Pre3 to include enterprise-friendly developer mode lock-out option 79
Sat, 11 Jun 2011 7:53 pm EDT 
HP has been pushing their upcoming Pre3 flagship webOS smartphone as an enterprise-friendly device, and it seems that homebrew might be a casualty for those that end up getting one from their work. In a session at HP Discover 2011, the topic of securing the devices against hacking was brought up, and it was revealed that the version of webOS the Pre3 ships with (2.2? 2.3?) will include support for corporate IT managers to do things like lock out developer mode activation with a password. Thankfully this feature won’t affect consumer buyers. We can entirely understand – and agree with – HP’s decision to allow corporate overlords to lock down the devices used by their employees.
How far that shackling will go is unclear at this point, but we wouldn’t be surprised if IT managers are given the options to lock out things like App Catalog access and Synergy accounts. On the flip side of the coin, allowing for better corporate control over the phones will help ensure they continue to work well and may allow them to do things like remotely push new apps out to devices and perform diagnostics. We’re going out a bit far on the speculation branch of the things-we-don-know-yet tree, but if HP’s as serious about making webOS enterprise-friendly as they say they are, we expect there will be a whole suite of IT tools to permit mass and individual managing of devices.
79 Comments
Stop calling me Dave....
It can only be attributable to human error
Shirley you can't be serious?
★good★
look love--- http://www.goodshopping100.com
believe you will love it.
love good go.--- http://www.jordansforking.com
::∴★∵**☆.∴★∵**☆.∴★∵**☆.
█████.::∴★∵**☆.∴★∵**☆.
█田█田█::∴★∵**☆.∴★∵**☆.
█田█田█.∴★∵**☆.∴★∵**☆.
█田█田█∴★∵**☆.∴★∵**☆.
█田█田█.★∵**☆.∴★∵**☆.
█████.*******************
◢██□██◣.~~~~~*^_^*
employees could always run the webOS doctor and get round it, couldn't they (we) ?
No.
I don't see how they could make a corporate lock disable the WebOS Doctor, since that would also make it so the phone could be easily bricked if a new app was installed(by the business owners/IT people) that happened to break things. THEY should be able to Doctor the device, but if the phone is dead and locked, they wouldn't be able to do it.
Doctoring via WebOS requires DevMode. However, Doctoring via holding volume keys or the other method from the off position does not.
That doesn't necessarily mean that'll still work for future versions.
I don't think that they are going to disable it in this way.
Probably they will have a personalised webOS-doctor for each corporate client and those devices that they hand out will look at the checksum before they accept the Doctor (and can therefore only be doctored by the corporate webOS-Doctor image).
This at least would be the best procedure that they could introduce that I can think of as a corporate user ;)
Maybe the locked Pre 3s could require a specialized webOS Doctor which is digitally "signed" by IT in order to work.
It doesn't matter if you doctor it or not. The phone isn't locked out of the box. It becomes locked out when you access the corporate network such as when you add your exchange account to the phone.
You could doctor it as much as you want as soon as you add your corporate exchange it will receive the lockout policy again.
Same concern here. If I buy my own Pre3 and add my corporate exchange account, that's when I'm worried about being locked out of my own personal device. I'm already being forced to have a PIN to unlock the screen since my corporate exchange server is pushing that to my personal phone. Fortunately homebrew is helping me by disabling that PIN requirement.
Unfortunately that is how it works. If you add your corporate account you basically have to abide by their rules. It doesn't matter if the phone is your personal phone or not.
Some companies are very paranoid about their security but I seriously doubt they would go beyond the PIN requirement unless they provided the phone.
We were talking in #webos irc channel and I came up with this idea.
Obviously, each employee will have their own palm profile but what if every employee's palm profile was "linked" to a "parent" profile controlled by the company. This "parent" profile would control which apps get installed automatically or even if developer mode is locked.
This would prevent the employees from just doctoring their phone because they would still log into their old palm profile account thus marking the phone with all of the "parent" profile's settings again.
The profile idea doesn't work because you can always login with a new profile plus it doesn't solve the security concern for those who use their personal phone to connect to a corporate account.
The policies get pushed to the phone from Exchange directly so when you setup your Exchange account on the phone the policies get applied to it.
First off, the employee wouldn't want to change to a different profile because their employee profile would be tied into the company's profile. This would give them the company specific apps or other company specific data automatically. If they switch to a new one, they won't get their specific company data.
Secondly, where is the source of your information that it comes from Exchange?
I don't see why that would matter at all. Sure, you might be able able to doctor your phone back to stock, but then where would your enterprise access be?
