Who says Android is the most insecure mobile OS around? Not the  National Security Agency, which is conducting a pilot of 100 Motorola smartphones running the Android OS that it says are already good enough for its employees to make top-secret and classified phone calls from the field.

"There are vulnerabilities in every OS," said Margaret Salter, a technical director in the NSA's Information Assurance Directorate (IAD), during a talk Wednesday morning at the RSA Conference in San Francisco. "The beauty of our strategy is that we looked at all of the components, and then took stuff out of the (Android) OS we didn't need. This makes the attack surface very small."

Other U.S. government agencies such as the Bureau of Alcohol, Tobacco, Firearms and Explosives and the National Oceanic and Atmospheric Administration (NOAA) are dumping Blackberries for iPhones.

For the NSA, the open-source nature of Android tipped the balance in its favor.

"It's not because iOS was lousy, no. It's because of certain controls we needed. We were able to make some modifications to Android. Android had that freedom," she said.

Does that mean the NSA is wedded to the Google OS? "It's not our intention to use only Android."

Since the NSA's founding in 1952, the IDA had been the sole creator of proprietary equipment used by U.S. Government agents for secure communications. The disadvantage of this approach was that it was more expensive, "took us years to approve a device," said Salter, and also resulted in gear that "though incredibly secure, was not incredibly easy to use."

The Android smartphone pilot, nicknamed Project Fishbowl, is part of the IAD's move away from GOTS (Government-Off-The-Shelf) technology towards best-of-breed COTS (Commercial-Off-The-Shelf) gear that the IAD will customize and integrate.

Salter didn't disclose which Motorola model the NSA is testing. But it is likely to be one of Motorola's Business Ready Smartphones, most of which come securable with Sybase's Afaria. The NSA's aim is to make its secure mobile phones as easy to use as regular consumer smartphones, and the overall architecture easy to upgrade.

"If some part of the architecture is not working the way we want, we have to be able to switch it out and plop a new box," she said.

(The slide above is from Salter's presentation. You can download the entire deck here.)

But the IAD's attempts "to go shopping" for such technology were severely hampered by a lack of interoperability with encryption and other security technologies.  "We wanted everything to be plug and play. And. That. Was. Hard," Salter said.

That forced the NSA in some instances, when choosing software, to sacrifice performance in favor of broader support.  She urged vendors interested in supplying the NSA to visit www.nsa.gov/ia/programs, where they can view the NSA's requirements. "We need a partnership with industry," she said.

To cloak the voice calls, the NSA uses two independent layers of encryption, one at the VoIP layer, and the other at the VPN layer. The NSA "put a big X through an SSL VPN  client" because, according to Salter, "there is no such thing as an SSL  interoperable VPN standard."

Moreover, all voice calls using the Android phones are routed through  the NSA's servers. That helps secure the calls so that the phones can be used  with any carrier.  The final layers of security include a pair of authentication certificates  residing on the handsets, as well as requiring users to log-in with a  password before they can use the SIP (Session Initiation Protocol) server. This gives the NSA "good assurance to know who are the users," she said.  Doubly encrypting the calls plus the extra routing did make it initially hard to maintain good voice quality, said Salter. But as of today, there "is only a little bit of delay" in the calls. "You'd only notice it if you were in the same room as the caller and could see his lips moving. But I hope you're not using our phone in that context."

Using the phones overseas does add "some risk, but we also believe  that we've spent a lot of effort to completely minimize this risk,"  Salter said, without going into details. "We actually have more trouble  getting the phones to run in certain countries."

With the NSA satisfied with Fishbowl's handling of voice calls, Salter is already looking forward to testing the use of the phones to send and receive data and also do other forms of Unified Communications. Plans are to keep most data on the server.

To harden the handsets, the NSA had "to make changes to the key store" as well as "make a police app that keeps an eye on everything," Salter said.  Other than that, the NSA hasn't built any apps yet, said Salter.

The Department of Defense's IT branch, the Defense Information Systems Agency (DISA), may both emulate the NSA pilot and build apps that the NSA could leverage, she said. If so, those apps would be deployed through an internal Enterprise App Store.

Superficially, SAP Afaria in 2011 had the same problem as Microsoft Office in 2006. But our approaches to solve this dilemma differ. And so, I argue, will their resulting effectiveness.

Like Office, Afaria has been the long-time leader in its market - mobile device management software. According to IDC Corp., Afaria has led the MDM market for 10 straight years, with about 20% market share and 1,000 corporate customers.

