Page 1 of 2 12 LastLast
Results 1 to 20 of 22
  1.    #1  
    I have been following all of the progress that has been made for rooting your pre and installing homebrew apps. I am starting to wonder if webOS will be able to support commercial applications. How could palm possibly prevent users from taking a paid app, removing any licensing from the source, and repackaging it as a homebrew app? At least with .NET you can obfuscate your code to prevent others from being able to reflect it.

    I hope this doesn't hurt webOS as a development platform.
  2. xorg's Avatar
    Posts
    633 Posts
    Global Posts
    1,010 Global Posts
    #2  
    I've posted about this as well. Commercial developers will want to code their IP portions as a binary, which is possible. I don't know if Palm will officially support binary development in the initial SDK but it is possible already. The Classic emulator likely has some binaries associated.
  3. #3  
    Yep, binary applications are supported, definitely. They function as web browser plugins. That's how Classic works.

    I bet Palm will require some vetting of binary plugins for security reasons, but I'm sure it'll be possible. (and necessary for certain classes of applications, like games that require fluid graphics, emulators and so forth)
  4.    #4  
    Quote Originally Posted by zorinlynx View Post
    Yep, binary applications are supported, definitely. They function as web browser plugins. That's how Classic works.

    I bet Palm will require some vetting of binary plugins for security reasons, but I'm sure it'll be possible. (and necessary for certain classes of applications, like games that require fluid graphics, emulators and so forth)
    I wonder if this problem is a part of why the SDK is still not released.
  5. #5  
    I think it might become a big issue in the very near Future.. not only are flipflops and xorg making progress in making an install package that works WITHOUT Root...

    Whats to stop someone from writing a background app/script to get contact info and shoot it off to a website/email?

    but hopefully the SDK will answer our questions.. This is another reason i'm glad they aren't rushing it.. and hopefully have this thought out. But i LOVE the's phones ability so far! VERY customizable.. it's unreal a mini pc basically.
  6. #6  
    A way to protect your code is by code obfuscating. It will be interesting to see what Palm will do to help protect developers code.

    - Garrett
  7. #7  
    Quote Originally Posted by antonio3 View Post
    I think it might become a big issue in the very near Future.. not only are flipflops and xorg making progress in making an install package that works WITHOUT Root...

    Whats to stop someone from writing a background app/script to get contact info and shoot it off to a website/email?
    You still have to download the attachment for it to do anything. But, like on any computer, you should be careful with any attachments you receive. I don't see why that's a big deal.

    As for protecting developers' code, we'll see, but I think a lot of apps will call home for activation. I have a feeling that's what Classic does already (though it has an advantage in that it's not solely Javascript/CSS/HTML.)
  8. #8  
    Quote Originally Posted by jhoff80 View Post
    You still have to download the attachment for it to do anything. But, like on any computer, you should be careful with any attachments you receive. I don't see why that's a big deal.
    ...
    But security should not be so loose as to be succeptible to being breached in such a way.
  9. #9  
    There isn't much that can be done.

    What I see from reading the webOS book is that Palm named it as such and expects apps to be mostly clients of online services, with some local data caching. But basically, trivial apps accessing more sophisticated applications in the cloud.

    Now an app like Google Maps is very sophisticated for its drawing and protocol but most apps expected on this platform? Probably not so much.
    Palm Vx > Treo 650 > Centro > G1 > Pre > BlackBerry 9700
  10.    #10  
    Quote Originally Posted by jhoff80 View Post
    As for protecting developers' code, we'll see, but I think a lot of apps will call home for activation. I have a feeling that's what Classic does already (though it has an advantage in that it's not solely Javascript/CSS/HTML.)
    The problem is that since you have the full source, you can always just remove the part that calls home. You would need to have it in a binary as well as some vital part of the app. That way if you removed it, it would break the app.
    Palm needs to find a way to make it a requirement to have a binary that calls back home with your serial number or something. In order for your app to load, it must have this.
    This will mean no homebrew apps though...
  11. #11  
    It's barely any more of an issue than it is anywhere else. If someone wants your app for free they will get it. Can anyone name any popular commercial software that can't be found without being paid for?
  12. #12  
    I think one big issue isn't to eliminate piracy, but to eliminate code theft by competitors. If you are trying to make a unique app for a profit, your competitors can simply take the source off the device and be at the same place that you took much work to get. Obfuscation can help, but it is a concern.

