webOS Nation Forums >  webOS Discussion >  webOS Discussion Lounge > Signed apps
Signed apps
  Reply
 
Thread Tools Display Modes
Old 01/09/2009, 12:35 AM   #1 (permalink)
Member
 
Posts: 129
I think this deserves its own thread.

From this video hands-on and Q&A, Stephane Maes said:

Quote:
Originally Posted by Stephane Maes
You know, we've had trouble in the past with Palm OS applications that don't behave well, and they crash the device, and people call in support, and they can't figure out what's wrong, and we can't figure out what's wrong, and it's some app that wasn't developed properly. So, we still intend to have a very open platform, but the one thing that we want to make sure, is that those apps were developed properly, and they're signed, and they go through our app store, um, that they work.


Palm, don't do this to me.

I've been a fan of Palm OS for several years now, I own four Palm OS devices (and actively use two of them - an original Centro (on Sprint,) and an Abacus Wrist PDA.)

You impressed me with the user interface and design of the Pre. (Not so much the name, but... I can deal with the name.)

Don't blow it all by requiring that all apps be signed.

Right now, for full API access, only two smartphone operating systems available on a standard current production phone allow unsigned apps - Windows Mobile, and Garnet. AFAICT, everything else has either restrictions on how much of the API can be accessed by an unsigned app (BlackBerry,) or is completely closed to unsigned apps (everything else.) Yes, I know about the Google Dev Phone, which is why I said standard, the Dev Phone is a limited release model for developers, IIRC. And I don't want to beta test Android, anyway.

I don't have any problem with popping up a dialog saying that this app isn't signed, and it's not Palm or Sprint's fault if the phone crashes, or whatever. (HINT, HINT. That's what my J2ME phone did if I installed an unsigned app, and that's good behavior.)

I do have a problem with blocking unsigned apps.

That's all.
bhtooefr is offline   Reply With Quote
Old 01/09/2009, 02:37 AM   #2 (permalink)
Member
 
Posts: 172
Im sure their will be a way to get unsigned apps onto the device, just got to give it time
__________________
--
Please post inquiries to the "Ask a Sprint rep" sticky on the CDMA North America forum.
If my post was helpful please thank me!

Linux/Palm Pre HELP can be found at:
http://www.crombiez.com

-intro.
intro is offline   Reply With Quote
Old 01/09/2009, 02:41 AM   #3 (permalink)
Member
 
johncc's Avatar
 
Posts: 4,192
Agreed. That's an Apple-ism that they should forget about.

Open is good! That's what Palm's past success was built on.
johncc is offline   Reply With Quote
Old 01/09/2009, 02:47 AM   #4 (permalink)
Member
 
whatever7's Avatar
 
Posts: 2,003
Quote:
Originally Posted by intro View Post
Im sure their will be a way to get unsigned apps onto the device, just got to give it time
Yeah just like s60.
whatever7 is offline   Reply With Quote
Old 01/09/2009, 09:16 AM   #5 (permalink)
Member
 
Posts: 129
S60 still needs a jailbreak or a developer key to get unsigned apps on, right?

I don't have a problem with making signed apps available, and only supporting the use of signed apps - signed apps are actually a good thing, they do help ensure security - as long as unsigned apps are allowed, without jumping through hoops that get closed every update. I don't want to get into a jailbreaking cycle like everyone with iPhones.
bhtooefr is offline   Reply With Quote
Old 01/09/2009, 09:25 AM   #6 (permalink)
cgk
Member
 
cgk's Avatar
 
Posts: 3,868
Quote:
S60 still needs a jailbreak or a developer key to get unsigned apps on, right?
Unless it's changed since I had an s60 phone you just turn off the "only accepted signed apps" in the user preferences.
cgk is offline   Reply With Quote
Old 01/09/2009, 10:00 AM   #7 (permalink)
Member
 
Posts: 129
I know citing Wikipedia is dangerous, but...

Quote:
Originally Posted by Wikipedia/Symbian OS
Symbian OS 9.1

Released early 2005. It includes many new security related features, particularly a controversial platform security module facilitating mandatory code signing. Symbian argues that applications and content, and therefore a developers investment, are better protected than ever, however others contend that the requirement that every application be signed (and thus approved) violates the rights of the end-user, the owner of the phone, and limits the amount of free software available.
Also...

