Cloudy with a chance of $$$

Mobile cloud computing could blow the mobile apps game wide open - just don't mention the word "Sidekick"

In early November - less than 14 months after its commercial launch in July 2008 - the Apple App Store his its latest milestone at 100,000 apps and two billion downloads. IDC expects the latter number to top 3.5 billion by this February.

Which is, of course, why every mobile operating system has adopted the application storefront model, as have a growing number of device makers and even cellcos, all in the hopes of cashing in on the app-store hype and, more importantly, creating an apps ecosystem with a business model that consumers are finally in love with.

But the application storefront isn't the last word in mobile content hype. Indeed, there's another business model being championed as an alternative and possibly even a successor to the app storefront: mobile cloud computing.

The concept of mobile cloud computing (also called software as a service, or SaaS, in many circles, not always accurately) is fairly straightforward: instead of storing and running apps, content and data on your mobile device, you'll store and run them via the internet. In terms of the interface and customer experience, the user won't notice the difference. You'll still be able to check email, listen to music, play games and so on: but everything will be hosted on servers rather than the handset.

This isn't future tech - in fact, it's old news if you count old favorites like web mail and BlackBerry's email services, or newer Web 2.0-based services like hosted photos (Flickr, Photobucket), media streaming services (YouTube, Spotify), social networking sites (Facebook, MySpace) and navigation apps like Google Maps. But the rise of web-savvy handsets like the iPhone has made such services more accessible via mobile than ever.

Meanwhile, various players have been extending the concept more aggressively in the past year. New services like Apple's MobileMe, Microsoft's MyPhone and Google Sync aim to synchronize your Apple/Microsoft/Google info (whichever applies) between your mobile and the PC by hosting it where any of your web-enabled devices can access it online.

Even operators are starting to get into the mobile cloud game. Indeed, Vodafone dropped its Vodafone Live! Offering in favor of Vodafone 360, launched in September 2009, which lets customers sync contacts, emails, photos, conversations, music, and location-based services via mobile and PC.

Meanwhile, the "platform as a service (PaaS)" space - which allows customers to build and run their own apps on a cloud platform - is preparing to go mobile as well. has already released a smartphone version of its PaaS offering, while Google's App Engine and Amazon Web Services (AWS) are expected to do the same in 2010.

All of which adds up to impressive numbers from ABI Research, which says the mobile cloud computing business will be a $20 billion business by 2014, with just shy of 1 billion subscribers (which will still only represent one fifth of the world's mobile subs by then).

In fact, says ABI senior analyst Mark Beccue, "By 2014, mobile cloud computing will become the leading mobile application development and deployment strategy, displacing today's native and downloadable mobile applications."

Before that can happen, however, mobile cloud computing still faces plenty of challenges - not the least of which can be summed up in one word: "Sidekick".

Data outages

In October, T-Mobile USA made headlines worldwide after thousands of users of its Sidekick smartphone lost their data when the servers hosting them (run by Microsoft subsidiary Danger) failed. Initial reports claimed that the data was lost permanently with no backup whatsoever. In the end, Danger was able to restore the majority of data - but not for everyone. And either way, the initial failure of the backup received a lot more media hype than the recovery.

Either way, the Sidekick incident highlighted one of the risks of mobile cloud services - service outages. Google's Gmail has had two major outages this year, both credited to server overload. Microsoft's Hotmail also experienced an outage earlier this year. BlackBerry and MobileMe have also subject their users to service interruptions. The effects on users ranged from inconvenience to major headache. But the Sidekick incident is widely regarded as the biggest such mobile cloud-based outage to date - and for some users, the data never came back.

The good news is that service outages, while frustrating for end-users, won't result in massive amounts of churn, partly because in most cases, the data is not lost, and partly because many consumers have already gone through the heartbreak of either a fatal hard-drive crash or losing their phone - and everything on it - via theft, leaving it in the back of a taxi or dropping it in the toilet (things that cloud-based offerings actually could mitigate).

That's why the mobile cloud game is largely a matter of trust, says Michael Harries, director of technology strategy and communications for the CTO office (and Citrix Labs) at Citrix Systems.

"Consumers have learned to trust services like Gmail over the years, and I think that will continue to be there," he says.
That said, he adds, "For enterprises it's a harder thing to ask when you rely on security and reliability. Recent outages from Google make it clear to enterprises that this is not a silver bullet. The service provider has to be able to guarantee a certain level of service and then back it up so there's no surprises to their customers."

