Over-the-air techniques are being used more frequently. However, there’s a
disconnect between the industry and users regarding actual performance.

Dieter Bohn understands cell phone users. As vice president of communities for Smartphone Experts, he oversees the moderation of discussion forums at Crackberry.com, Phonedifferent.com, TreoCentral.com, and WMExperts.com, which are some of the busiest user forums around. So when asked if wireless carriers and ISVs are doing a good job of providing firmware and application updates using over-the-air (OTA) methods, his reply is authoritative: “Absolutely not.”

“Nobody seems to be able to figure out who gets to control the whole process,” says Bohn about OTA technologies. Between the software companies, handset makers and carriers, “If any one of those fails, or any one of those people says they’re not sure about this, then the whole thing is done. From the user perspective, the big problem is the wireless carriers,” he says.

Red Bend Software and InnoPath Software, which are the two biggest competitors in enabling carriers and ISVs for wireless updates, certainly feel they are doing good work. But executives at both companies admit there’s room for improvement.

Richard Kinder, vice president of Technology at Waltham, Mass.-based Red Bend, says the hodgepodge of standards from the Open Mobile Alliance (OMA) works reasonably well. Those standards include firmware-over-the-air (FOTA), client provisioning (OMA-CP), device management (OMA-DP), and various others for software component management. (Editor’s note: For more about over-the-air standards, see OTA Matures in our Dec. 15, 2007, issue.)

Dieter Bohn: Industry needs to do a better job with OTA.	Richard Kinder: OMA hodgepodge of OTA standards work reasonably well.	Tom London: A range of factors and quirks can have a negative effect on user experience.	Kelly Mulroney: Simple apps work well; we need to work on rich files via OTA.

As this technology becomes more popular, “The solution that needs to go in needs to be telco-grade, bulletproof and needs to sustain millions of transactions per hour,” Kinder says.

SHORTCOMINGS
One drawback today is that updates cannot happen while the phone is being used. That differs from the world of personal computers, where major updates can transpire almost seamlessly, albeit with a necessary reboot.

“Our goal is to remove that update mode and just make the whole operation as seamless as possible,” Kinder says. “When the phone appears to go dead for 15 minutes and you spent a lot of your hard-earned cash on it, it’s a little bit unnerving. It’s an area where the user experience needs to be super-slick,” Kinder acknowledges.

Another challenge that echoes that of the PC is that updates keep getting larger. “We’ve seen our customers’ software load go from 30 MB 2 years ago, to 50-60 MB today, to 150-200 MB later on this year. When you get to that volume of software, you want to be able to manage it on a more granular way,” Kinder adds. The good news is, “We’ve done something like 50 to 60 OTA implementations so we’ve got a good cookbook of best practices,” he says.

Red Bend recently announced the new vDirect Mobile which conducts device management. It previously was just a client feature with programming interfaces for the company’s vCurrent product, for FOTA use, and to a lesser extent for its vRapid product, for component use. Now it’s available independently and is updated with middleware that carriers and ISVs can use for integrating with operating systems, and for provisioning, configuration and device data retrieval. The company also plans to have software versions for more ordinary, non-smartphone handsets later this year.

Similarly, “One of the areas where we’re spending a lot of time ... is combining FOTA with a range of other capabilities in a bidirectional connection with the carrier,” notes Tom London, chief technology officer at InnoPath, in Sunnyvale, Calif.

London says a range of factors from RF connections to user interface quirks to application compatibility can all negatively affect the user experience. So his company will focus on the OMA standards, but may also extend them if necessary.

In the near-term, part of InnoPath’s agenda is to make life easier for customer support agents. InnoPath envisions a future where agents can wirelessly dip into your phone to read maintenance logs and install updates. That’s best done manually by the carrier. “I’m not saying it should be constantly broadcasting its location, its state, my blood type, or what have you,” London emphasizes.

To start, InnoPath has developed a portal for Tier 1 and Tier 2 agents, which also could be configured for user self-service. Announced at the Mobile World Congress in Barcelona earlier this month, it can be used for firmware updates, for configuration and verification, and for locking and wiping devices when they’re re-sold as used or refurbished equipment. The company also developed an enterprise management client that corporate IT departments can load onto Windows Media or Symbian devices. Another new initiative is an InnoPath knowledge base, which it plans to make public.

THE LURKING THREAT
The flip side of more knowledge and more deployments of OTA software could be more security threats. Industry analysts mostly agree with assessments from Red Bend and InnoPath that no emergency is present. The vendors say all updates are encrypted and are often delivered as binaries, which make cracking the code difficult. They also point to the OMA’s Lock-and-Wipe Management Object (LAWMO) 1.0 specification which is expected to be stable this year.

However, there will still be room for mistakes and for ISVs to adhere to various levels of quality. Therefore, security is a valid question, International Data Corporation Analyst Chris Hazelton believes. And it’ll only become more valid as companies like Google and Verizon Wireless push for more open networks.

“The ability to have the phone accept the updates …those are probably hard-coded so that only Nokia or the carrier can push the update. But when you start to have more third-party applications, then you start to have these updates from smaller developers and you may be at greater risk,” Hazelton says.

He said mobile viruses and spyware already exist that can copy contacts and call logs, or even enter a PC when the device owner synchronizes data. If mobile payment becomes popular, that will further illuminate security concerns.

Smartphone Expert’s Bohn said he will watch the developments with caution. “From a business perspective, that’s really cool. But from a user perspective ... easy updates are much further out. I don’t have any kind of feeling that major updates happen over-the-air except in large corporations where the person updating the applications is incredibly savvy,” he says.

He’s on to something. At mobile software distributor Handango, which sells 16,000 applications, about 20% to 30% are delivered over-the-air. But of those, the majority are simple things like ringtones and wallpapers, says Kelly Mulroney, vice president of Consumer Experience.

The OTA process usually works but has its hiccups like any technology. “There are challenges with an SMS potentially not going through, an issue with a license key, or things of that nature,” she says. It may come down to effort. “We need to be prepared for richer files to be delivered OTA. A limitation that we’ll have to consider is the size of the files and how they’re put together. It’s not just, ‘Can you make the pipe fatter,’ … it’s, ‘How long will it take this file to download, how much work do we have to convince a developer to go through?’”