Results 1 to 4 of 4
  1. jdod's Avatar
    Posts
    874 Posts
    Global Posts
    977 Global Posts
       #1  
    Reading another thread about a developing app I am interested in, Rod (rwhitby) wrote of another app I use currently:

    Quote Originally Posted by rwhitby
    Yes, and (previous to Jason Robitaille rewriting it) it was a huge security vulnerability, effectively allowing any rogue web OS app to do anything as the root user that it pleases on your Pre.

    -- Rod
    I tend to download homebrew apps freely. With this statement, I wonder, should I be concerned about security flaws with some homebrew apps?

    Don't get me wrong, I am not being critical. I suspect that in all cases, any security issues with an app would be due to an inexperienced developer in the beginning of their developer career, no malicious intent at all. The reason I have a Pre at all is because of the homebrew community. Homebrew makes webOS what it is, no question at all.

    But Rod's comment got me wondering, are their apps out there that have security flaws? Should homebrew apps come with a security rating? Are potential security issues audited for before a homebrew app makes it to PreWare?

    Just curious.
    Sprint since 01/06/99: Sanyo SCP-4500 -> Audiovox PPC-6700 -> Palm Treo 755p -> Palm Centro -> Palm Pre 1.4.5 -> Jailbroken iPhone 4s
  2. #2  
    I think this information is way old.
  3. jdod's Avatar
    Posts
    874 Posts
    Global Posts
    977 Global Posts
       #3  
    Yes, I believe it is also, in this case. But it highlights a possible issue, as new patches arrive, how do we know they are secure? The one referenced above was not, until an experienced developer revised it.
    Sprint since 01/06/99: Sanyo SCP-4500 -> Audiovox PPC-6700 -> Palm Treo 755p -> Palm Centro -> Palm Pre 1.4.5 -> Jailbroken iPhone 4s
  4. #4  
    3rd party unofficial apps can critically modify the system in many possible ways. Several of which may be done unknowingly to the user in a malicious way. I can think of several ways off the top of my head that could seriously mess up a device or steal private info.

    Palm has filters and limits that prevent such situations, but homebrew, by its nature, does not. The PreCentral homebrew feed and WebOS-Internals feeds are moderated, and are safe, however other homebrew found on the internet should be installed only if you know what they do/who they're from
    If you've liked my software, please consider to towards future development.

    Developer of many apps such as: WebOS Quick Install, WebOS Theme Builder, Ipk Packager, Unified Diff Creator, Internalz Pro, ComicShelf HD, LED Torch, over 70 patches and more.

    @JayCanuck @CanuckCoding Facebook

Posting Permissions