So Android announced Android 4.1 (Jelly Bean), the next version of the operating system with much awaited performance improvements and some new (marginal) features, available to Galaxy Nexus users in mid-July and the remaining 99% of the Android ecosystem sometime between a year and never. Along with the new version of Android, Google announced several other products and services, including their Nexus 7″ tablet, which I won’t cover in this post. What I am going to focus on is Nexus Q, the first product designed exclusively by Google, a ‘social’ media player that is, intriguingly, manufactured in the U.S and costs almost $300. This is not representative of a new class of devices, it’s not even functionally all that impressive either: it’s a device that connects to speakers and TVs, like countless before it. The difference in the case of the Nexus Q lies in its impressive industrial design and the fact that 1. it can stream data from Google Play and 2) it can allow local Android devices to ‘share’ the content they hold in their local memory. Google, borrowing from the Apple cue-card of shoving features into products without really caring about what people really want or need, created a product aimed solely at increasing the impact and the revenue of their online media store (Google Play) and added a small cherry on top that makes use of the networked nature, ubiquity and storage capacity of modern smartphones. Of course, even the ‘social’ aspect of the device is not exactly groundbreaking either. The functionality has been available, one way or another, albeit in more ‘technically challenging’ forms for years. But what’s important to note about the Q is that it doesn’t really cover what is probably the number one request (or, if your prefer, the number one pet peeve) people have about for other locked down devices of this kind (yes, Apple TV is a prime example): the ability to stream content stored in existing home networked devices, such as another computers or NAS devices on the local network, using standard or widely-used protocols such as DLNA/uPNP, DAAP/Airplay or even SMB/NFS. With the Nexus Q, Google demonstrates the same denial it’s got with that of the success, or rather lack thereof, of Google+. And in their attempt to convince people that the botched Nexus Q is worth paying the huge premium they’re asking (other devices of the same kind cost 2-3 times less), their enthusiasm for silly features like overlay mustaches in Hangouts, their desire to marry profits with openness and openness, they lose the mark. They fail to deliver the extremely seductive walled-garden, locked-down experience that allows Apple to thrive at the cost of openness and empowering products and services and, at the same time, they lose the geekcred that made Google so affable in the first place. Google largely knows this and they have been performing a balancing act for years: the ‘openness’ of Android, that of ‘the social graph’, their contribution to the public via open source software. The company is cognizant of its differences to other players of the market; yet, there with today’s announcement of the Nexus Q there is a paradox: today we have so much technology available to us, often of high quality and free, in the form of open source software, powerful and affordable hardware. Google, like Apple and everyone else in between, realise this and have been struggling to trap the cat inside their new shiny new boxes. The Nexus Q could have been a great little device, and maybe it will be one as soon as people start ‘tinkering with its internals’. Yet it would have been much better if Google had shipped it like that instead of ‘tolerating’ hackability by the community. By blatantly promoting its own cloud based offerings instead of trying to marry them with locally stored content, Google is crippling its product.

In the end, like Microsoft a few days ago, Google is copying Steve Jobs’s style and strategy; provide a platform and tools, but focus on content and lock-down as a monetisation technique to counter technology commoditisation. Gundotra’s presentation of Google+ Events reeks of vintage early 2000s Jobsian technique, with the preset graphics and the sildeshow features. With everyone and their dog showcasing complete lack of tech culture in the face of a dominant resurgent Apple, the world treads in dangerous territory: a technology monoculture in the corporate space that bases its profitability on polished jailhouses instead of innovation and increased freedoms. In this context, the cloud remains a key technology that can help liberate us from the burdens of backups and local storage, but also imprison us in a world where a few corporations control all of our information.

Which brings us to Glass. The Sergey Brin, Project Glass segment was super fun and very impressive. If anything, it shows that Google is well-humoured and daring and works on interesting technology. Of course the demo and the features they showed are not exactly representative of the product, its potential or its usefulness. The segment which followed the breathtaking landing on Moscone and Brin’s introduction was stale and unconvincing: I doubt a mom would want to ‘make contact’ with her baby looking like the Borg, or that everyone would think twice before relegating their ‘Glass’ to a drawer and never using it, its novelty quickly overshadowed by its unnatural and intruding appearance. It’d be a shame if Google really thought that people want to look like futuristic soldiers from a second tier sci-fi movie. Sure, the concept is nice and perhaps as technology progresses it will be easier to integrate such functionality in more human-friendly prodcuts, like contact lenses or integrated with optical glasses. As it stands, Project Glass is only an unappealing curiosity that serves better as a tech demo than a product right now.

Mere hours after pressing ‘Publish’ on the previous mini-article concerning walled gardens, an article on TechCrunch, this morning, clarified the situation we have more or less been suspecting for a while now: that Apple, after deprecating UDIDs (one of the things they truly did well in iOS from the beginning), they will start rejecting apps after the backlash caused by lawsuits, noise and a few rogue developers that seemed keen to take advantage of their users and use their private information in ways they didn’t agree (and which are illegal in more ways than one).

The situation with unique device identifiers is an important one. On one hand, user privacy should be the number one concern of platform owners/builders like Apple, Google and Microsoft. It isn’t, for their software can do pretty much whatever it wants with the users’ private information, as we have seen several times these past few years. On the other, developers have many uses for an immutable, unique identifier for devices; from providing metrics for their own use, understanding the patterns of use of their applications, improving ad targeting, enforcing proper use of their applications and communities among others. Of course, it can also be a tool aiding in unsolicited tracking and profiling of users, of a range of personal information violations etc.