Like Office, the 16-year-old Afaria was originally built for a prior era. In Office's case, it was an era in which 14-inch monitors reigned, and the Internet didn't exist. In Afaria's case, it was an era in which mobile devices were primarily laptops and PDAs.

As a result, like Office, Afaria has a wealth of powerful features and supported device types. In Afaria's case, this includes not only iOS and Android, but also the many Windows Mobile devices used by field service workers, Windows laptops, tablet PCs and servers, Nokia Symbian phones, even Windows Point-of-Sale (POS) cash registers.

This is where I think things diverge. Microsoft's solution was to build a new UI for Office 2007 called 'The Ribbon'. The Ribbon is a chunky strip at the top of the screen that is intended to better organize and expose Office's deep reservoir of features (reported to be in the many, many thousands).

Intended to ride on ever-growing size of monitor screens, the Ribbon was supposed to simultaneously simplify Office 2007 while exposing even more of its features, in order to convince price-sensitive consumers and small businesses to keep buying Office when slick, free alternatives like Google Docs abound.

It's a schizophrenic pair of goals, and it was no wonder that the Ribbon has created a backlash from users who report more mouse clicks and more wasted productivity.

http://en.wikipedia.org/wiki/Ribbon_%28computing%29Also, the rise of tablets with their small screen sizes has forced Microsoft to backtrack and shrink the Ribbon again.

Afaria 7.0: Unabashedly about Productivity

Sybase wasn't in the same dilemma as Microsoft. We don't have to justify ourselves against free competitors by showing off all our features.  Also, we weren't blindsided by the rise of mobile like Redmond.

We knew that IT administrators were spending much more of their time using Afaria on the go with their iPads.  So with the Afaria 7.0 we just officially released at Mobile World Congress today, our goal was unabashedly to cut down on the clicks, simplify the UI so as to make it easier and faster for IT administrators to use.

I was given a demo of Afaria 7.0 by Sybase product manager Mark Jordan. It is definitely modernized and time-saving. While all of Afaria's features remain, its workflows have been rebuilt to make more sense for today's devices.

Browser support has been expanded to Google Chrome, Mozilla Firefox and Apple Safari from Internet Explorer only. And the touchscreen-enabled tablet version of the Afaria app has been enhanced so that Afaria administrators can do much much more from their iPad.

"With the latest release, SAP has completely revamped and streamlined Afaria's administrative console, speeding up and simplifying mobility management for end users, IT managers and managed mobility providers," said IDC analyst Stacy Crook. "These enhancements have the opportunity to significantly benefit customers as the number of mobile devices surpasses PCs in the enterprise and IT requires more simplified, cost-effective mobility management."

There still are powerful improvements in Afaria 7.0. Integration with SAP BusinessObjects is one, allowing you to bring a market-leading BI tool to analyze your employees' mobile usage, even from your iPad.  Telecom expense management (TEM) features are another. There's also a new Web services application programming interface (API) that lets customers and partners better integrate Afaria 7.0 with their other software.

If you want to see this new UI in action or have questions, sign up for this March 21 (8 am PT/11 am ET) webinar hosted by SAP EcoHub. Russell Fry, a senior director at SAP's Mobility Center of Excellence, will demo Afaria 7.0.

The Cold War ain't over.  

The U.S. Air Force Special Operations Command has cancelled a planned deployment of nearly 3,000 iPad2 tablets after a magazine raised questions about its planned use of a  popular Russian PDF reader software.

That appears to put at risk another  broader deployment of up to 18,000 iPads by the Air Force that would've  relied on the same software. 

Widely considered the best mobile PDF reader around, GoodReader - not  to be confused with the mobile device management  software made by Good  Technology - is popular with consumers as well as businesses, schools   and others doing large-scale iPad deployments.

This includes airlines   such as Alaska Airlines and  Delta Airlines that plan to use  GoodReader+iPad as "electronic flight  bags" to replace bulky,  non-searchable paper charts and manuals.  GoodReader has one feature widely desired by those with security  needs: the ability to read files that are protected by encryption. It's  one reason why the Pentagon is using GoodReader for its iPad test deployments. 

The hangup, of course, is that GoodReader is made by a Moscow-based  firm, Good.iware and its Russian chief developer, Yuri Selukoff. 

Past and present military officials interviewed by NextGov "question why AFSOC, which operates a fleet of specialized gunships and  surveillance aircraft, would allow its pilots to rely on software  developed in Russia. They also questioned the command's vetting process  for Good.iWare, which one active-duty official pointed out has a website  that lacks basic contact information." 

