Page 1 of 3 123 LastLast
Results 1 to 20 of 43
  1.    #1  
    webOS 1.0.4 is out - SprintUsers.com

    It blocks homebrew app installs via email link.

    Update: A few people including Elysian893 have tested and it appears that email link homebrew installs are now blocked. You will have to use palm-install to get apps on your phone over USB.

    The release notes are posted here... Palm Support : Palm Pre Sprint - Software update information for Palm Pre Sprint p100eww
    Last edited by Blubble; 06/29/2009 at 01:04 PM.
  2. #2  
    Quote Originally Posted by Blubble View Post
    webOS 1.0.4 is out - SprintUsers.com

    It supposedly blocks homebrew app installs without a physical connection to the phone.
    Where'd you hear it blocks homebrew app installs? I'll test it as soon as its installed, but I'd love to hear where this rumor started.
  3.    #3  
    In the thread that I linked. I am not sure where this info came from. I couldn't find any notes on the Palm support site.
  4. #4  
    It doesn't sound like its blocking third party apps.

    Personally, it sounds like its blocking access from elsewhere to make your phone download apps.

    "Fixes:
    Unauthorized applications could be installed without having physical access to the device."
    That's what I picked up from the different websites. I would say clicking a link on your screen pretty much requires physical access, so I don't think this would be disabled... anyone actually get the update and try it out?
  5.    #5  
    I am sure you can still just use palm-install usb to get apps on your phone. I think they mean that apps can't be loaded via the ipk email link workaround. We'll see when someone tests it.
  6. #6  
    I just tried to install PimpMyPre, its blocked. The email install no longer works.
  7. #7  
    Quote Originally Posted by Elysian893 View Post
    I just tried to install PimpMyPre, its blocked. The email install no longer works.
    Nooooooooooooooooooooooooo!
  8. #8  
    Kind of a bummer palm decided to make attempts to shut down homebrew apps. I was just kinda hoping they'd just leave it alone for a while.... guess that was just wishful thinking.
  9. #9  
    Guys, they HAD to fix this. It's a HUGE security hole to just install software by having users click something in an email. Sure it's handy for us hackers but it's a wide open door for exploits. As long as I can get stuff on my phone through USB or SCP I'm perfectly happy.
  10. #10  
    Quote Originally Posted by ericthered View Post
    Kind of a bummer palm decided to make attempts to shut down homebrew apps. I was just kinda hoping they'd just leave it alone for a while.... guess that was just wishful thinking.
    You're looking at it the wrong way. The email hack we were using to install these apps was a huge security hole, it has nothing to do with trying to shut down home brew, it has to do with ***** users out there who might unknowingly click a link in their email and screw up their phone.
  11.    #11  
    TheMarco is right. That was a pretty huge hole that someone could use for all kinds of evil mischief.
  12. #12  
    Haha yeah I guess you guys are right. It definitely helps to have the convenience of a one link download option, but it may be a bit safer to limit it to physical download only...

    Oh well. Not like it's really going to halt progress here...
  13. #13  
    Its all Ladd Harris' fault.. this is a security update according to Palm.. and they specifically thanked Harris... (actually its a good thing for us poor people who refuse to root)...

    ** but at least palm is paying attention.. meaning we will probably be seeing things we want too. lol
  14. #14  
    Quote Originally Posted by Elysian893 View Post
    You're looking at it the wrong way. The email hack we were using to install these apps was a huge security hole, it has nothing to do with trying to shut down home brew, it has to do with ***** users out there who might unknowingly click a link in their email and screw up their phone.
    Exactly. I'm glad they fixed that. There will be a "legitimate" way to side-load apps, rest-assured.
    --Inspector Gadget

    "Go Go Gadget Pre!!"
    Palm Pre on Sprint

    Palm V--> Palm IIIc--> Visor Prism--> Visor Phone--> Treo 270--> Treo 600--> Treo 650-->
    Treo 700wx--> HTC Touch Diamond--> Palm Pre & HTC EVO 4G.
  15. #15  
    I would actually be upset with Palm had they not patched this security hole with this update. At a minimum I would have expected an alert that asks if you want to install. Frankly, disabling much easier.

    Yes, it will limit the ability to deliver apps to unrooted Pres. But as long as USB deploy works, I'm fine just working on getting my apps actually ready for release.
  16. #16  
    Quote Originally Posted by TheMarco View Post
    Guys, they HAD to fix this. It's a HUGE security hole to just install software by having users click something in an email. Sure it's handy for us hackers but it's a wide open door for exploits. As long as I can get stuff on my phone through USB or SCP I'm perfectly happy.
    +1
  17. #17  
    Quote Originally Posted by Elysian893 View Post
    You're looking at it the wrong way. The email hack we were using to install these apps was a huge security hole, it has nothing to do with trying to shut down home brew, it has to do with ***** users out there who might unknowingly click a link in their email and screw up their phone.
    I can see what you're saying, and you are right.

    However, I hate to have to inconvenience myself (or anyone else) to protect idiots.....
  18. #18  
    Quote Originally Posted by ericthered View Post
    I can see what you're saying, and you are right.

    However, I hate to have to inconvenience myself (or anyone else) to protect idiots.....
    Should be used to it by now! Thats been the role of updates since computers came around!
  19. #19  
    It's an inconvenience, I agree. It may even be annoying for all of us who mean well. However, any of us would feel a whole lot different when some stalker freak sends our girlfriends/wives some 'cool link' that installs an app on her phone that tracks her location 24/7 for the stalker's pleasure
  20. xorg's Avatar
    Posts
    633 Posts
    Global Posts
    1,010 Global Posts
    #20  
    I do agree that the link with no message is a hole, but any email application is able to open links with a message. If a warning message came up, would it still be a hole?

    PalmOS allows launching PRC files from email and the web browser. Why is that not a security issue but this is?
Page 1 of 3 123 LastLast

Posting Permissions