    On the flip side, I would hate to have to go through Apple's "Teenager Emotional" Validation of Apps before they were available, so I love the openness of the platform.
  13. #13  
    This is really a double edged sword. Apple requires all apps be reviewed by them, therefor making the iphone very secure in that respect. The fact that the pre is so wide open really leaves people open to security issues. It will be interesting to see what palm does with this. Devs want to have access to everything, end users want perfect security.
  14.    #14  
    Quote Originally Posted by kaze0 View Post
    It's barely any more of an issue than it is anywhere else. If someone wants your app for free they will get it. Can anyone name any popular commercial software that can't be found without being paid for?
    I think it is quite different. The commercial software is compiled code. It would be very difficult to change the way commercial software works. With the uncompiled code at your fingertips, you can make any modifications you want without needing to recompile. If I had the source to Photoshop for example, I could just remove the licensing portion from the code. Not saying that piracy won't happen, but that it will be impossible to have a reliable way to get people to pay for apps, thus driving away commercial companies and a lot of quality products.
  15. #15  
    Quote Originally Posted by blakeb View Post
    I think it is quite different. The commercial software is compiled code. It would be very difficult to change the way commercial software works. With the uncompiled code at your fingertips, you can make any modifications you want without needing to recompile. If I had the source to Photoshop for example, I could just remove the licensing portion from the code. Not saying that piracy won't happen, but that it will be impossible to have a reliable way to get people to pay for apps, thus driving away commercial companies and a lot of quality products.
    This is indeed a problem that all developers face on all platforms. The question always comes up when you're talking about creating a software product: "how do we make it uncrackable?" The answer is always, "you can't."

    Even compiled code can be cracked by someone familiar with machine code (i.e. assembly). I know .NET faces criticism because they are one layer above machine code and it is easier to "decompile" it. Obfuscation (like someone mentioned above) is not really a solution either. It makes it more frustrating for the would-be cracker, but that will only discourage 99% of people and the other 1% will figure it out for everyone else.

    I develop software for a living (as I'm sure many, many others on this forum do, too) and I'm sure I'm coming off very negative. For that, I apologize. However, I still think I'm right. You can play all kinds of games and try to hide your "intellectual property" from would-be hackers/crackers/warez fiends, but you're much better off spending your time and resources on making your software better and taking care of your paying customers.

    Here's my advice:
    1. Come up with a great idea (your software)
    2. Find a great platform to host your idea (Palm Pre in this case)
    3. Realize the people that steal software are idiots. It is like fighting with a bunch of retarded dogs. No one wins and you'll probably get bitten. Beyond basic registration / activation processes, you might as well not waste time.
    4. Allow people to buy your idea (Palm's app store or distribute it yourself once we have a stable way to install apps without the app store)
    5. Service your new customers with care and let them spread the word about how great you and your products are.


    </soapbox>
    Last edited by whatsit2002; 06/22/2009 at 01:25 PM.
  16.    #16  
    Agreed. I just hope that it doesn't discourage people from developing on webOS. There is no question that it is much easier to pirate on webOS than it is on the iPhone or other platforms.
  17. #17  
    However, there is a difference between doing a view source in a browser (what looking at code on the Pre is like now) and decompiling code for a non-Intel processor. The first anyone who have programmed almost anything can do, the second can be done by far fewer.

    I'm not as concerned with eliminating piracy as I am in protecting "unique" ideas that I might want to sell to eliminate my day job. It is far easier to crack a program to steal it than it is to duplicate the functionality of a program. Unless that program consists of only JavaScript and HTML.

    I'm torn here, because I run Ubuntu at home and contribute what I can freely. However, if I came up with a cool app that most people would be willing to pay a couple bucks for, I'd like to be secure in that endeavor.
    Last edited by sacherjj; 06/22/2009 at 02:49 PM.
  18. #18  
    Quote Originally Posted by blakeb View Post
    How could palm possibly prevent users from taking a paid app, removing any licensing from the source, and repackaging it as a homebrew app?
    The original developers have grounds to sue the users for license violations if this happened.

    Even if you had the source somehow, having the source does not necessarily mean you are legally permitted to redistribute it, unless the license explicitly allows you to do so.
  19. #19  
    Quote Originally Posted by ydaraishy View Post
    The original developers have grounds to sue the users for license violations if this happened.

    Even if you had the source somehow, having the source does not necessarily mean you are legally permitted to redistribute it, unless the license explicitly allows you to do so.
    Yup, i would personally go on every palm hack site, and make sure my app isn't there... Sure it will still be done, but reduce the amount. You can't cure cancer, but you can treat it.
  20. #20  
    One solution would be to tie integral functionality of the app to the "phone-home" process - in other words, have some data or data processing only accessible via your servers, and require the user to "authenticate" through some means or other in order to access it. Sure, crackers can happily take out the "phone-home" routines... but then in doing so they automatically gimp the program.

    To prevent "spread" of serial numbers, I'd imagine each phone has a unique identifier... when the application is first registered, the serial number and ID could both be sent in; subsequently, only the ID would be sent. Any subsequent attempts to register with the same serial could then be denied, unless the user explicitly submits a request to unregister their serial (thus allowing it to be re-registered with a new handset).

    I realize this isn't feasible for all apps, but at least it's a relatively foolproof solution for some. By nimer55's analogy above, this would be chemotherapy, I think
Page 1 of 2 12 LastLast

Posting Permissions