Results 1 to 11 of 11
Like Tree1Likes
  • 1 Post By GMMan
  1.    #1  
    Hello everyone. Im new in this WebOS community. I say its awesome and sad HP kill it. WebOS is coming now as open source (yay) and, I certain someone has come up with the same thinkin as me, Is it Safe? How safe was WebOS at the beginning? And Now? Coming from the Android "way of life", all apps will let you know what is lurking behind and what access or rights you permit once you install and application. I dont see that on WebOS and it starting to creep me out, just a little. Maybe Im used to see this. Also I noted that there are no antivirus apps for WebOS. Hmmm, maybe is a good sign, but still crossed my mind, it is safe? How bout the apps from third parties? How can you tell if there are no behind the scenes apps running and gathering confidential info? Guess I am a little paranoid, but as i said before, all this just crossed my mind.

    Please need assurance this is a safe OS. Or at least make me think it is safe. Im very comfortable and happy using WebOS.
  2. giggles's Avatar
    Posts
    677 Posts
    Global Posts
    690 Global Posts
    #2  
    lol.. We do not at all have the security holes that android has. It's completely safe. And you can easily see what an app is accessing. We're safe and to even compar us to android and thinking about these problems is overboard.

    -- Sent from my Palm Pre using Forums
  3. #3  
    Some answers, in no particular order:

    1. Run of the mill attacks for Windows systems won't work, though there is a possibility that Flash and PDF attacks may mess something up.
    2. WebOS had its share of security problems in the early days, though I'm not quite sure about now. If you enable Developer Mode or set up SSHD, you open a hole, though if you mess with the innards of webOS enough, it becomes a tradeoff between convenience and security.
    3. It seems the most that the App Catalog will tell you is an app wants to use location services before you buy it.
    4. Be aware some apps are headless. That means that they are running, but does not have a card. Those apps will usually display a notification, though. The Email app is such an example.
    5. All PDK apps are jailed, so they shouldn't cause any problems. However, if you run an app through something like Xecutah, or using Novacom, there is no jailing. Though that's for developers to worry about, not the end user.
    6. SDK apps are limited in what services they can use, so they can't do anything out of the ordinary. Homebrew apps off of Preware may get around that, though, hence those apps not being on the App Catalog.
    GreenHex likes this.
  4. carldc's Avatar
    Posts
    441 Posts
    Global Posts
    501 Global Posts
    #4  
    When I first saw the title of this thread, I thought are these: .
    Whew!
    Last edited by carldc; 01/05/2012 at 09:58 PM.
    -carldc

    m500>T3>T|X>Treo 755p>Pre>Pixi>Pre 3>Galaxy S4 Mini
    ..........................................TouchPad............Surface Pro
    PalmOS-------------------webOS-------------------Android (just waiting for webOS to rise again!)
  5. #5  
    Quote Originally Posted by giggles View Post
    lol.. We do not at all have the security holes that android has. It's completely safe. And you can easily see what an app is accessing. We're safe and to even compar us to android and thinking about these problems is overboard.
    I think we can be a bit more realistic than that. If nothing else, the objectivity may win a bit of respect.

    Nothing is 'completely safe' and security holes are found in the course of time. Im a stranger to webkit and my interest in the bits of code I encounter is purely out of curiosity, but I can say that the 'web standards' in question are not perfect and are rapidly changing. IOW, the potential is always there.

    That things have been quiet in webOS land may very well be looked at as dodging bullets. A part of the perceived safety may be a function of webOS flying under the radar (market share) since summer '09 - security through obscurity, as they say. Whether its actually the case is neither here nor there. The point is, the state of things on webOS may not be too different than on competing platforms. The linux core may not be much of an issue, but there's a web server that sits on top of it and we all know how secure web servers are.

    And tell me... how easy is it to see what an app is accessing? When I run app x, can I be certain its not accessing unauthorized databases on my device? Or connecting to another machine on the net? Do apps normally broadcast which IPs they're going to and via which ports or protocols? No, we're completely in the dark there. We're at the mercy of manufacturers and developers and recent events have shown us just how much we can trust them.

    My advice is to treat webOS like you would any other mobile os: where security is concerned, assume the worst and take it from there. Keep in mind a few things...
    • we're living in an age where information is king, and so, metrics are the order of the day
    • device makers are always in compliance w/ government mandates - whatever they may be
    • never underestimate the role of the carrier where {in}security is concerned
    • the position of federal courts is that there is no reasonable expectation of privacy where mobile/electronic devices are concerned
    • if its private, dont EVER put it online or on a connected device
    • learn about the tech - both sides - b4 jumping wholeheartedly in

    I try to live by those, but really, common sense is all thats needed. For e.g., I keep sensitive corporate client info encrypted on an old un-synced PDA; not a smartphone; e-commerce is a no-no; and if ever I contacted or associated w/ an individual of questionable character, the contact info would never be in my device's DB or SIM. Instead I obscure it on paper and entrust it to my best friend's baby-momma's crack head brother. Or his cat.

    Sorry for being long-winded. I hope something made sense.
  6. ishpuini's Avatar
    Posts
    24 Posts
    Global Posts
    27 Global Posts
    #6  
    No OS is ever 100% safe. There will always be holes open for attacks.

    However, what is there to gain to attack an OS that is as isolated as webOS? Esp when there are other much larger communities to target with much better odds for success?

    There's not many of us, and that makes webOS safer. Let's hope it never gets too popular...

    Wim
    Touchpad 32GB and German O2 unlocked Palm Pre sharing the same profile
  7. #7  
    The reason it doesn't tell you about app privileges like in Android is that webOS doesn't really have APIs to access *any* personal data via third-party apps. Each app more or less only has access to its own data on the device.

    That's good in the sense that there's no apps that can dial a number without user input or make a copy of your contacts list, although it also means that developers can't write custom contacts/calendar/phone/etc apps that are integrated with the system.
  8. #8  
    Quote Originally Posted by greenoyster View Post
    The reason it doesn't tell you about app privileges like in Android is that webOS doesn't really have APIs to access *any* personal data via third-party apps. Each app more or less only has access to its own data on the device.

    That's good in the sense that there's no apps that can dial a number without user input or make a copy of your contacts list, although it also means that developers can't write custom contacts/calendar/phone/etc apps that are integrated with the system.
    Apps that need to access personal data will usual bring ul a popup. For example, Audiophile HD prompts access to music on first start.
  9. #9  
    But not always. For example, Checkbook HD wants to access your Google-account if you want to Import or Export data. And yes, Checkbook HD is in the App Catalog.
    Internalz from the App Catalog is a file manager. More personal than that is not possible.
    There are more apps.

    Now IDC. I know what's safe (and Checkbook HD is awesome!). But to say that no app has access to personal data is just wrong.
  10. #10  
    related to security, I was wondering how safe it is to use the "password keeper" in the advanced browser. It's awesome, but makes me a bit nervous when I don't know where the user names and passwords are stored. Anyone have an answer to that? Thanks.
  11. #11  
    Quote Originally Posted by ishpuini View Post
    ...what is there to gain to attack an OS that is as isolated as webOS?
    A safer webOS?
    It works that way too and Palm probably should have had some ethical hacking challenges in the early days.

Tags for this Thread

Posting Permissions