Why servicing UWP IoT apps via the store is such a Big Deal

3 minute read

In the past I have been dealing with IoT equipment made by a manufacturer that shall remain nameless here, but their solution was - like a lot of IoT solutions are today - based on Linux. Now granted, they had a quite nifty data exchange option via LoRa meshing. But updating both firmware and apps was a nightmare. You were constrained to your own network, so pushing out updates was your own responsibility, you had to do that per (sub) network, one by one, app by app.

Now this was (semi) professional sensing equipment, not intented for use by Joe and Jane Sixpack. The stuff that actually can be purchased by Joe and Jane is even in more dire straits. See for instance this horror story about smart locks. Or actually, dumb locks, as it turns out

Now first of all, a lot of these manufacturers are at fault for delivering essentially insufficient safe equipment. What's even worse is that they refuse to fix it. But in the long run, they are actually right about updating the lock software. It has very little sense, as most of the users won't update the lock (or whatever smart device they may have purchased anyway), either because they don't know how to do it, or because they rather watch the Olympics or some other sports event du jour in stead of reading obscure websites about security to keep up to date on the status of their smart lock, light bulb or whatever other gadget they bought (or got from a well intending friend or relative).

The only solution to this, of course, is that both the lock software itself and the firmware could be serviced remotely, without requiring the user to do something. This would of course require some kind of secure communication protocol, centrally guarded... kind of like how a computer or a phone and it's apps are updated. And wouldn't you know it, that is exactly what Microsoft are doing. Rather too quietly in my humble opinion. Maybe because it’s still in preview. But this is a big deal, and I think it deserves a lot more fanfare.

Windows 10 IoT Core can already update itself, so whenever Microsoft adds new features or improves overall security and stability, the base software can be updated without affecting what is running on top of it. Now by making the apps running on it servicable as well, Microsoft are providing the ultimate solution for making IoT devices servicable remotely and securely, without the user having to do anything.

Drawbacks? What if your lock is just about rebooting when you want to go out (or in)? And then there's the age old "quis custodiet ipsos custodes" - who guards the guards? You (and manufacturers) will have to decide whether or not they want to trust Microsoft - a company that has decades of security expertise, a enormous cloud infrastructure, and basically runs on selling trust - or just hope some random hardware dude does a better job and do it right the first time, because they cannot update their stuff once they have sold it.

I think the time is ripe for Smart IoT, and I applaud Microsoft for making this move. I once dreamed about it in a closed conversation with some Microsofties, and now it's coming true. Not doubt my dreaming has nothing to do with it, but the fact that it does come true indeed, is not the less awesome

The second blog post in a row without any code attached to it. My apologies, I will return to code next time ;)