Pages

Pages

Saturday, February 02, 2013

Joyn - risible overhype, DT spoiling the party, and a privacy nightmare

 I'd mostly given up writing about Joyn / RCS, because it's not very nice to speak ill of the dead.

But the past week or so has thrown up a ton of issues that I feel need to be addressed.

The first one is the absolutely ridiculous hyperbole about Joyn being a "done deal", which will no doubt reach a crescendo around MWC in a few weeks' time. I've seen a number of vendor blogs, press articles and other missives that take the tone of "everyone agrees that Joyn is wonderful and inevitable", in a fashion reminiscent of a 1950s Soviet propaganda poster.

Take for example PR/marketing firm Redmill Communications' line: "When we talk to people about it, it’s clear that RCS is just something that ought to be done." Well, I guess that depends which people you talk to, but I certainly encounter a large amount of skepticism or outright derision about RCS, among both vendors and operators. Perhaps unsurprisingly, messaging vendor Acision's house blog is similarly gushing about RCS.

To be fair, others have been more sanguine, with The Register slating Joyn's chances and quoting OpenCloud with a line that I would have been proud of myself "RCS is bringing virtually nothing, and it has taken them five years to do it". Somewhere in the middle is Kineto (disclosure: a client) which is trying to blend RCS with Telco-OTT concepts and some additional features and capabilities in its Smart Comms app. Taking *some* of the RCS capabilities and concepts, and running them as an app in OTT-style form, makes a lot more sense than the branded, cross-operator Joyn approach.

The next few weeks will undoubtedly see a continued gush of hype before Barcelona. I suspect there's a central push recommended by the GSMA's marketing people to "fake it till you make it" - basically just pretend that it's all inevitable, in the vague (and vain) hope of creating a self-fulfilling prophesy. Lots of opportunities for small boys wanting to spot naked emperors.

All of which must have gone left anyway, with DT's apparent kicking of the RCS ball into the long grass, using the damning phrase "delayed indefinitely" and seemingly blamed on Android implementation/fragmentation difficulties.

It's a bit difficult to tell if it is referencing native integration of Joyn into T-Mobile's own supplied Android phones, or the performance of the aftermarket app for download onto other devices. (Germany has a quite high proportion of prepay users without subsidised phones, often bought through non-operator channels).

Either way, I can think of a few possible areas of problems that DT is finding with implementation, not least because it looks like Joyn apps are both complex and deeply invasive into the Android OS. I hadn't really looked at what is "under the hood" for RCS applications, and I was pretty surprised / shocked with what I found.

Have a look at the Vodafone & MetroPCS Joyn app descriptions on Google Play, click the "permissions" tab, scroll down and "show all".
https://play.google.com/store/apps/details?id=com.metropcs.rcsmetro&hl=en
and
https://play.google.com/store/apps/details?id=com.summit.beam&hl=en 


Basically, if someone installs Joyn, it gives the operator the right to pretty much control the whole phone, especially the communications elements - not just send & receive SMS, but read their contents and the archive too. It can report which other apps are running, read the call log, check your calendar and assorted other capabilities. Indeed, the MetroPCS ones ask for permission to "Draw over other apps" ("Allows the app to draw on top of other applications or parts of the user interface. They may interfere with your use of the interface in any application, or change what you think you are seeing in other applications)".

If you compare the Joyn apps' required permissions with rival apps on Play, you'll see it needs much more access. I had a look at Skype, Whatsapp, Tango, Line etc - only Viber comes close in terms of permissions it needs.

Leaving aside the privacy and control issues for a second, this also suggests that Joyn is a pretty heavyweight app, needing a large amount of testing as it has so many tentacles throughout the phone. Add in the fact that each operator will have their own features and implementations, and you can see huge scope for bugs, interoperability issues (ironic) and privacy invasions. 

Lastly, privacy and control is going to be a *huge* issue here. Putting a Joyn app on your phone (even if it's unlocked and owned by you, not subsidised & owned by DT) basically gives it access to pretty much *everything*. It massively over-reaches what most users will feel comfortable giving up control over. 

There is absolutely no way that I would install this personally - why does the operator think it has a right to snoop on what other applications I have running locally on my phone? That's hugely invasive and "none of their business", especially if it's a device I've bought through a retail channel and own outright, rather than received subsidised.  

Worse, because Joyn is intended as a unifying brand for RCS, it only needs one telco's version to misuse these permissions, and the rest of the industry gets tarred with the same brush. 

In fact, this all raises huge questions about what rights you sign away when you buy a subsidised and customised phone through operator channels. It reminds me a bit of the discussion a few years ago about buying laptops from telcos, where some were proposing to monitor/control what apps you were allowed to use. It makes me much more understanding of Apple's rigorous policies on what authorised AppStore apps are allowed to do.

Joyn appears to have been designed with the assumption that it will be the primary communications app/UI on the phone, rather than assume parity & coexistence with all the others. Again, perhaps fair enough if you buy a phone from an operator, but if it's *my* phone/tablet and I download it independently, then I expect apps to behave themselves and "know their place". It all seems massively arrogant & will see user push-back, even when it finally works. Joyn needs to prove its usefulness & earn trust, before gradually extending its reach with user consent.

(I'm also imaging the havoc that users with dual-SIM devices will experience, if they've got Joyn apps from both operators. Also, it's not clear to me what happens when users SIM-swap - do they need to delete one operator's Joyn app and download the other?) 

Of course, there are plenty of reasons besides this why RCS / Joyn is destined to fail. But given that various telcos have been sneering at WhatsApp and Facebook for privacy violations, they perhaps should step out of the glasshouse themselves first. 

