Developers playing with Palm’s webOS have discovered a method whereby software can be installed on an unhacked Pre. The system emails a .ipk link to the app, and seemingly takes advantage of a loophole in the platform to bypass Palm’s security.
For the end-user, installing an app is as straightforward as tapping on a link in their email and allowing the Pre’s browser to open it. That automatically downloads and installs the software; currently the only publicly available app is a proof-of-concept that installs a non-functional shortcut icon to the Pre’s launcher.
Frankly, we’re fully expecting Palm to step in and put a stop to this sort of software distribution with an update to webOS. Not only does it present a security risk, where naive Pre users may click to load a malware app without realizing, but it bypasses the official app store and thus denies Palm themselves any cut of paid-app profits (or the ability to decline certain apps it doesn’t want released). They’re likely to put more emphasis on the security reasons, though.
[via My Pre]