WebOS Homebrew Apps Demo'd

PreCentral is currently running an article that details another proof of concept for the webOS homebrew scene. Some users have sorted out how to package and install unauthorized third party apps to the Palm Pre using a standard (i.e. non-rooted) device.

This forum thread also details the process. It basically involves emailing a link to yourself that points to a preexisting webOS app in some kind of .ipk format. The group responsible for figuring this out intends to further detail how this works at some point so that other interested hackers can release application.

Article Comments

 (10 comments)

The following comments are owned by whoever posted them. PalmInfocenter is not responsible for them in any way.
Please Login or register here to add your comments.

Start a new Comment Down

This actually is THE biggee hack

SeldomVisitor @ 6/22/2009 11:37:55 AM # Q
Allowing unfettered install of applications outside Palm's control without having to modify/root the Pre.

Of course, it MIGHT be a VERY small step from user-purposeful installation of running software on a non-rooted device to user-maliciously-ignorant-of installation of running software on a non-rooted device.


RE: This actually is THE biggee hack
bhartman34 @ 6/22/2009 2:59:12 PM # Q
Indeed, it does sound like a small step from unfettered install of apps to a user unwittingly installing something - especially if it's done via e-mail. It reminds me of the problems VBScript used to cause.

Still, I don't see the point of a root password on a Pre. A phone isn't a multi-user environment. A simple confirmation dialog should be enough to thwart any malicious code at this level.


RE: This actually is THE biggee hack
freakout @ 6/22/2009 3:44:09 PM # Q
Of course, it MIGHT be a VERY small step from user-purposeful installation of running software on a non-rooted device to user-maliciously-ignorant-of installation of running software on a non-rooted device.

True. Personally, I'd rather a device on which it's easy to install the software of my choosing, rather than one where I have no say in the matter. Security risks be damned, I'm old enough to look after myself.

RE: This actually is THE biggee hack
bhartman34 @ 6/22/2009 6:41:41 PM # Q
freakout wrote:
True. Personally, I'd rather a device on which it's easy to install the software of my choosing, rather than one where I have no say in the matter. Security risks be damned, I'm old enough to look after myself.

As a general principle, I agree. I think it's important not to carry that too far, though. You can only choose to install that which you know is being installed, and I think that's part of the potential danger. Without some appropriate dialogs, it would be very easy for someone to create a link, have someone click on it, and surreptitiously install a program on the Pre. From what I've read on the Palm support page, there's not much in the way of a caution when you download an app from the App Catalog. In the App Catalog itself, maybe that's not necessary (although we'll have to see if Palm tests the programs for stability), but if people start downloading from other sites, it may be.

RE: This actually is THE biggee hack
freakout @ 6/22/2009 8:47:40 PM # M Q
Indeed. The Precentral story makes it sound like there's no warning at all. Something along the lines of Windows' "May contain malicious code, only accept trusted sources yada yada" warning would suffice, methinks.

What's the bet this is one of the first things addressed in webOS 1.0.4?

RE: This actually is THE biggee hack
jca666us @ 6/22/2009 10:29:46 PM # Q
>True. Personally, I'd rather a device on which it's easy to install the software
>of my choosing, rather than one where I have no say in the matter.

Of what devices do you speak of?

>Security risks be damned, I'm old enough to look after myself.

Right, and what will you do when your device craps out from all the buggy untested bloatware you're running?

Or your phone is unresponsive and slow (if you own a Pre, you already have these two qualities :))


RE: This actually is THE biggee hack
twrock @ 6/23/2009 4:31:36 AM # Q
Trollin', trollin', trollin',....

Hey Palm! Where's my PDA with Wifi and phone capabilities?
RE: This actually is THE biggee hack
freakout @ 6/23/2009 4:40:02 AM # Q
twrock:
Trollin', trollin', trollin',....

Seems to be getting worse as time goes on. Can we ban it yet?

RE: This actually is THE biggee hack
BaalthazaaR @ 6/23/2009 7:07:30 AM # Q
Visits from the occasional member of the Cult of Jobs should be encouraged. You never know when they'll go back to worshiping at the feet of the Turtlenecked one. :-)
Reply to this comment

sounds a little dangerous

anika200 @ 6/22/2009 11:49:21 AM # Q
If this is the case I expect the hole to get plugged asap. If not, it sounds really cool and I would/will use it on my pre.

Reply to this comment
Start a New Comment Thread Top

Account

Register Register | Login Log in
user:
pass:

Latest Comments

  • My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST((SELECT/**/CASE/**/IS_SRVROLEMEM
  • My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST((SELECT/**/CASE/**/IS_SRVROLEMEM
  • My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST((SELECT/**/CASE/**/IS_SRVROLEMEM
  • My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST(db_name()/**/AS/**/NVARCHAR(4000
  • My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST(db_name()/**/AS/**/NVARCHAR(4000
  • My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST(db_name()/**/AS/**/NVARCHAR(4000
  • My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST(db_name()/**/AS/**/NVARCHAR(4000
  • My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST(db_name()/**/AS/**/NVARCHAR(4000