SmartApp Encryption Possible?


(Patrick Stuart [@pstuart]) #1

So, was thinking about the community and recent issues with other using code not in the spirit of the community and got me thinking about potential workarounds to protect code without having to publish the code to ST, wait for approval, etc.

What if ST was to create a simple encryption method inside the IDE and allow the IDE to have a key, and the developer to have a key, but the output would be the encrypted code that could be shared with other community members to test and/or use?

The process would be the same for the developer, just add an option to setup encryption and export encrypted text.

Then when you paste the text into a SmartApp “From Code” it would recognize the source from the header, only show the encrypted text in the IDE but would be decrypted in the background and executed in all normal manner.

ST employees would be able to see the decrypted code for support issues with the developer but would not be able to change the code.

I know its not in the spirit of the GPL, but frankly, in order for this platform to evolve, there needs to be better ways to distribute SmartApps while we wait for a mythical ST App store.

Just my two cents, what are your thoughts? @Ben


(Gary D) #2

Is that a better way to share code, or a better way for people who steal to hide the fact that they’ve done so?


(Geko) #3

I’d rather see resources it would require allocated towards creating an app store. When is it coming, BTW?


(Patrick Stuart [@pstuart]) #4

Code will still be verifiable by ST and simple diffs could catch code stealing. But frankly, if you make your code public, you run the risk of someone stealing it, regardless of licensing.

This would at least allow some protection for commercial 3rd party community development and user implementation without a store.

I agree, a SmartApp store is still the far better way to go, but I want to do something now, not wait for some maybe some day.


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #5

As a developer, I’d prefer all the sourcecode to be open. It doesn’t need to be free, but I want to know what the code is doing for security and tuning reasons.

That doesn’t alleviate the need for a store to distribute much more easily, especially to regular consumers.


(Patrick Stuart [@pstuart]) #6

SmartThings already has a way to keep code closed, through the publish / submission process, only deviceTypes are expected to be open.

This would just be a “fast track” to the community and still afford the same protections as officially published code.

Or it is possible that the published private code isn’t encrypted, but maybe that should be as well?


(Gary D) #7

I guess if people want to close their source… I don’t see that ST has time to verify the legitimacy of these closed things, though. They could get swamped with investigation requests.

Sorry, I realize the need, but the activities of a certain user here (not this thread at least yet) has just left a bad taste in my mouth. I, personally, open my code and license it to STAY open. The idea that someone might take my code that I gave freely, steal it, and profit from it annoys me. The idea in this thread, while a good idea, just seems like it would make it easier for that type of thing to take place.

It seems there should be a better way that facilitates both legit closed, and enforcing open, without asking ST to become police (wo)men.


(Patrick Stuart [@pstuart]) #8

However, the fact remains that almost all the native API calls, native SmartApps available in the apps are all CLOSED source.

Only the community is open source. Why not at least allow those in the community the choice to encypt or leave open?

Where is the outcry to ST to open the source of all the SmartApps in the Mobile App? Give developers access to Core API commands, etc.

The community is open, and allowing this as an option doesn’t change anything. If you don’t trust it, don’t install it. The developers in the community have already built enough credibility (some more than others) to determine trust.

This method of optional encryption of the text that makes up a smartapp would allow 3rd parties to better integrate their solutions as well.

Do you really think that when the Samsung SmartTv SmartApp is released in the App, that we will have access to all that code and internal API calls? Doubt it. Why shouldn’t we in the community have the same right to choose to protect our code, with or without some mythical App store.


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #9

The ideal world is all Open Source.

There are, of course, a significant number of idealists that believe a competitor to SmartThings could arise with an entirely Open Sourced platform.

Quite a few of SmartThings’s own SmartApps are actually Open Source and they may even put that on GitHub. But, unfortunately, you’re right, most of the platform is closed and proprietary.

Realistically, for the mass market, most developers will not be able to be profitable if their source is open, since a lot of SmartApps or Device Types could be replicated either for personal use or non-obvious copying of concepts.

So the SmartApps store will be closed source.

I agree with earlier comments that it is highly unlikely SmartThings will offer an interim option.


(Alex) #10

Considering how ST evolved so far, I don’t think this workaround will ever be implemented.

The mythical app store is no where in sight. Considering how easy it it to write malicious or apps that would bring down the cloud, the mythical app store will never approve apps without rigorous review, which takes a lot of resources. Then, you open doors for support hell when Smart Apps interfere with each other. Also, consider monetization nightmares with payments, refunds, warranty and support.

Given the above how soon do you think we will see the app store?

So far ST published how many apps? Four?

How viable, do you think, is ST platform as profitable platform for developers?

At this point in time, I think 3rd party developers produced more solutions than ST. This is all for love. Love > money.


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #11

There’s a recent “Economics” Topic on the Forum which discusses various potential profit models (and expenses, etc.) for SmartThings.

But Ignoring Economic Realities or Theories…

I believe that SmartThings considers third-party development as a substantial and essential portion of their business strategy. SmartThings is a “Platform”, not just a “consumer product”.

The hiring of high profile Googler, Dora Tsu, as the head of the Development Platform Division (or whatever it’s called), is evidence of that commitment.

Whether or not the success of “Development Platform” requires a solid “SmartApp Store” that is typical to those on mobile device platforms, I can’t say. There are many other ways they could promote and support the platform aspect (partnerships, royalties for SmartApps, contracted development, etc., etc.,). I.e., think “outside-the-store” concept: Just possibly, just maybe, “the SmartApp Store” initiative will be abandoned).

Over the past few months and ongoing, however, SmartThings obviously has dozens of high priority projects to juggle, and we have pretty limited visibility into the real internal priorities and road map. My only guess is, since we have been told they are hiring massively: They plan and expect, after the unavoidable ramp-up and organization time and effort, to be able to deliver improvements and features very quickly via massive parallel projects.

The platform and Community Developers are just going to exist in purgatory :fire: for an indeterminate amount of time, and we could be surprised by a sudden leap in quality and features. The absorption time and growth logistics after a major acquisition must not be underestimated.

It is unrealistic to expect ST to have evolved already to the stage of huge companies like Apple or Ford, who can promise new products and features on a rather predictable basis along with delivery dates that essentially never slip.


(Alex) #12

What makes you think that? Can you point to particular examples other than the fact that documentation is updated again? I must be missing something…

If all community developed solutions were stripped away, SmartThings would be a pretty bare bone product.

What do developers get for their efforts? Badges?


(Patrick Stuart [@pstuart]) #13

This malicious app argument is a falsehood. Same possibly exists today. Plus St would have the keys so they would see the code…

Nothing stopping someone from uploading malicious open source code to the ide today.

Personally, I want the app store, I want the app submission process to be better, but this would be dreams.

What I proposed here is doable easy and quickly.


(Alex) #14

Yeah, unless it’s massively distributed as closed source via the store.

There are many other doable, easy things that are not done.


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #15

http://www.slashgear.com/samsung-hires-ex-googler-to-make-smartthings-smarter-03367245/

SmartThings is a company that takes everyday things and makes them… well… smart. Samsung acquired this company this past August and since then, they’ve been growing rather quickly. This week the folks at SmartThings - owned by Samsung - have announced that they’ve hired ex-Google woman Dora Hsu. With Samsung’s SmartThings, [Hsu will be working as Chief Platform Officer, working on the developer platform product and engineering team, developer relations and evangelism, and certification programs, leading the lot, taking charge, and all that good stuff.] 1

“Dora’s expertise in driving platform growth,” continued Hawkinson, “will be critical as we look to expand the community and the tools needed to build leading products and services.”