Quote Originally Posted by Brain_ReCall View Post
Ok, people were running off in tangents getting away from the core issue.

What you describe is more like phishing. I highly suggest you read that Wikipedia article. Lots of people have been trying to figure out good detection and prevention, but essentially it becomes a PEBCAK issue (because they would be going to untrusted third-parties to install some weird app). No platform is immune, and all platforms are likely to deal with it (Apple and Android both had issues with it recently).

I suspect Palm is taking this issue very seriously, especially since Synergy condenses down lots of personal information into a small attack surface (probably why we don't have APIs yet for accessing contacts and such outside each app). Pretty much the solution comes down to trust. The requester of the information has to be trusted, otherwise you're gambling. I'd imagine whenever Palm implements some more powerful API, they'll be dragging those apps using through the coals to ensure they are legit.
If the web-linked apps can not run in the Palm namespace (which is what I believe the case is), then they would have none of the available APIs to do any of the tasks you pointed out.
Yes. I'm sure Apple and Android take it seriously too, but it still happened. I hope Palm's 'solution' to this is the 'answer'.
Thank you for your explanations.