I assume they are wanting to disable this because there will be VPN style access into the enterprise (to get email, docs, other apps, etc.). If you doctor back to stock you will have a, well, stock Pre 3 and stock apps.
Why would a user who is getting their Pre 3 for corporate use want a just stock device so they could patch it? Doesn't make sense at all.
I don't have an issue with this. If it helps move phones into a market that is untapped for HP (well, that's pretty much every market)then it is a good thing.
Nice graphic, Derek!
It doesn't mean you can't put the phone in dev mode it just means if you are using a corporate phone you have to abide by their rules. Some IT departments don't care and if they do it only means you have to ask them for permission to put the phone in dev mode.
I like that word: 'option'.
Yeah Yeah, do whatever you gotta do; Just release it already!
HP knows what phones are being used based on Palm profiles and IMEI / DEC numbers. Its entirely possible that the enterprise devices can be controlled by IT departments at that level. IE: if you doctored your Pre3 once you create a Palm profile, HP servers can know that your phone is an enterprise device and hand control back over to the IT department.
Even if not, once you doctor your device you're going to have to bring your device to the IT department anyway to have them set it up with the corporate exchange servers right? This will boil down to how tight the IT department wants to have control of your device.
If they did have a WSUS-type solution that would be cool- once your phone connects to the corporate wifi- you get pushed whatever apps/updates you need- if that also supported pushing homebrew apps (and it should) that would be even better- then lets say company A makes application B that the public does not need or should not get- then they can have it on their corportate only stream that gets pushed to XYZ devices as needed.
Detrone blackberry HP, it wont be hard as Blackberry imo is "Turbble"
Totally right decision - for corporate IT. But most important question: When will Pre3 be available?
I have no issues with that, especially for business enterprise. Security is a must. With this approach, this should sell to many big corporations all around the world. This is great!!!
Excellent graphic Derek!
That's the first image I put as my home page!
I feel my mind is going, Dave. Daisy, Daisy...
RIP Homebrew. HP will be locking us all out over the next year.
They are all about enterprise. Individual users are not even in their radar.
Being about enterprise is a good thing. It means they take security seriously unlike Android.
No one said Homebrew is going anywhere. It just means when you have a corporate phone your IT department decides if you should have access to Homebrew but then the same could go for App Catalog as well.
Exactly. If you don't want to play by your corporation's rules don't drink the Kool... er, accept the phone.
You're an idiot. This is just for corporate users when the corporation doesn't want their users to have access. This doesn't hurt you one bit. Troll.
Trollololololol!
Dave's not here!
C'mon, man, open up. It's me, Dave! :)
That's funny....
Hi all,
I'm glad it's only an option which is good for a number of reasons.
1. for those of use who are on the consumer side of all of this...it doesn't make a difference.
2. for those of us who are on the corp side, this is a good thing....corporations need to take ever option to protect their network and this is one of the ways that HP is doing to protect a users network...I think it's also a good sales feature for the enterprise market!
3. It DOESN'T mean the end of home brew as a few others have stated...
Take care,
Jay
this is a step in the right direction. if HP can get blackberry's foothold on the corp. world, that'll be good.
What companies that have already deployed Blackberries, would even consider replacing them with HPalm phones, especially when they are likely to have an investment in Blackberry Enterprise Servers? As much as I can see WebOS fan boys liking this idea, I just don't see HPalm taking over the enterprise with these phones. The Touchpad, maybe, but the Pre 3? I doubt it. Blackberry users aren't likely to be interested. Given a choice, they'll probably use their personal Blackberries, if that's an option.
Oh Lord, virtually every one I do business with. Have you ever USED that enterprise server garbage? I have countless companies that pay me in IT support every month just to fix problems with that **** Most companies would jump ship in a heat beat if they could.
Blackberry Enterprise is an outdated technology. It made sense a decade ago when there was no Exchange and when the early Exchange servers couldn't do push. Not only the current Exchange servers can do that they can even set policies. Who in the right mind would want to put Exchange behind another server that does the same exact thing creating two failure points and not to mention paying through the roof for it too.
Out of the businesses that I do consulting for almost every single one of those that use Blackberry Enterprise wanna jump ship to something else. Up to now the only other option they had was Windows phones but now if Pre3 can really be controlled by corporate policies then I can see a lot of them jumping ship.
It costs money to license, run an maintain the Blackberry server. Shutting it down is a money saving proposition.
As others have said, at my work BB is running on top of MS exchange. Everyone is on MS, then there are those that have BB's. Cut out the BB and you cut cost.
