Step 2: Put your AIR App in that Box

Posted on by

Ever since the NPD survey about online office applications came out I’ve been thinking about the distribution model of AIR applications. One of the things that Chris Swenson, NPD’s director of Software Industry Analysis said was this:

“There are still a lot of consumers that discover their software products by browsing store shelves, or getting a recommendation from a store clerk,” Swenson said. “Between 10 percent to 30 percent of consumers that buy software discover new software products this way. If you’re not going to advertise, it might pay to figure out a way to get your consumer SAAS product into the retail channel.”

Adobe AIR BoxIn my limited experience I don’t think that’s unreasonable so if you want to sell your AIR application why not sell it via retail outlets like any other piece of software? As far as piracy/activation goes you could program something to call back to the server before the application could be use. We’re also going to allow you to distribute the AIR runtime with your application so you could put both the runtime and your application on a CD/DVD and sell it that way.

I haven’t actually heard of many people who are planning to directly monetize/sell their AIR applications, so maybe that’s a bigger issue, but to me, this is the kind of thing AIR opens up. You’re creating real desktop applications so why not sell those alongside other real desktop applications?

[tags]Adobe AIR, Software[/tags]

Related posts:

  1. Steer the Rich Desktop Application Conversation Away from "Offline"
  2. Flex Marketing – One Step Forward, Two Steps Back
  3. ColdFusion and Microsoft Exchange – One Step Away from a Flex Outlook?
  4. Props to Macromedia
  5. Enabling Innovation with a Platform
  • http://www.simplifiedchaos.com TOdd

    Does Adobe have any APIs that developers of Flash/Flex libraries can leverage to protect their IP and make selling components a viable business like with what exists in .NET?

    It seems that this is one area that’s been lacking and why there aren’t very many third party components available.

    (Sorry to be a bit off topic, but licensing of AIR apps reminded me of this.)

    Maybe there’s some third-party solution available?

  • http://www.simplifiedchaos.com Todd

    Also, since this is talking about selling packaged software. Has anymore thought been put into making native installations for AIR apps? I know the AIR FAQ has alluded to this, but I haven’t really read anythign about it.

    I’d like to see my customers dragging DMG files in OSX, or clicking on a .MSI for installing into Windows. Maybe even avoid the code signing for this type of install.

    Do you have any insight on this? Or, is this going to be something that the community figures out on our own with hacking apart AIR install directories, our AIR files, etc…

    Thanks.

  • Danilo Celic

    My first thought as I read this was the same as Todd’s. Without a robust way to protect content within the .air file, then I feel that the number of commercial applications will be limited. The company that I work for has rejected using AIR for anything commercial specifically because of this limitation.

    I have seen that O2Apps.com has what they call an eCommerce framework, but haven’t heard about anyone using it for something commercial, and I’m not sure about how protective it is (I should research it more to find out more). In addition, it appears to be Flex based, which seems leaves HTML/JavaScript apps right back at the unprotective mode. Even if this were to work well, my company would likely not use this system as it is run through a third party and we’d want to run things through our own servers.

  • http://www.davidflatley.com Dave

    Man does topic this open up a can of worms! Air is too new and not practical yet to use as platform for a commercial product and have it basically secure.

    A C++ dev friend and I sat and thought it out one day. You’d definitely have to build a framework to render the Air app useless without an OK from the server. C++ in the Flash player is a huge jump in the right direction. You’d have to store your logic on the server or encrypt it on the client, swfs are way too easy to crack.

    Maybe encrypt the logic on the machine and always have Air call the server to run, which slows things down and ties it to the server, hence defeating the beauty of Air :] Could set it up to check with the server periodically to get an OK for the user’s license, but still keep the logic encrypted on the client, that might be a better approach.

    I can’t speak for 02Apps, as I haven’t looked into it deeply enough. No idea how they’re working it, but it is very interesting. I’ll have to read more about it.

    Adobe would do well to address this issue and provide a path, framework, something for Air developers. Otherwise, I don’t see a reasonable method of selling Air apps and having them anywhere near secure.

    A little tip if anyone’s thinking about selling software: Retail stinks, the packaging costs, cd burning and the resellers would leave you basically nothing. Publishers like to take your idea, make most of the money off it and slap you around. ESD is the way to go ;) sell online, much less overhead.

    my 2 cents

  • http://blog.digitalbackcountry.com Ryan Stewart

    Hey guys, thanks for the thoughts. This isn’t official Adobe speak here, just me kind of of thinking out loud. On the security side, AIR 1.0 is definitely not going to fit the needs of someone who really wants to lock down their app. You might be able to do it, but it wasn’t in the scope for this release. So if you go the selling route it’s going to be more of a “if they want to break in they can” so you’re just targeting the people who are willing to pay (IMO).

