Following up on the announcement of the latest Sprint Palm Pre update, new information has surfaced on the extent of the fixes. The main issue being fixed was an exploit that was being used to install homebrew applications with unsigned code on non-root enabled phones by sending an email with the installer link.
The problem arose when no security dialog or warning notification would display when the link was clicked, with the executable automatically installing itself and appearing in the application list with no confirmation whatsoever, which could have been easily abused by someone sending a malicious application via email and potentially causing serious damage to the user’s device and data.
By fixing this loophole thanks to the help of the homebrew community, Palm is demonstrating that it is keeping an open line of communication, while keeping the rest of the alternative methods for development open for the time being.
Actually from what is being said (not ready to test it myself yet) it doesn’t only effect unsigned applications. Part of the process of creating the .ipk file is to package it and sign it.
http://predev.wikidot.com/installing-apps-without-rooting
I disagree with trying to make that academic distinction. Self-signing is code not signed by any certifying authority and thus is “unsigned” as considered in the industry.
If Apple let anyone self-sign a .app, the word “jailbreak” wouldn’t have entered the 3G lexicon.
Self-signing is still unsigned code in the OHA’s view, Apple’s view, and in the view of PhoneNews.com. I suspect Palm would agree with such statements if asked.