Why mobile web scare stories have become urban legends.
Many mobile phone users do not use the internet from their handsets because they are scared. They fear the mobile web. And in many cases this fear is well founded. It is fear that if I download this ringtone I will be charged £10 per month for ever more; fear that if I use streaming TV I’ll get a roaming bill for £8,000; fear that if I download this application it will publish all my contacts and private notes on the internet.
The fact that these stories are exaggerated, technically incorrect, or even made up is irrelevant. These apocryphal stories and others like them permeate the mindset of the average man in the street.
This is not a new phenomenon: the myth of the Bogeyman, the stories of bad men and the things that bad men do, has been with us since the caves. It is
the mechanism by which fear is spread and it is the mechanism by which ‘safe’ behaviour is transmitted across society. Our age old sociological behaviour modifiers are simply adapting themselves to the modern age.
A slim 12% of mobile users use the mobile internet; that means 88% do not. Some of this is attributable to bad user interfaces, missconfigured phones and poorly discoverable functionality, but by no means all.
For us advocates of the mobile internet, this may seem depressing, but there is cause for optimism here. We have something concrete to address, a well framed problem to solve, and there is nothing engineers like better than a well framed problem. The problem is simply how do we cultivate the notion of trust, and safe environments so that fear does not unduly restrict mobile usage uptake?
But to be fair, it is a problem which to date, our solutions have failed to adequately address. This accusation can be equally levelled at the fixed and the mobile internet. Classically this problem has been approached with a dual strand strategy:
Firstly; to restrict capability, the notion of a safe sandbox is common in many environments. Java uses a sandbox to restrict functionality and the internet model of restricted functionality is even stronger. The principle here is if you cannot do much, not much can go wrong. But this neglects the more obvious consequence that if you cannot do much, you cannot do much! So in the context of removing barriers to mobile internet uptake, we have fixed the second problem of creating a safe environment, but we have re-introduced the first issue; giving a poor user experience.
Secondly; the typical approach to security is if you are going to break the sandbox and grant access to a sensitive feature, let us ask the user. On the surface of it this is a sensible thing to do; it is the user’s phone, their phone bill, their sensitive data, so it is only reasonable that we ask them first.
But, there are two major problems with this approach. Problem one, it is irritating, which not only leads to poor user experience, but much like a small child who pesters you with the same question again and again and again, eventually your just respond with ‘yes! yes! yes!’ . After a while you are no longer listening to the question and any pretence of implementing genuine security is out the window.
The second issue is in many senses more critical. Every time you ask the user for permission you are explicitly alerting them to imminent danger. If our objective is to create a safe, trusted environment that encourages usage, we have failed before we start.
So, hard problems and failed solutions. What can we do? The answer is the mobile industry needs to employ the techniques we use in the real world to anchor trust, into concrete application technology.
This is beginning to happen with the industry looking at the principles of identity, reputation and implicit permissions. These are ambitious goals, but there is a large degree of evidence that it is on principles such as these that the next version of the internet applications will be based.
The mobile industry only has the subscribers interest, safety and experience at heart and it must listen to user requirements in order to provide a safe, secure environment for each subscriber. If that is provided then figures for mobile internet usage will be balanced or tipped the other way and both operators and application developers will be generating revenue, while subscribers will be enjoying a safe, mobile experience.