Flow Control – Part II
Photo via CNET
Looks like a lot of people are getting the so-called iPhone developer program ‘rejection’ letters from Apple.
John Gruber points out that developers can already write applications with the existing SDK. But there’s a chain-reaction that emanates from this rejection / delay / waitlist letter (which I got too, for the record). See if you’re not in the ‘full’ developer program, you don’t get a signed certificate.
No signed certificate, no way to upload your app to the iPhone via XCode. No way to upload your app, no way to test it if you are using features not supported in the simulator (I won’t list them since the SDK is issued under NDA, but there are more than a few — including a lot of features game developers would need). In other words, the certificate isn’t just so you can upload your creation to the App Store in the June time-frame.
It’s also necessary to start basic development today.
The only reason I can think of for Apple to have done this is to prevent the flood of apps they’re going to receive down the line, all clamoring to be reviewed and approved for sale on the App Store. But doing it in this way means a lot of developers can’t even get going until June (or whenever the SDK gets out of beta) and that puts them in a bad position competitively against those who do get the certificates. Who knows? It may even create a gray-market in certificates (EBay anyone 
)
If flood-control is really the reason behind Apple’s move, they can still accomplish it at the point of submission of the app for approval — and while they’re at it explain the rules for who can get onto the store, how long the wait might be to get approved, how does an app get onto the ‘featured’ page, etc. But they really ought to go ahead and issue the certificates now so people can start their development work.
I personally went through the certificate signing process with Thawte a couple weeks ago to get one for an Adobe AIR application. It took about a week and cost $299/yr. Thawte already sells signed certificates for Mac-OS (alongside those for Java, Microsoft, Netscape, VBA, and Adobe). There’s no reason why Apple can’t separate ‘app-development’ certificates from ’sell via App Store’ certificates.
At this point, those developers wanting to use non-simulated/phone-only features and who don’t want to wait have no choice but to go the jailbreak/open-source toolchain route (making Jonathan A. Zdziarksi, the author of iPhone Open Application Development the luckiest / unluckiest / luckiest technical author around).
The trouble is that Apple’s released SDK headers are far more restrictive than what jailbreak tools allow, and finished apps may not use any undocumented APIs. For example, people have ported a ridiculous number of app development tools — Python, Ruby, Apache web-server (!) — to run on a jailbroken iPhone. None of these are permitted under the rules of the official SDK — making it a safe bet that jailbreaking will continue apace even after the SDK is launched.
Remember, if you’re a developer and have to get going on a jailbroken system:
- You don’t get to use all the cool XCode tools.
- You have to constantly double-check to make sure you don’t use features not officially released in the SDK, and
- You may want to stand in line to get your finished application into the App Store approval hopper early (if and when Apple releases those signed certificates).
It looks like there may be a long line of developers forming in the back of the App Store pretty soon. But then again, if you’re an iPhone fan, you’re probably used to standing in line…
Update: Ars Technica misses the point of the delayed/AWOL certificates. They’re not just needed for deployment. For many people they’re needed to start development.
Here’s a solution: Adobe AIR allows self-signed certificates. They’re useful to get things going, but can not be used for deployment. This is probably the way to go for Apple. Put out a self-cert tool for everyone and get out of the way. Then put up BIG warning signs in the 2.0 firmware whenever someone tries to run a self-signed application. That ought to get things going.