Android: Open systems need responsibility

Edit: The original article (below) was unclear that I’m mainly talking about rooting techniques, custom ROMs, and modifications. This isn’t about applications, which are certainly somewhat under control. Even in the ROM world, there’s some good stuff happening with, e.g., ROM Manager, and well-known brands like Cyanogen. But at the same time, most people who’ve rooted their phones or installed custom mods have been told at some point to go download something from mediafire.com or a link from xda-developers, and install it on their phones.

I have a strong suspicion that Google’s Android operating system is ripe for a huge catastrophe in the near future. This post is about where it will probably come from, why it will happen, and how we can all manage to avoid being a victim when it happens.

Android: The Open System

Despite all the false debates drummed up by people with financial incentives otherwise, everyone knows that Android is an open system. The source code to the operating system is publicly available, multiple independent teams maintain their own forks of that code, a fair chunk of Android phone users are using custom ROMs. In the application space, Android apps tend to be free, are often written by individuals or small groups, and there are plenty of open source libraries and apps. It’s hard not to admit that’s an open software ecosystem in action.

Of course, that’s great. It means that a lot more options, and often a lot higher quality software, are available to Android users than if they had to rely entirely on a single organization to produce its masterpiece. It’s messy, too; certainly there is poor quality software released for Android, and there’s more sorting through the options versus a tightly controlled proprietary system; but that’s to be expected. Perhaps we can find better ways to sort through and find the best software out there, but that’s not the point of this article. Freedom is a good thing.

We have a problem, though.

A Tale of Two Communities

Back outside the smartphone/tablet space, in the 1990s long before such devices were around, there were two very different communities of people sharing code. On the one hand, we had the free software movement (later rebranded “open source” by Raymond). On the other hand, we had the Windows “freeware” community. The two groups both tended to share computer programs, mostly for free. But beyond that, they couldn’t have been more different.

The Free Software / Open Source Community:

The running assumption is that everyone can read code.

Everything is source code; indeed, sometimes pre-compiled versions are not available.

Users take care to become acquainted with the technology involved.

People take trust seriously. People know each other, and work together.

Software is frequently downloaded from the official web site of that software project.

Packaging and bundling handled by well-known groups working transparently with documented processes.

The Windows Freeware Community:

People who understand code are considered an anomaly.

Compiled executables are shared people who are paranoid about their source code.

Users often download and install things they don’t understand.

Anyone who can write code is worshiped, regardless of reputation or character.

Software is often distributed by links in web forums, or file sharing web sites (with lots of popup ads).

Random people repost software without mention of its source or author.

Predictably, the results were quite different. The open source community exploded, and still today produces high quality software and makes people’s lives better. By contrast, “freeware” was responsible for the widespread distribution of viruses, adware, and trojan horses, and likely single-handedly keeps the predatory “anti-virus” industry alive. Reasonable people never install “freeware” on their computers, and even people who want to repeat its mistakes know enough to avoid the word.

A Choice for Android

Which of these communities looks most like today’s Android world? It depends on where you look, but it appears depressingly like a huge chunk of the Android community is following the freeware path. Android is fairly new, but it’s already been demonstrated that viruses are in the works for the future, and as people rely more and more on smart phones for sensitive information like financial data, this looks likely to grow.

What can we do? Mostly, pay attention. And for goodness sake, quit the worship for “devs”. Yes, some people are skilled at software development and make cool things. But they aren’t all good people. Indeed, when someone is rude and disrespectful and changes your phone splash screen to a picture of someone peeing just for fun, we are better off as an Android community if that person weren’t writing software, or if they are ignored. Just because something is done for free doesn’t mean the community should settle for crap. We’ve sort of figured this out in terms of code quality, but we still need to learn this lesson with regard to someone’s relationship with the rest of the community, as well.

We should also start being distrustful of software that’s only available at some link from a web forum, or that was posted anonymously to a file sharing site. Someone with pride in their code can find a real official web site to host it from. It’s not as if there aren’t plenty of free options. Sure, there are good people who are not doing that just because the community norm points the other way… most software posted to XDA is not malware, and does what it claims to do. But it’s difficult to build trust when software is posted anonymously to mediafire.com, and pointed from some link on a forum that might disappear tomorrow.

We still have a choice, at this point, whether Android will be a vibrant new platform for open software, or the freeware blight of tomorrow. I hope we make the choice wisely.