Quote:
Originally Posted by Wikipedia/S60 (software platform)
It is noteworthy that software written for S60 1st Edition (S60v1) or 2nd Edition (S60v2) is not binary-compatible with S60 3rd Edition (S60v3), because it uses a new, hardened version of Symbian OS (v9.1), which has mandatory code signing. In S60v3, a user can't just install any program, unless it has a certificate from a registered developer, or the system is hacked with the modified installserver.exe.
If that's not a jailbreak, I don't know what is.
bhtooefr is offline   Reply With Quote
Old 01/09/2009, 10:04 AM   #8 (permalink)
Member
 
Posts: 1,439
Oepn = Goood bu, a phone that works = more important.

Look at the leaders in the space ... balckberry, apple - there phones don;t crash and burn. a little more control on the apps made for palm will be good to get the phone / os off and running.

Thjis conversation should be rasied again a year after the phone has been avaiaible an the OS has provded itself in a controled enviorment. IMO
__________________
da Gimp

Please note: My spelling sucks and I'm to lazy to check it.
B-model#CB is offline   Reply With Quote
Old 01/09/2009, 10:05 AM   #9 (permalink)
cgk
Member
 
cgk's Avatar
 
Posts: 3,868
Quote:
Originally Posted by bhtooefr View Post
I know citing Wikipedia is dangerous, but...



Also...



If that's not a jailbreak, I don't know what is.
I had an s60 3rd edition phone, it was a user option to turn off the signing - so I'm not sure what that article is about...
cgk is offline   Reply With Quote
Old 01/09/2009, 10:10 AM   #10 (permalink)
Member
 
Posts: 63
I have an s60v3 phone and I have come across apps that can't be installed without using a complicated certificate generator on a hacker site. The app I was trying to install was a simple network ping utility.
DrewT3 is offline   Reply With Quote
Old 01/09/2009, 10:11 AM   #11 (permalink)
cgk
Member
 
cgk's Avatar
 
Posts: 3,868
Quote:
Originally Posted by DrewT3 View Post
I have an s60v3 phone and I have come across apps that can't be installed without using a complicated certificate generator on a hacker site. The app I was trying to install was a simple network ping utility.
No idea - turning off the need for signed apps is easy - see:


http://www.bestofsymbian.com/how-to-...mbian-s60-3rd/

I never encounted an unsigned app I could uninstall? I cannot find any evidence that this has changed in the six months since I moved backed to WM. Anyone?
cgk is offline   Reply With Quote
Old 01/09/2009, 10:19 AM   #12 (permalink)
Member
 
RC46's Avatar
 
Posts: 1,633
I'm good with it being completely open and I'm good with not requiring signed apps but on the other hand I can totally see where Palm is comming from on this.

The Treocentral forums is a perfect example of the fact that most people want to blame the manufactuer for their phone crashing and not the 3rd party developers. Case in point, the centro is rock solid stable until you add certain 3rd party apps. Then it crashes left and right. People think that its Palms fault and rant and rave about how crappy Palm is.

I remember when Chatter was in its infancy. It used to cause crashes so bad that they could only be fixed with hard resets. Everyone around here loved chatter and so they blamed Palm for their problems when in fact it was Chatter causing the problems all along.

I can see Palm wanting to get a handle on this.
__________________
Pilot 1000 -> Pilot 5000 ->Palm Pilot Professional -> HP 620LX -> TRG Pro -> Palm V -> Palm Vx -> Palm M505 -> Palm i705 -> Palm Tungsten|T -> Samsung i500 -> Treo 600->Treo 650 -> Treo 600-> Treo 700p ->Centro ->Treo 800w + Redfly C8n -> Palm Pre -> HP Touchpad
R.I.P Palm 1996-2011
RC46 is offline   Reply With Quote
Old 01/09/2009, 10:22 AM   #13 (permalink)
Member
 
Posts: 63
I had that option turned off already. I got curious and just looked it up. It seems that certain APIs require different levels of security and the blanket user-override only applies to some APIs. Others, like the network stack, require a certificate that Nokia won't provide, so you need to generate a hacked one. That is why the Ping app wouldn't work.

http://my-symbian.com/s60v3/software...Auto=533&faq=4
DrewT3 is offline   Reply With Quote
Old 01/09/2009, 10:22 AM   #14 (permalink)
Member
 
Posts: 885
Quote:
Originally Posted by bhtooefr View Post
Don't blow it all by requiring that all apps be signed.
You're stupid. The statement made in your quote doesn't match what they said. They said
Quote:
Originally Posted by Stephane Maes
that those apps were developed properly, and they're signed, and they go through our app store, um, that they work.
Emphasis mine.