With that said, I don't think any of us think every BB based business will be switching over night, but long term I can see a lot of BB users that are already running Exchange servers switching.
Open the developer mode, Hal!
I'm sorry Dave from Marketing, I'm afraid I can't do that....
This is no different from companies that provide employees with laptops with no admin rights to install apps or blackberry phones with VERY limited capabilities: the device is for WORK, and we get enough virus scares without having to deal with an open device. That's why i carry my company locked down BB and my butt-naked Pre Minus, homebrewed and overclocked, yo!
Exactly right.
I'm not exactly sure what "butt-naked Pre Minus" means, but that is just an awesome description of your phone. Totally repped. :-)
This seems like a no-brainer. HP has to do this if they want to keep corporate IT customers. They are already huge in corporate IT so it would be suicide to do differently. I am sure consumer options will still be available, just as Windows computers can be setup for corporate or consumer users.
Does this mean if I want to get corporate email on "MY" phone I can't run homebrew? In that case EVO3D here I come.
If you have a proper security policy in your company you won't get your corporate Email via Evo 3D nor any other platform that your department can't control.
If not, it will work on both. The Pre 3 and any other phone (as long as it plays well with Exchange unlike my friends Motorola Defy that wouldn't accept a server-address that ends with .info...).
He's just looking for an excuse to jump on the EVO3D bandwagon.
Not really, i have an Epic 4G and I really would like my next phone to be WebOS.
I love webOS because with webOS I have options when it came to customization. I have 30+ patches installed on my Pre- which I am using as an ipod touch equivalent. Without dev-mode or home brew it is very much like an iOS device albeit much better and with subtle enhancements that make life easier. However, for me; the shine of webOS fades considerably without homebrew.
It all just depends on your IT-department in the end.
If they have an open Exchange-Server then it will most probably work with your phone (and any other that supports Exchange as I described). On the other hand if your IT-department wants to have a tight control on this, they will make it impossible for you to get your Email with a Pre 3, HTC Evo 3D, Epic 4G, iPhone 4, Mickyphone 7 or whatever else.
In such a case you would have to bite the bullet regardless of your phone.
This approach of HP is just directed towards a better adoption rate of their phones in corporate environments. As it is HUGELY important nowadays and the first thing that we from the IT-departments ask when somebody wants to sell us a phone.
- Can it be remotely managed as a single phone or a group of phones?
- Can I make policies? (like blocking root/jailbreak/dev-mode, blocking certain Apps or services etc.)
- Can I deploy my phones centrally without having to set-up all of them?
- Can I have a standard-image for all of my phones that get shipped?
- Can I do centralised updates from my companies servers instead of the phone manufacturer (similar to WSUS)
- Can I wipe the device remotely?
- Can I deploy corporate Apps on all devices?
- Does it support certain VPN-Standards?
- Does it support also Enterprise WiFi-Standards?
- Can I encrypt the data on the device?
- Is it possible to de-activate (and not obey) the corporate policies? And how easy can this be done?
- Does it have clients for Citrix Receiver?
- Can a user make appointments from his mobile device?
- Is it possible that the User sideloads dangerous Applications onto his phone? (-> Policies and dev-mode)
- How many Exchange-Accounts can be connected?
- etc...
Given the long delay in releasing the Pre 3 and the fact that many of the Pre Minuses out there (mine included), the EVO 3D bandwagon is looking mighty comfy these days. I could see a lot of corporate users getting a high-end Android phone like the EVO 3D for personal use and a company supplied Pre 3 for work.
As far as I know no corporation allows Android because it doesn't work well with Exchange.
Then you don't know much...
I've used my HTC Evo 4G (connected to Exchange) on two of my last 3 contracts (including my current contract).
I was talking about corporations. Androids work with Exchange as long as Exchange is wide open. Most Android phones don't even work with PIN requirement and as far as I know there is no Android that will accept policies pushed to the phone.
The few Droid phones that I had to setup never got the calendar pushed to them properly which made the users eventually switch to iPhone when Verizon iPhone showed up.
"I was talking about corporations."
So was I. I've only had issues with one company and that's because that company ONLY allowed BB's to connect to their Exchange servers. Other than that one, I've had full connectivity with my Android device. The company I'm working with now does not require a PIN but the first company I worked with are getting my Evo did...and it was honored by the device. In fact, I even went as far as installing a PIN bypass (which worked fine before FroYo) because the PIN was annoying (the policy forced a text pascode rather than a simple 4-digit PIN).
Your suggestion that "no corporation allows Android..." is incorrect.