"I would not use encryption software developed in Russia ," said  Michael McCarthy, director of the U.S. Army's smartphone project,  Connecting Soldiers to Digital Applications. "I don't want to put users  at risk." McCarthy said he was concerned about the integrity of the  supply chain with GoodReader. 

"Ha, someone's still living in 1970, aren't they?" GoodReader's  Selukoff replied to an  e-mail from NextGov when asked about security  concerns.  When asked potential for malicious code in GoodReader,   Selukoff replied, "What is this offensive and insulting assumption based   on? Are there any actual facts or complaints that such thing has ever   happened?" 

"I am not affiliated with any government institution,  neither  Russian, nor any other," he added. "GoodReader doesn't have any   malicious code built into it. Having said that, I am open to any   security/penetration tests that anyone would be willing to perform on   the app." 

Don't touch my Source Code, Bro 

While there's no word yet, I have to believe that the separate Air  Force iPad deployment, which would've used GoodReader as a document  reader for cargo plane pilots for up to 18,000 iPads, is also in big danger of outright cancellation, too. 

Here's what I think: I actually agree that GoodReader, as it would've  been deployed, would've  created a potential security risk. But I think  that is true of every mobile app that the Air Force would've deployed.  Supply chains are global. Development is outsourced or done by a  rotating cast of young guns. Popular Web stores are attacked or probed  hundreds of times a day by hackers. The net net is that an app can be  compromised any of a hundred ways these days. 

But I don't think the Air Force needs to do as retired Air Force  brigadier general Bernie Skoch suggested to NextGov, which is to scan  every line of  source code of every mission-critical app to make sure  there is nothing malicious. That's laborious, especially if you want to  scan every update. 

So what are the solutions? Well, if this is mainly a  political/appearance issue, then the Air Force could go with one of the  many excellent non-Russian-made choices such as PDFexpert or PDF Reader Pro

If it wants to stick with an encryption-capable reader, choose instead Adobe Reader, which was released for iOS last fall. Adobe Reader not only supports 256-bit AES encryption but, unlike the $4.99 GoodReader, is free.

  And if the Air Force is really serious about security, it could also  install strong anti-malware software and Mobile Device Management (MDM)  software like Afaria on its iPads.

The latest MDM software can remotely  lock and wipe lost tablets, encrypt data in motion and at rest, force  the use and renewal of strong passwords, oversee software updates and  patches, and other features. These would all create an extra layer of  protection at a deep, hooked-into-the-iOS level. 

Bottom line: Let's not throw the baby out  with the bath water. There  are many better steps that the Air Force can explore rather than bowing  to paranoia and political pressure and squashing these iPad deployments  altogether.

The enterprise mobility market is young and growing fast. The upside? An excitingly huge selection of mobile device management software, mobile enterprise app platforms and enterprise apps. The downside? Many won't be around in 5 years.

I was reminded of this while attending the AppNation conference in San Francisco last month. In one room was a small exhibition space for vendors. Nearly every one of them had a cool-sounding-albeit-totally-made-up word for a company name, and an even cooler-sounding pitch for why their software was faster, cheaper, more feature-rich, or more transformative than the next guy's.

Does that remind you of anything? For me, I felt like I had suddenly traveled back in time to the dot-com era, with its startups sporting silly names and no-hope products.

It was an uncomfortable feeling. And I'm not even an IT manager or CIO who actually has to vet these hundreds, nay, thousands of vendors to figure out what to buy and from whom.  Sure, if your company is just starting to get serious about mobility, that MDM software with the low license fee must be awfully tempting.

Ditto for the visual developer platform that promises Apps Will Practically Write Themselves.

Or the mobile BI app that promises your employees will compete to become the Mayor of Spreadsheetville.

I'm sure these products, in isolation and under ideal conditions, can do its job well. A greenfield deployment at a young, rising company with money to burn would be a good example.  But such enterprises represent 1% of the market at most.

For the other 99%, they have legacy gear that may not be cutting-edge anymore but still works fine. They have established processes they don't want to overhaul. They have finite budgets, IT manpower and time that they can devote to buying, integrating and deploying new technology.

What's my point? It is, simply, that many freemium or point solutions can sound great in theory. But when deadlines loom, when startups go out of business, when resources are constrained, when processes need to be re-created or re-engineered, the cost and risk of such solutions often greatly outweigh their potential benefits. And that could create holes in your mobile infrastructure that sink your enterprise.

