Data Security, Network Security

A Change Would do you Good

By Katherine Teitler

Apple to offer a SDK for Siri; developers and consumers win

Apple’s highly guarded and stringent software development process may start to chill out this summer, according to a report in The Information. The company is well known for its rigorous development practices, which helped it climb to the top of security practitioners’ lists as the platform of choice when selecting smartphones and mobile devices in recent years.

Apple’s secure coding practices are a thing of envy, but the development lifecycle has also meant that innovation has been stifled somewhat, opening the door for Google, Amazon, and even Microsoft to swoop in with consumer-pleasing offerings like Echo, Google Home, and  Cortana. iOS device sales have started to slip in recent months as consumers flock to concierge-like functionality.

In an effort to ward off “BlackBerry Syndrome,” Apple is reportedly ready to take the bold move of opening up its platform and offering a Siri software development kit (SDK) that can be used by external software developers. In the past, only a select few app developers had a way to integrate their apps with Siri, which meant that the best Siri could do with a voice prompt was pull up some search results on a user’s device. Even this capability was ground-breaking a few years ago, but other, more open platforms have transformed from voice-activated searching to “digital assistant” services, which results in fewer clicks and more convenience for users. One spoken sentence and a user has bought a new pair of shoes or booked a vacation; no additional steps necessary. As one article put it: A first-world problem, for sure. But here we are in the first-world and watching new products come to market and transform how we conduct daily business.

By focusing on innovation and opening up its APIs to developers, Apple is also exposing itself to more risk; that’s been the argument against Android in the security community for a long while. Any developer can submit an app to the Google app store, which means that development flaws sometimes slip through the cracks. Will opening up its platform to developers, even through a clearly defined SDK, mean more vulnerabilities in Siri? “It does introduce new attack landscapes that haven’t been there before,” writes David Kennedy, Founder and Principle Consultant of TrustedSec. He continues, “Exposing certain functionality brings a whole new line of apps that can be developed,” which is obviously positive. Companies that don’t innovate stagnate then die, and in the smart device world it’s clear that the most convenient, user-friendly interfaces are attracting consumers.

Consumers generally are less worried about information security than they are their own ease of use (until their information is breached, but even then consumers are fairly forgiving), which is why other companies have been able to garner market share. Apple is seemingly willing to cut a little slack on the security side to gain more customers. Even with the SDK, Apple will have less control over non-Apple developers, which means greater numbers of vulnerabilities. Kennedy believes that the Apple-issued SDK will help developers stay within the bounds of Apple’s robust development guidelines, but with more developers and more apps to vet, it’s likely that the attack surface will grow and we’ll start to see more exploits.

Time will reveal Apple’s ability to force developers to play inside the sandbox. Since the SDK has yet to be released, security experts or developers aren’t able to comment on its rigidity. One indirect benefit the market may start to see is better SDLC practices in the community as a whole. In the past, developers had to work for Apple to learn the company’s processes; now developers will be able to learn some of those industry-leading practices for a nominal fee.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.