Here at BDO, the 5th largest accounting/cousulting firm in the world we authorize Android, Blackberry and Iphone Not WebOs.
This is likely to be controlled through corporate "Palm Profiles". If you purchase the phone and have your own profile, this will not affect you. If IT wants to prevent devices without a corporate profile from accessing the EAS server, they can do so the same way they do today, by only giving the required security certificate to phones running the corporate profile.
Ah. Now we have a webOS phone that requires jailbreaking to get to devmode. I'm pretty sure that someone will attempt such a thing.
I doubt that this will be as popular as on Android or iPhone as only corporate phones would be affected.
On iPhone this is huge because basically you HAVE to do it, so that your iPhone becomes usable. On the other hand each HP-phone will be open and only gets locked if it's handed out by your corporate IT.
Which is in my sense a huge plus for HP, as a lot of companies want to lock down their smart-phones and are afraid that their users can simply get out of it by jail-breaking their devices.
I don't think someone like WebOS Internals would take such a task. This is borderline hackery that is unapproved. The developer mode as we know was put their by Palm. And it was done for us who want control on OUR phones, not the phones of an IT dept.
We need WebOS to be huge in the enterprise space. Let's not jeopardize that and make them lock down consumer devices as well.
There's a Pre3???
Since we're still speculating here...
If they decide to lock out the app catalog, or give the option to do so, for enterprise, conceivably those enterprise managers will still need some way to push apps to devices. HP could set them up with a way, so that enterprise customers have a secure method of delivering apps.
If they have a secure method of delivering apps, then what was the need of closing down the app catalog feeds indefinitely? I can understand if it's temporary for the Touchpad launch, but they said those feeds are gone for good. It would've been a better solution to leave those feeds public and give enterprise managers their own secure feeds to push apps to devices.
I posted this in another discussion I was having about this. They didn't say there wouldn't be a form of App feed in the future, but that how it was is not how it will be.
The reason they had to close it, as stated, is that those apps would have to still go through the feed. Instead of making multiple feeds (each business would need it's own feed).
http://www.precentral.net/hp-shutting-down-open-app-feeds
HP VP of Worldwide Developer Relations Richard Kerris chimed in in the comments of this very article, and is asking for patience from the community (whose passion continues to surprise him). He states that instead of addressing security concerns by "building a bunch of custom stores for each and every Enterprise customer," HP instead is taking "the stance of investing in our developers in a new and unique store approach that brings app discovery to a whole new level, which we think customers will really enjoy."
They didn't have to build custom stores. As long as the feeds have a standard format, each store could be pretty much identical, just the source feed is different. I like a new and unique approach as much as the next guy, but I don't like the feeds being taken away.
It's obvious that Kerris is new. He keeps asking for patience, yet you have to have monk-like patience to still be with webOS. All we've had to do is wait for a long, long time.
Love that picture!
Somewhere in a burled-walnut office there is a Verizon executive with a glint in his eye and a wry smile on his face…
-Suntan
Good, next step, fix the email lockup bug and add ability to accept meeting invites.
It makes sense for HP to do this... but HP better start actually supporting, patching and updating their products because the only way to get support for a HP product these days to is from the Homebrew Community.
I don't care about any of the speculation on any issue other than how long will we have to wait for the thing and what carriers it will be available on? There are tons of us long time Sprint customers with Pre minuses that need new phones now! I am going to be livid if they tell me this thing is coming in September or later on AT&T, both dealbreakers for me, because I would have waited around for nothing. Argh!
I don't know what all this means but have one question. Will the Pre 3 have the property security it needs so that my firm will authorize. I have a PrePlus, and my firm, a very large intenational company wont allow me to pull my emails. They allow Iphones and Android but says the Pre doesnt have the proper secruity.
Coming from an IT side I like this concept. But I sure hope it doesn't just apply it the second you enter your credentials.
It better give you a warning that it's going to apply security lockouts or whatever to your phone before it allows the connection.
All of this will depend on when the thing arrives. Half the year is gone and all I've seen is the Veer. I can guaranty you that no corporates are going to consider the Veer, so the Pre 3 had better show up before any Nokia/Windows Phones or viable Android options show up. The droid pro and Moto XPRT are already here and they are world phones with CDMA for US use and GSM for world use.
welcome to our website:
------- http://www.chic-goods.com/ --------
if you like to order anything you like.
More details,
please just browse our website Quality is our Dignity;
Service is our Lift.
enjoy yourself.
thank you!!
------- http://www.chic-goods.com/ -----
Am I the only one who wants an interactive HAL 9000 app?
There have been a few in the past but, they all sucked.