-source operating systems. We live in interesting times, when open-source software can compete (and compete well) against proprietary operating systems like iOS and Windows. The future will be a brighter place if operating systems like Android avoid the nihilism that has taken hold of many users and organizations. Moreover, open-source smartphone operating systems can, like their desktop and server siblings, become synonymous with security.
Open-source software like Android has opened a Pandora’s Box, one in which opportunities and challenges have leaked out into the world, never to return to their previous confinement. We can either act and ensure open-source remains a staple of the future, or we can stand here, doing nothing, and ensure that users have no choice but to return to hermetically sealed proprietary software.
If you found value in this article/essay, consider joining the conversation below and/or write a response to this article/essay. I’d love to see what you have to say.