When Google came out with Android, they failed to provide any sort of unique device identifier of any significance to their developer community. They did provide several ways for developers to get some seemingly unique identifier, but those were easily modifiable, sometimes were not set at all or set to the same value across all devices sold by an OEM. In addition they would get reset after a factory wipe, etc. Developers resorted to DIY identifiers, scoured and composed from several unique component identifiers available to them by the system, such as the IMEI in phone devices, or the MAC address of the WiFi network interface in others. Then Google released Android 2.3 which included a unique identifier which, while better than the previous ones, was still not 100% robust.

Microsoft has belatedly joined the new-walled-garden era, first with Windows Phone 7 and now with Windows 8. The ‘new’ API and model for applications, Metro, goes one step further by not providing any single unique device identification capability to developers (there are some exceptions, but they are truly exceptional and as of right now undocumented). The only thing close to user/device authentication is ‘Microsoft Account’ (formerly Windows Live, Passport etc. etc.) integration which is probably useless for 99% of the cross-platform applications available out there, that have a need for some sort of unique identification of their users/devices.

It’s the permissions stupid.

The whole situation boils down to botched design in terms of permission control, abuse by advertising, analytics and developers and extremely late regulatory and social reaction to the above, perhaps combined with a pretty simple way to raise barriers to entry to the competition while ‘solving’ the issue of privacy. All platforms have some sort of privacy/permission control, but none have a good one. Android has a pretty comprehensive permission system that assumes that before installing an application each user bothers to read a silly list of permissions (many of which they will probably not understand) and once they accept they will perpetually want to grant all those permissions to said application. There is no fine grained permission control post installation, no possibility to grant or revoke individual permissions to applications before they are launched (something like “I would like to allow App X to use my network connection, but not my location or my address book data”). iOS is also similarly badly designed: there is no explicit permission asked or required for using the network connection, a slew of personal data, several APIs, storage etc., except for location, where iOS does a much better job than Android, probably because of the high-profile exposure that their data-collection ‘functionality’ took a few years ago. At the same time, both platforms actively transmit information gathered by your device, be it nearby BSSIDs (the identifiers of wifi networks, akin to ethernet MAC addresses) or Cell IDs (the unique identifiers of nearby cellular transmitter/antennae) so that they improve their ‘network-based’ geolocation service. Google fares better in this respect, as they allow you to disable this; Apple doesn’t, as far as I know.

Then comes Microsoft, the ailing software behemoth that only recently decided that Balmer’s rhetoric about the iPhone’s failings, the iPad not gaining any significant traction etc. was totally wrong after all, and that they should jump on the tablet bandwagon, not in the way they’ve been trying to do for about a decade, but the way Apple did with their own version of a walled garden, doing away with the desktop paradigm and providing a dumbed down, simpler interface that does away with compatibility, file-systems etc and uses a locked down, app store/marketplace based model to ensure software legitimacy and boost profits. So Windows Phone 7 and Windows 8 provide new sets of APIs and a new ‘application environment’ called Metro. In the Windows 8 version, the æsthetics borrow much more than its name from Windows Phone 7, the company’s revamped operating system for mobile phones that, while a decent effort, doesn’t seem to be doing that great on the market. Metro on Windows 8, however, is not a finished product by any means, and probably won’t be ‘finished’ (that is of a sufficiently high quality) until Windows 9 is released in a few years from now. Metro on Windows 8 also has permissions, like Android, but does away with unique device identifiers and any sort of meaningful API to get any sort of replacement of one. It also allows the user to revoke a permission (say, for the location), but only after the application has be executed, which kind of defeats the purpose.

My experience with the ‘next-generation’ platforms I have programmed on until now strongly suggests that the companies and people designing them have no idea about the implications of their work. They are experimenting, releasing APIs, platforms and products without thinking them through, or the impact their software has on the users, developers building applications using them or the overall social effect of their design decisions. In the case of Android, many more developers have access to IMEIs, MAC addresses and other, arguably much more sensitive information about devices and their users than they would have, had Google paid some attention and provided a unique, immutable pseudo-random unique device identifier from day one. It is also surprising how bad their permissions system is, given that they at least went through the trouble of designing one in the first place. In the case of Microsoft, the complete lack of such a mechanism, may eventually play its part in hurting the company’s efforts to enter the game (they already are extremely late). And finally, Apple, the market leader that did so many things right in the first place, is risking pissing off everybody from small independent companies that helped build the platform, to its greatest non-platform owning competitors that can see through the excuse of legal heat from regulators and the government, their hypocrisy on protecting the users’ privacy and who may call their action as an excuse to block them out of their platform. At the end of the day, the three big players in this market still get all your information, and their expansion into advertising, mobile payments, e-commerce and every single part of the software ecosystem possible means that they have the greatest incentive to (ab)use it.

In the end, all of the privacy problems that location, unique device identification and access to other personal information may give rise to are easily solvable by a modern, smart permission system that gives the user the power to deny, revoke or grant permissions to individual applications post installation, including system software/applications, thus creating a level playing field where the user would decide what kind of access to provide to whom. That would be a clear demonstration, on the platform owners’ part, that they truly care about users’ privacy and not just creating barriers to entry to the competition and their bottom line.