    As for the installers as I understand it we’re going to let you create your own custom installers that bundle the runtime with your application so you could create a DMG or MSI file with AIR and your app together. I don’t believe we’re going to provide that but it’s an option.

  • http://blog.kevinhoyt.org Kevin Hoyt

    I am by no means an expert on this topic, but I half wonder if the old “secure my intellectual property (IP)” mantra still holds as true today as it did a decade ago (and more)?

    Open source is obviously alive and well (i.e. here’s my IP for you to read), yet there are numerous companies that make money in that space. I think the business models for these types of companies are still very new and untested, but look at IBM, Red Hat (including JBoss), Novell, Ext JS and many others. Even Adobe has begun to embrace variations on these models with products like Flex 3 and BlazeDS, and projects like Tamarin (all are already open source or will be soon).

    When the source of your project is open, even better yet, when it is also standards-based, does IP matter as much? When todays software is becoming increasingly SOA-driven, a lot of that IP may not even be core to the primary software vendor at all. How does that change the business model, and what is the impact on IP?

    Like I said, I’m no expert, and I’m not trying to start a flame-war, but I think the time is approaching when much like the music industry, the software industry will need to change its core business models. It’s an interesting time to be asking these types of questions. It’s a great conversation to have.

    Taking this one step forward then, what do companies compete on in these new models? I’d suggest that they compete on user experience, which coincidentally brings us full circle back to AIR.

    Two cents,
    Kevin

  • Danilo Celic

    Kevin,

    You can answer your first question (does securing IP still stand) by simply asking the company that you work for (Adobe, right?) if they still secure their IP.

    While I agree that many aspects of the software industry are going open, many aren’t, even those that build on top of open source and open standards. Dreamweaver builds on top of HTML, JavaScript and CSS, but its IP is still protected. PDF is an open standard, yet Acrobat is protected, similar story with Flex and Flex Builder.

    I don’t pretend to be an expert in this whole IP and open source/standards world either, just trying to work my way through the various issues, those imposed externally by the technology that is used and interacted with, as well as those imposed internally at my company.

    So to play devil’s advocate here on your last question Kevin, how would you you compete on user experience when someone can copy and paste your “experience”?

  • http://www.richardolsson.se Richard Olsson

    Just wanted to drop a note that I am currently working on an AIR application which will be released early this year (happy new years, btw!)

    It’s actually a kids game developed on top of AIR for flash authoring, and it will be boxed and sold at events and possibly stores. It had to be cross-platform and the budget was low, so I suggested AIR back when it had still just recently hit beta2. I’m so happy that the employer (I’m freelance) decided to give their go on this.

    Drop me a note, through link on my website, if you feel like discussing it in any way!

  • Cory

    I’m not seeing how AIR could be used for anything “serious”. No source protection??? This is a huge killer for any hopes that Adobe has of AIR making it into the commercial software market.

    Right now I could deploy an AIR app on a network to hundreds of users and have someone change the javascript to be malicious. Not very smart on Adobe’s part. At the very least some type of obfuscation is required!

  • http://www.richardolsson.se Richard Olsson

    @Cory:
    I do acknowledge not having source protection (of HTML/JS-based AIR applications at least) as a problem. But why would anyone deploy an application in such a way? Network installs, sure, but why give users writing permissions to the master application files?

    As I said, having the source files out in the open is not the best way to do it, in my opinion, but still it won’t pose that big a threat if you (developer/admin) don’t let it.

  • http://www.simplfiedchaos.com Todd

    @Cory: I think the whole html/javascript thing is a simple bridge to allow web developers to take some existing code and quickly hack-together an application for offline use.

    I’d except any serious application development effort to be done with Flex — which does get compiled down to SWFs.

    Also, if your users are hacking the javascript to make the application malicious, couldn’t they just write and run malicious javascript outside the AIR runtime? I guess you’re trying to make a point on obfuscation, but really, in the html/javascript world does anyone do this? You’re argument could be made for all the web applications out there written in HTML that paths to server names encoded, service names, paramter values, etc…

    If the user hacks their own JavaScript and messes up their machine, that’s there fault. The services your AIR app connects to should be secured.

    I don’t really see this as a security argument, maybe as a protect your IP argument…