Martin Fowler has a post on Cross Platform Mobile. One of the main challenges for Mobile development is dealing with different Mobile OS versions. Back in the day, OS version was a big deal for developers. We got away from this in large part with the Web (yes I know that a tremendous amount of code get written to support different browsers, but OS and particularly Mobile OS drag in a lot of other dependencies).
The Cross Platform dream has been around a long time, the most famous example of this sword being pulled from the stone was Java. And its worked out reasonably well, but can we expect anything like this in Mobile especially given the fierce (dare I say 80 & 90s esque) competition?
Martin Fowler's advice on Cross Platform Mobile is summed up as - "don't do it" due UI, usability and other issues. There is an additional challenge to Cross Platform Mobile which is that the security models are not alike. iOs, Android, and others each contain unique access control models, ways of dealing with sensitive data, attack surface, exception handling, network security, distribution code signing and so on. The flavors of these are very much OS dependent. This requires OS specific policies and security mechanisms. These are deployed and managed separately for each OS and so from a security perspective there is not a Cross Platform model that is available at all. iOs keychain is useless in Android, Android's permissions model is useless in iOs. No one anywhere can hablo security Esperanto.
I would expect and hope that we'll some more standardization in Mobile web services like Salesforce.com demonstrated with their oauth Android implementation, but I am not optimistic on the Mobile OS.
Secure Coding Training Class: Mobile AppSec Triathlon
Do you have what it takes to complete a triathlon on three vital topics in the mobile world: Mobile application security, web services security, and mobile identity management?
Come join two leading experts, Gunnar Peterson and Ken van Wyk, for the first Mobile App Security Triathlon, in San Jose, California, on November 2-4, 2011.