Developers unwilling to wait for the Mojo SDK for Palm's Pre, or to be bound by its restrictions, have discovered that unsigned applications can be installed using a specially-formatted e-mail rather than any mucking about with unlocking the handset. The process, as explained at Pre Central, simply requires an e-mail containing …
Attach it and link to itself?
Might it be possible to attach an application to the email then craft a link along the lines of file://localhost/maildir/malicious.ilk to allow installation without a server?
The joy of security holes
Security is a bit of a tradeoff, innit? As far as I can tell, "security" in telephone handsets is invariably handled in such a ham-fisted way that it roughly translates to "you don't own this." Being able to do stuff that wasn't pre-approved by the manufacturer or the telco requires finding a security hole. That's how people got by the restrictions on the Andriod G1, right? And the iPhone, of course? Certainly, that's the only way I could disable the ridiculous, cat-scaring shutter-sound on my Symbian phone.
The take-home message appears to be that "secure" is synonymous with "crippled." Seems to me that there are only so many ways that story can end.
I find this locking down of iPhone, Android, Pre... quite amusing. That awful POS of a windows mobile based phone supports third party apps as is. Indeed, ActiveSync even provides a simple installation method for these applications.
Why does Sprint allow WinMo phones (eg HTC Touch) to run whatever the customer likes, and yet requires signed apps on the Palm Pre?
As much as I hate Microsoft stuff, I do like having a phone I can run whatever I like on it!
(Paris, because she's open?)