A Lifeline

Sometimes the better choice is choosing an integrated platform that gets you 90% of the way there while preventing 90% of the potential pain, cost and time before they arise.  This integrated mobile platform should not be constricting.

We are no longer in the command-and-control era of IT, after all. IT needs to be just as Agile as their developer brothers and sisters.  Rather, this integrated platform needs to offer the choices that your employees and users want. That would include choice in mobile platforms (iOS, Android, RIM, Windows Mobile, and more) and choice in the type of app (native, Web, and hybrid).

How is an integrated platform different than the closed stack that some vendors push? For one, you should be able to choose whatever mobile devices you want. You should also be able to use whatever back-end server hardware you want. Finally, you should be able to pull from whatever data sources you need, using industry standard protocols.

Good CIOs think strategically, not tactically. They plan for the 5-year-cycle as well as the one-year cycle. They realize that penny-pinching or chasing trendy features can result in higher costs later when needs change (and they always do).  So an integrated platform may have a higher initial cost, but it should be able to scale and grow with you, rather than requiring constant expensive upgrades or migrations. And it should save you time and money over the long haul.

Do SAP and Sybase have a stake in this argument? Admittedly, we do. Together, we are striving to build just such an integrated mobile platform. We are knitting our Afaria MDM software together with the Sybase Unwired Platform for developers along with the Charting SAP's mobile apps and SAP's partners are building.

The benefits of integrated platforms, we believe, will be huge for most enterprises. Apps and services become much easier to roll out. Risks of failed or delayed deployments also drop. Chances that your vendors will halt innovation due to bankruptcy or acquisition also fall dramatically.

The SAP mobile platform isn't for every enterprise. If your company restricts employees to one device type, for instance. Or if your CIO has no plans to evolve beyond letting employees check their e-mail and contacts on their smartphones or tablets.  But over time, such enterprises will represent 1% of the market at most. For the other 99%, an integrated platform may be the better choice.

------------

Last-minute notification: on Wednesday Feb 22nd, SAP is hosting a  webcast with Kate Delimitros, a principal in SAP's Value Engineering  team and an expert in retail and mobile. Value Engineering takes a  numbers and TCO based approach to helping you decide what parts of  mobile may work for your enterprise. Sign up for the webcast here. Or listen to the recording and download the slides at the same location.

A startup guy, Chris Dixon, recently wrote this Aspergers-tinged tweet: "The worst app on my iPhone is this thing called "Phone" where you have to speak synchronously with other humans."

The original poster child for Aspergers, Mr. Spock, would've replied "Fascinating."

My reply is less ambiguous: "Abso-freaking-lutely 100% true."

I use my iPhone incessantly for everything except talking on it. In the last 3 months, I only spent an average of 5 minutes per day actually speaking on my iPhone. Meanwhile, I sent and received many hundreds of e-mails, instant messages and SMS text messages.

This is one thing, by the way, that futurists have constantly gotten wrong. Just because the telephone was invented after the pen doesn't mean that we want enhanced ways to talk to each other, i.e. the videophone. Turns out that given the choice, we prefer faster and more convenient ways to write to each other. Think of how our sci-fi shows would be different if they knew what we know now.

"B-E-A-M-[SPACE] M-E-[SPACE]-U-P, S-C-O-T-T-Y."

My 8-year-old son wants to buy an iPod touch for himself with his Chinese New Year money. And I'm thinking of getting my wife an iPod touch as an adjunct to her Verizon cellphone, rather than switching her to an iPhone.

Like me, she is app-crazy-but-talk-little. Sure, she would have to carry one extra device, but the savings are huge (about $1,200 over two years), as she is on the $30/month Nationwide 65 plan for seniors (note: you too can get this plan if you threaten convincingly to leave for a pay-as-you-go carrier).

Anyone on any sort of budget should weigh the same choice and strongly consider an iPod touch over an iPhone. About 90 million iPod touch owners - almost double the 55 million iPad owners - would agree.

(My estimate, by the way, is based on an Apple filing revealed last April, and   adding up shipments in Apple's subsequent quarterly filings, including 15.4 million iPod touches sold in its most recent quarter. Here's how they compare with the iPhone, of which about 182.5 million have sold.  See the chart below.)

Indeed, most people could save 55% ($1,000 versus $2,200 over two years) by getting the combination of an iPod touch + cellphone instead of an iPhone. If they skip the cellphone entirely, they would save about 91%.