Where does she says that all applications will need to be signed? It sounds to me like it'll remain the same except applications in their own store will need to be signed.

Don't jump to conclusions for no reason.
Quote:
Originally Posted by bhtooefr View Post
Right now, for full API access, only two smartphone operating systems available on a standard current production phone allow unsigned apps - Windows Mobile, and Garnet. AFAICT, everything else has either restrictions on how much of the API can be accessed by an unsigned app (BlackBerry,) or is completely closed to unsigned apps (everything else.) Yes, I know about the Google Dev Phone, which is why I said standard, the Dev Phone is a limited release model for developers, IIRC. And I don't want to beta test Android, anyway.
This is also incorrect. Windows Mobile does not allow full access to their API. There are many components that you can't touch without modifying the system or signing your application.

Also the G1 can allow unsigned applications (you don't need their Dev version; which is the same as the T-Mobile G1 just unlocked). The BlackBerry OS also has many API features exposed.

The Palm Pre, as far as we know, uses the Palm WebOS which exposes many APIs via JSON and regular JS. What remains to be seen is 3D gaming and other necessities.

Last edited by Kasracer; 01/09/2009 at 10:27 AM.
Kasracer is offline   Reply With Quote
Old 01/09/2009, 10:25 AM   #15 (permalink)
Tazmorator
 
berdinkerdickle's Avatar
 
Posts: 11,160
My Pre keeps Crashing!
Stupid Palm!
berdinkerdickle is offline   Reply With Quote
Old 01/09/2009, 10:27 AM   #16 (permalink)
Member
 
Posts: 1,439
Quote:
Originally Posted by berdinkerdickle View Post
My Pre keeps Crashing!
Stupid Palm!
wow - that didn't take long
__________________
da Gimp

Please note: My spelling sucks and I'm to lazy to check it.
B-model#CB is offline   Reply With Quote
Old 01/09/2009, 10:29 AM   #17 (permalink)
Member
 
ADGrant's Avatar
 
Posts: 1,911
Quote:
Originally Posted by rc46 View Post

I remember when Chatter was in its infancy. It used to cause crashes so bad that they could only be fixed with hard resets. Everyone around here loved chatter and so they blamed Palm for their problems when in fact it was Chatter causing the problems all along.
OTOH PalmOS users got what is probably the best mobile email client on any smart phone.
ADGrant is offline   Reply With Quote
Old 01/09/2009, 10:40 AM   #18 (permalink)
Member
 
Posts: 129
Quote:
Originally Posted by Kasracer
Where does she says that all applications will need to be signed? It sounds to me like it'll remain the same except applications in their own store will need to be signed.
Read it again, my interpretation of the sentence is that all applications will have to go through their store.
bhtooefr is offline   Reply With Quote
Old 01/09/2009, 10:51 AM   #19 (permalink)
Member
 
Posts: 885
Quote:
Originally Posted by bhtooefr View Post
Read it again, my interpretation of the sentence is that all applications will have to go through their store.
You're making assumptions with no basis. She said that
Quote:
Originally Posted by Stephane Maes
So, we still intend to have a very open platform, but the one thing that we want to make sure, is that those apps were developed properly, and they're signed, and they go through our app store, um, that they work.
I fail to see how anyone thinking clearly could deduce that Palm is requiring all applications to be signed and have to go through their application store.

In fact, it sounds to me like she is saying that it'll still be open but if you use Palm's application store then the applications will be signed.

I'm not saying that in the end all developers have a choice in signed versus unsigned. My point is it doesn't really matter how you made your assumption; we won't know anything for sure until the SDK is released and an announcement has been made regarding its release.
Kasracer is offline   Reply With Quote
Old 01/09/2009, 10:58 AM   #20 (permalink)
Member
 
Posts: 129
Keep in mind that open is the biggest bit of double-speak out there.

"Open" could mean that anyone can develop for the API without having to sign NDAs or pay money, like for a certain other phone.

But, read through what he (it is he, not she, FWIW) said slowly, I'll try to deconstruct it:

Palm wants to make sure that:

1. Those apps were developed properly
2. AND they're signed
3. AND they go through their app store
4. That they work.

Last edited by bhtooefr; 01/09/2009 at 11:04 AM.
bhtooefr is offline   Reply With Quote
Reply

 

Thread Tools
Display Modes



 


Content Relevant URLs by vBSEO 3.6.0