dcsimg
RealTime IT News

Gary Warren, Chairman, CEO, AppForge

Gary WarrenHaving been around for 20 years, AppForge has a unique historical perspective when it comes to mobile applications development for such devices as the BlackBerry and Palm Treo.

But the times and technologies have changed since the days when simple data swapping and occasional synchronization were state-of-the-art techniques and enough to satisfy most mobile worker demands.

Today, most mobile devices pack a library of mobile applications, and their mettle is measured by how effectively they play with sophisticated customer-facing applications.

Add security issues and supply chain dynamics to the mix and suddenly these are no longer your father's mobile applications.

Internetnews.com talked recently with Gary Warren, chairman and CEO of AppForge, about his views on mobile applications development, security and other issues.

He brings a unique perspective to the industry, given his previous stint at Symantec where he championed the company's move into wireless and mobile security.

Q: There are a lot of applications that transfer information from a remote server to a mobile device. Don't these serve the majority of needs out there in terms of accessing quick snippets of data?

A lot of these technologies are just database synchronization. They are great for internal line of business, where you have a local database and you have to sync it up and there's a lot of data entry in the field.

But when it comes to doing even simple transactions and the Web services-type stuff, you have to have the application piece on the device.

Q: But aren't basic data transfers and synchronizations the majority of what's happening out there in the mobile space? Is there really a demand for something more intense and interactive?

If you have an online banking application, all you really want on your mobile is maybe your bank balance and your last 20 transactions. You don't need a sync engine for that.

This type of very rudimentary style of application is incredibly useful for someone who is mobile. You don't need a lot of heavy lifting on the database side.

So in the [business-to-consumer] space I don't see data synchronization as being all that important.

Q: Are a lot of companies still trying to pack as much information as they can into a mobile form factor that really can't accommodate all that data?

Yes. The airlines are a great example, because they have to fill up the real estate on your PC screen. When you book a flight you get a lot of information you really don't need to know. Now these companies have to rethink about their brand experience when they're mobile, and what you need to see when you are mobile.

The one piece that is missing thing that I missing from the data synchronization of yesterday and synchronization today is how do you enable the IT shops to actually put the smarts to interact with that data synchronization.

Q: Is the myth of the "thin-client" mobile device still alive and well?

We are a rich-client company, and three or four years ago that was a bad thing. But, now it's a good thing because people realize thin clients don't work.

Q: Do the security risks increase when you pack more applications and information on that mobile device?

The problem is the architecture of a Web browser, which is a generic rendering engine.

When you think about it, we have all these data services where we can insert hostile code into the presentation layer of the Web browser, and it is a nightmare.

But, if you look at applications such as iTunes, you don't have to worry about security, because the architecture is better and I've got an on-device or on-PC application and can implement as much security as I want.

I can say that this is only allowed to talk to this in the application, is there is no phishing and no insertion of hostile code. None of that is possible.

That's why we are starting to see that pendulum swinging back from everything being in the generic rendering engine to some code on the desktop because the architecture is more secure.

Q: Can you just use some of the off-the-shelf security solutions to protect your small mobile device, just as these solutions are used to protect desktop and notebook PCs?

Companies like Symantec and McAfee don't want you to hear about on-device applications that are protected because that's what they do; they prevent phishing, hostile code insertion and other things from happening.

But people aren't going to tolerate that much longer because I think the days of the Web browser, even on the PC, are dead. The architecture is insecure and the architecture for the delivery of data services is changing as we speak.

In a mobile space, the challenge primarily involves the data on the device and how you encrypt that information.

Q: Isn't this dangerous, to keep a lot of sensitive information on a device that may inevitably be lost or stolen?

People lose their phones and BlackBerrys a lot less than they lose their wallets and everything else, for some reason.

I, personally, prefer my credit card information to be contained on something I am holding as opposed to having it sit on the 20 different servers of companies I interact with all the time.

If I'm a hacker, I'm not going to break into someone's phone to get that individual's encrypted Visa card, I'm going to try to break in where there are 3 million Visa card numbers.

Q: Where is AppForge headed over the next six months?

We will keep refining the architecture and expanding that run-time architecture to handle other things and offer more of the .NET common language runtime into multiple devices. It's more of an evolutionary thing.

The big push for AppForge over the next several months, however, is really going to be on customer-facing mass deployments. If a company wants to control their brand by using a mobile device, then their icon on that device is important.