And they wouldn't miss out on much. Want to text? Try WhatsApp. Want to talk? Try Fring, Talkatone, Line2, or Skype.

Granted, there are disadvantages. The lack of 3G connectivity means that the iPod touch is no anytime, anywhere device. That's Apple's first big favor to the wireless carriers, and it'll never change. The second way Apple favors the iPhone is by keeping the iPod touch one upgrade behind the iPhone. So the current iPod Touch 4th generation uses the single-core A4 processor that the prior-generation iPhone 4 does.

When should companies choose iPod over iPhone?

The prospect of saving 90% has many companies and universities making the thriftier choice.  The University of Virginia, Fairfax County Public Schools, Abilene Christian University, Boise State University, Bowdoin University, and the Pentagon are among the institutions that are using iPod touches.

The most impressive deployments I've heard of include Kearns High School in Utah, where all 1,600 students are using them, and Sears, which is deploying 11,000 iPod Touches (along with 5,000 iPads) to department store salespeople to help them look up inventory and customer orders.

So in what scenarios does an iPod touch make more sense than an iPhone for your company?

Here are three:

1) If your company is extremely cost-conscious. As I said before, choosing an iPod touch over an iPhone results in 91% savings over two years. And what company isn't cost-conscious these days?

2) For workers that are relatively immobile. Obviously, field service workers and salespeople need anytime, anywhere access to data and apps. But for companies that want to grant mainstream knowledge and office workers access to the sales analytics, HR and workflow apps, wi-fi access could suffice. Companies or schools that have built strong wi-fi connectivity on their campuses would be great candidates.

3) For companies that have flexible employee expense reporting. Low-cost or free wi-fi access continues to grow - think of Starbucks, with its thousands and thousands of locations, or the Google-sponsored access at many airports. But when employees are in dire need of checking their e-mail, they should be allowed to sign up for an ad hoc pass with Boingo with no fear that they'll be hassled by someone in accounting over it.

For companies that want to track or cap employee spending on Wi-Fi passes, they can use Mobile Device Management (MDM) software like Sybase's own Afaria to do this Telecom Expense Management.

I had thought about listing no. 4 as "For companies that worry about shocking data roaming bills." Because turning off cellular data will guarantee that there won't be any surprises.

On the other hand, a heavyhanded tactic like that will also guarantee that some high-level exec will angrily call your IT manager at 3 am because he or she can't check their e-mail or voice messages while overseas. Rather, companies that want to stick with iPhones should plan on using MDM or TEM software to track/cap data roaming costs.  

 

Big Blue has 30,000 employees sporting iPhones, 10,000 toting iPads, and another 10,000 workers carrying MacBooks, according to a presentation last week at Macworld iWorld.  That's 50,000 Mac and iOS devices total.

Now, as many of you know, I maintain a list of the iPad enterprise deployments, along with a separate list of the 50 largest iPad rollouts. Based on what I've seen, IBM may be the largest Apple deployment out there, and the second-largest iOS mobile device deployment.

Here is how I would rank it - anyone heard of other deployments that would break into this list?

1) Lowe's is arming 42,000 salespeople with iPhones;

2) IBM;

3) Korea Telecom gave away iPads to all 32,000 employees http://www.zdnet.com/blog/sybase/sap-cios-ambitious-mobile-plans-for-2012/2281?tag=mantle_skin;content

4) SAP - 14,000 iPads and 6,500 iPhones = 20,500 total. What's impressive about SAP's deployment is that it involves almost 40% of all employees (it has 53,000). IBM has 450,000 employees, so its iOS deployment just makes up 9% of workers. http://www.zdnet.com/blog/sybase/why-this-well-known-biotech-firm-deploys-17000-ipads-and-iphones/2312?tag=mantle_skin;content

5) Genentech -  7,000 iPads and 10,000 iPhones = 17,000 total

6) Sears - 5,000 iPads and 11,000 iPod Touches = 16,000 total

7) United Airlines is aiming for the paperless cockpit with 11,000 iPads for pilots

(To learn about companies that are not only deploying mobile devices but taking advantage of them with enterprise apps, check out the videos at SAP.com. Watch Vodafone, Siemens, Verizon, Tommy Hilfiger, Charite Berlin hospital, Novo Nordisk, Computer Sciences Corp., Boston Scientific and 15 other large companies.)

IBM still has 30,000 employees using BlackBerry smartphones, according to mobility evangelist Chris Pepin, but that number is falling. It has another 20,000 employees using smartphones running Android, Symbian, Windows Mobile, and other platforms.