The distinction between consumer and enterprise expectations is a key one, Harries says. "The public clouds and SaaS for consumers are free services and best-effort, and it's available most of the time but when it's not, well you get what you pay for."
By contrast, corporate customers paying close to $200 a month for have higher expectations of availability, he adds.

How upset users get over lost data also depends on the data itself, points out Herns Pierre-Jerome, director of project management at Qualcomm.

"I have lots of financial records from the last 15 years on my PC - I don't want those stored in the cloud," he says. "There's also a question of sharing that info between different types of networks - not just the service provider but your home network and newer ideas like personal-area networks, body-area networks and femtocells. You may want some of those networks closed off in terms of sharing or storing information."

Who do you trust?

Also, the trust issue is nothing new when it comes to data security. As Bruce Schneier, CTO of BT Counterpane Systems, pointed out in an essay in June, the entire IT security chain is based on trusting every element from the chip maker and the OS vendor to the ISP to keep your computer and everything on it safe.

"SaaS moves the trust boundary out one step further - you now have to also trust your software service vendors - but it doesn't fundamentally change anything," Schneier wrote. "It's just another vendor we need to trust."

That said, the difference is that the customer ends up relying completely on the service provider not only to secure everything from the usual malware, but also to run their business responsibly. And, adds Schneier, there are plenty of unknowns regarding the fate of your data if, say, the cloud services provider goes out of business or gets sold to your rival.

Interestingly, some security experts see the cloud trend as an opportunity to improve IT security across the board. At last month's annual RSA Security conference in London, speakers representing RSA and the Information Security Forum said cloud computing - and the move to virtualization that's underpinning the shift towards the cloud - was a chance to establish best practices for authentication, data protection and disposal to help businesses get security right this time round as they embrace the new wave of Web 2.0 and cloud-based apps (mobile or PC-based).

The catch is that security researchers and bad guys aren't waiting around for them to set up a secure cloud. In September this year, researchers at MIT and the University of California San Diego said they successfully ran basic side-channel attacks on Amazon's Elastic Computer Cloud (EC2) service, allowing them to see inside virtual machines hosting EC2. While it's a minor attack at best, the researchers say it could lead to more serious attacks.

Apps for everyone

Even so, there's still plenty of optimism surrounding the mobile cloud, primarily because the promised benefits are pretty substantial - and not just for the users, says Mark Beccue of ABI.

"Mobile application developers today face the challenge of multiple mobile operating systems. Either they must write for just one OS, or create many versions of the same application. More sophisticated apps require significant processing power and memory in the handset," he says. "Using web development, applications can run on servers instead of locally, so handset requirements can be greatly reduced and developers can create just one version of an application."

That's also why ABI and others are calling the mobile cloud a disruptive concept. App storefronts are mainly aimed squarely at smartphones - a cloud-based model would open up the market to anyone with a feature phone. Moreover, it shreds the idea of tying content exclusively to a device's OS, as is the case with Apple, RIM, Windows Phone and Symbian.

The mobile cloud also offers up new service opportunities. Beccue names several, from location-based services (a major cloud driver for the next couple of years) to business apps like collaborative document sharing, scheduling, and sales force management apps, and remote control.

"Cloud computing will  bring unprecedented sophistication to mobile applications," Beccue notes. "To mention just a few examples, business users will benefit from collaboration and data sharing apps. Personal users will gain from remote access apps allowing them to monitor home security systems, PCs or DVRs, and from social networking mashups that let them share photos and video or incorporate their phone address books and calendars."

Of course, there are still some technical challenges to be sorted out (besides security). One is getting cloud-based web apps to work offline. Browser support for HTML 5 is the going favorite solution from the World Wide Web Consortium, as it supports local caching to keep apps running. But HTML 5 is still sorting out other issues, notably the lack of a standard (and royalty-free) video codec, and isn't expected to see much widespread deployment until 2011.