**Edit 3/2/13: apparently, some versions of Joyn can't even be deleted or uninstalled from phones, especially Android sold through operator channels. This is a huge mistake, especially as the update cycle is so slow. Consider the scenario where there is public uproar (unexpectedly) about a Joyn feature for some reason - privacy, performance, misuse, costs or whatever. If it is sufficiently bad, it may be justification for people to return the phone as unfit-for-purpose and exchange it for a non-Joyn device - which would be very costly for the operator.

(If you're an operator CTO or CFO reading this, and you're skeptical about RCS / Joyn and want good arguments to avoid wasting money on it, please contact me about workshops or consulting advisory services)

6 comments:

  1. Anonymous6:35 am

    this article is short sighted and filled with hyperbole,really losing respect for bubleys opinion. does this guy ever have anything positive to contribute

    ReplyDelete
  2. Anonymous9:12 am

    I used to respect Dean Bubley but this article seems to shows that he doesn't really know what he is talking about.
    Privacy issues come from when a third party (Facebook, an operator or an unknown OTT share information to other parties without the consent of the end-users).
    Just in case, one doesn't remember, the operators already have all the call logs, SMS, location and profile of end-users. It doesn't mean they have the rights to sell the data to any third parties and it doesn't mean operators need an app to snoop users.

    Those permissions on the Android app have nothing to do with privacy issues, there are needed to make the app running in the best way. For instance, the "Draw over other apps" is used to allow end-user to add video on top of a normal call. The location is used to be able to send location to other users and the list goes on.

    So while I agree that RCS has a high chance to fail because of the inability of operators to launch fast enough and provide a good enough user experience, Dean's argument about "privacy issues" is total non-sense.

    ReplyDelete
  3. It's quite funny - it only tends to be my posts on RCS & IMS that bring out the incoherent and anonymous trolls.

    It's also quite funny that you write about me in the third person, "this guy", rather than "you", on my own blog. This suggests to me that you're a great example of someone who shouldn't be involved in communications technology, because you have no grasp of how people actually communicate.

    And yes, if you read my report or this blog, I've got a ton of positive things to say about Telco-OTT, WebRTC, LTE, WiFi and assorted other technologies.

    RCS is something I've been negative on since day 1. I've also been right since day 1.

    ReplyDelete
  4. Anonymous 2 - at least you're more coherent or sober than the first anon.

    Fair point that privacy issues come from 3rd parties, but Joyn is intended to be a brand used by *all* (or many) telcos. Do you really trust the privacy policies - and app designers - from all telcos around the globe? It just needs one to try something silly to have a negative association with the entire brand.

    It's not as though telcos have a perfect record on privacy either.

    Individually, each of the Android permissions may be justifiable for certain purposes. However what is clear is that Joyn needs more access than *any* rival communications app. Why? It suggests over-reach. And do you really think that's good design from a development complexity & testing point of view?

    It's also likely that some of the functions may be acceptable to users, and some not. Maybe it should be multiple separate apps, not one monolithic one, so people can choose? It's definitely an argument to avoid operator-customised Android phones though.

    Lastly, can you give me *any* reason why RCS should be able to report on what other apps are running on the phone? What safeguards are in place here, not just about privacy, but also competition law?

    Dean

    ReplyDelete
  5. Hi Dean

    A few notes:
    "I'm also imaging the havoc that users with dual-SIM devices will experience, if they've got Joyn apps from both operators."

    True for apps I assume. For pre-integrated Joyn less so I guess, I assume it will behave like SMS and phone - you can select the identity.

    "Also, it's not clear to me what happens when users SIM-swap - do they need to delete one operator's Joyn app and download the other?"

    Separate op apps should not be a problem, I believe they can be considered sandbox like - at least for RCS-e (RCS 5 may differ).

    Joyn apps are also auto configured using HTTP. When you swap the Sim the profile of the new provider is automatically downloaded.

    Of course problems are inherited:
    - What if I want to keep using the previous Sim's identity on Wi-Fi?
    - If the complete app is reconfigured is my content lost?

    The basic idea is not for all operators to have their own app, but to have one Joyn app that retrieves its complete profile from the operator network it is currently connected to. This is comparable with the GSMA vision of preinstalled Joyn w/ auto provisioning dependent on Sim profile.

    Lastly, one privacy "issue" I had in my mind recently contradicting "we don't upload your address book" arguments: For each contact, the app sends discovery messages (often end to end) to each related phone number. So, your operator knows all phone numbers in your address book (w/o name or other data though) and discovers also foreign network numbers which in turn means data is shared beyond own operator borders. Unspectacular at first, but any known chat app requires permissions for that (knowingly add or approve buddy) - Joyn doesn't.

    While WhatsApp et al may do similar things, op's IMHO loose the argument of being different here as well. In fact, I'm not sure agreeing to Joyn includes a consent clause approving sharing your phone numbers with any Joyn operator out there.

    A bogus client could retrieve autoconfiguration and then show you who has your number in their address book. Not sure if that has been digged into deeper yet, if it is mitigated, or if I am wrong?! To my current understanding it isn't. Some more food for thought...

    If only ops would stop being hypocritical and start being innovative in their respective markets. This is true wrt Joyn more than ever.

    Best regards
    Sebastian

    ReplyDelete
  6. Hi Dean - Telcos indeed do not have a great track record on prvacy. CarrierIQ anyone?

    You're right of course, about RCS in general. I think the statement "It brings nothing new, and they've taken 5 years to do it" is what tells.

    We can already do what it promises to do sometime in the next N years. Let them keep hyping it up. We won't be using it anytime soon. Its just a wasteful shame - the development and deployment dollars could be better spent on something else.

    ReplyDelete