Other factoids from Pepin's presentation, which is available on SlideShare here:

- IBM supports so many platforms for two main reasons: 1) to help its many services consultants harmonize with its enterprise customers by using the same gear; 2) as a recruiting  tool for younger workers. "If a company required you to use a ThinkPad  laptop and a BlackBerry  phone, would you want to join? I know I would  not," Pepin said.

- most of the smartphones and tablets used inside IBM are owned by employees. That supports Strategy Analytics' recent report that the vast majority of tablets inside companies today are Bring Your Own Device (BYOD).

- altogether, 100,000 IBM employees can do corporate e-mail, contacts and calendars from mobile devices. That's up from 25,000 just several years ago.

- IBM uses a custom-built configuration software called Bluemac to automate installation of apps onto the iOS devices.

- standard apps include IBM's Lotus Traveler and Lotus Mobile Connect (client-less VPN), while a smaller number get full VPN access, IBM Sametime instant messaging and IBM Connections, a collaboration tool that combines features from Facebook, SharePoint and Dropbox.

- the iPhones must be 3GS or later, and be running iOS 4.3 or later.

- there is an internal enterprise app store called Whirlwind for self-service, optional apps. Beta versions of IBM mobile apps are also offered to employees here. Whirlwind will give way to a new app store based on IBM's Tivoli software, said Pepin.

- Employees are not restricted from using Apple's App Store.

- IBM has just released the beta version of an MDM software called IBM Endpoint for Mobile Devices that runs on multiple platforms, including iOS, Android, Symbian, Windows Phone and others.

Slightly more than half of Facebook Inc.'s monthly users, or 425 million, access the social networking site today from tablet or smartphone. That's impressive, but then you find out later in Facebook's IPO filing that it gets absolutely zero of its $3.7 billion revenue from mobile.

Let's go through the filing in order of good news to bad.  Facebook said in today's SEC filing that mobile is one of its five key, high-level strategies.

"We are devoting substantial resources to developing engaging mobile products and experiences for a wide range of platforms, including smartphones and feature phones. In addition, we are working across the mobile industry with operators, hardware manufacturers, operating system providers, and developers to improve the Facebook experience on mobile devices and make Facebook available to more people around the world. We believe that mobile usage is critical to maintaining user growth and engagement over the long term."

We also learn that 425 million out of Facebook's 845 million monthly users [MAUs} in December 2011 accessed the site from a mobile device:

We anticipate that the rate of growth in mobile users will continue to exceed the growth rate of our overall MAUs for the foreseeable future, in part due to our focus on developing mobile products to encourage mobile usage of Facebook. Although the substantial majority of our mobile users also access and engage with Facebook on personal computers where we display advertising, our users could decide to increasingly access our products primarily through mobile devices.

However:

We do not currently directly generate any meaningful revenue from the use of Facebook mobile products, and our ability to do so successfully is unproven.

The reason there's no meaningful revenue is because Facebook doesn't display any mobile ads today.  Besides the unknown of how much mobile ad revenue Facebook will be able to generate, there's also the unknowns of competing with the likes of Google:

"Certain competitors, including Google, could use strong or dominant positions in one or more markets to gain competitive advantage against us in areas where we operate including: by integrating competing social networking platforms or features into products they control such as search engines, web browsers, or mobile device operating systems; by making acquisitions; or by making access to Facebook more difficult."

Facebooks' frenemies also include Apple. Cupertino's demands to be cut in on any in-app advertising/sales action as well as its own mobile advertising plans might lead it into overt conflict with Facebook.

"We are dependent on the interoperability of Facebook with popular mobile operating systems that we do not control, such as Android and iOS, and any changes in such systems that degrade our products’ functionality or give preferential treatment to competitive products could adversely affect Facebook usage on mobile devices."

This must be why Facebook made the seemingly-strange decision to cozy up to Microsoft several years ago, including taking investment money from Redmond.  So how might Facebook go after mobile revenues in the future?

"We currently do not show ads or directly generate any meaningful revenue from users accessing Facebook through our mobile products, but we believe that we may have potential future monetization opportunities such as the inclusion of sponsored stories in users’ mobile News Feeds."

And finally:

 
"Our Payments system enables users to purchase virtual or digital goods from developers and third-party websites by using debit and credit cards, PayPal, mobile phone payments, gift cards or other methods. We have also extended our Payments infrastructure to support mobile web apps on certain mobile platforms."