Meanwhile, other new technologies are looking to remove the browser equation altogether, such as the Open Mobile Alliance's Smartcard Web Server which utilizes a specialized SIM card to allow cellcos to push apps to the device. Meanwhile, API standards from the Open Mobile Terminal Platform (OMTP)'s open-source BONDI project - which aim to help developers design consistent web interfaces for web apps and widgets - and the GSM Association's OneAPI reference implementation that aims to create common web-friendly APIs for integrating apps with cellco network capabilities (charging, messaging, location and user context) are expected to help make web-based mobile apps richer and more innovative.

Side by side

Another potential technical obstacle for mobile cloud computing may be bandwidth, according to Donjoo Lee, senior VP of sales and marketing for the mobile comms division of Samsung's digital media and communications business.

"With mobile cloud services, data transmission speed becomes very important, both the downlink and uplink," he says. "That is something LTE addresses, so once we start seeing LTE rollouts, cloud-based apps become more compelling."

Lee also says that cloud-based apps are only as good as the device that accesses them. "On the device side, the client must be ready to support push applications," Lee told Wireless Asia. "Also the device must have a very strong processor inside to process the data very quickly."

Michael Harries of Citrix doesn't entirely agree that these issues make the mobile cloud more of a future phenomenon than a present one. "I think we're there already. If we were to treat these devices entirely as an online device, the technology is around to deliver these apps at very low bandwidth," he says.

However, Harries does add that as demand for richer apps grows, devices will have to catch up in terms of processing power. "With Moore's Law, we will have fully capable computers in our pockets in five or ten years time, and we will do whatever we could do on a big desktop computer in our pocket. And any bandwidth available will be consumed just as we've seen with fixed-line broadband."

As for whether all of this adds up to the end of app stores as we know it, Harries doubts it.

"The hype is always there, will it be one or the other - the reality will always be somewhere in the middle," he says. "It depends on the operating environment, user needs, needs of cell phone vendors, type of application you want to run, whether you want to etc. Google has every reason to wish that everything will eventually be in the cloud. The reality is all these will run side by side."

How to build an app store

1. Do not fixate on all things Apple

There are ways in which operators can seek meaningful differentiation that do not hinge on slavishly copying Apple. Although Apple has set a benchmark for application stores, its model is not one that operators can easily replicate; in fact the fixation on Apple is blinding operators to other possibilities and players that they could learn from.

Personalization will be the hallmark of successful application stores, and this is something that Amazon has pioneered in the form of its recommendation engine.

Given the depth of customer insight that mobile operators have, they could replicate this model in the application store context. Coupled with excellent search and navigation, this should provide a good user experience.

2. Layer on the VAS

Operators should introduce services that add value to the core application store experience - for example, utility services such as digital lockers for storing and backing up applications. Operators should not be shy of playing up their billing capabilities, which are genuinely useful to developers and consumers alike. Opening billing APIs to developers can offer attractive, flexible scenarios to developers. Indeed, many network APIs can be opened to developers, such as those relating to location and video services, as well as customer data.

Devices are a tricky area. One option is operator-customized devices that are specifically designed to optimize the application store experience. Vodafone is taking this route with two specially designed Samsung phones for its Vodafone 360 service. However, this is a difficult proposition for most operators.

An alternative, or complementary, strategy is to think about ways to better support application stores on mass-market feature phones and lower-specification devices, which will be particularly important for app stores in emerging markets. The caveat to this - and it is a big one - is that to make this happen operators must address device fragmentation.

3. Avoid the numbers game

Operator stores should not compete on numbers alone, as they will not be able to match the 100,000 (and growing) apps offered by Apple. Operators need to approach this in a more creative, lateral way.

For example, they could look to include more professional and vertical applications in their stores, as these are more likely to carry a premium than the horizontal, entertainment-focused apps typically offered.

We also advise operators to think about how they can include and support media companies and content publishers in their store, along with more localized content players. Operators should also include the traditional staples of content offerings in their app stores, such as ringtones, screensavers and video clips. Consumers actually like some of these things, and including them in a store provides a broader, richer portfolio.

4. Become the trusted brand

Some mobile operators have a good reputation with consumers and should capitalize on this by building services that make their application stores a safe, secure environment. This could be in the context of payments or security - for example by providing parental control features on a store.

Operators aiming for trusted store status should take the lead in setting best practices for protecting users' privacy, and make sure this is visible to consumers. This will be particularly important for applications sold in their stores that call on APIs relating to personal data such as location and personal profiles.

- Eden Zoller is principal analyst at Ovum