Home page logo
/

interesting-people logo Interesting People mailing list archives

Re: iPhone can phone home and kill apps? - says yes
From: David Farber <dave () farber net>
Date: Thu, 7 Aug 2008 05:59:28 -0700

Ot is interesting -- when Microsoft was suspected of being able to do the same type of thing, that is disable apps that 
it considered improper or damaging, there was a yell that was heard around the world. Apple , with it shiny armor, gets 
mild noice. Hmm. djf
________________________________________
From: ed.well.com () googlemail com [ed.well.com () googlemail com] On Behalf Of Edward S. Rustin [ed () well com]
Sent: Thursday, August 07, 2008 2:43 AM
To: David Farber
Subject: Re: [IP] iPhone can phone home and kill apps? - says yes

To take the other side of the argument - just because Apple =can=
blacklist applications doesn't mean it =will= blacklist applications.

Surely it should not be a surprise that it's possible for applications
to be blacklisted, but I would be very surprised if the mechanism
exists (and that's assuming that it really does exist, rather than
this just being an unused setting tucked away in the code - has
anybody actually seen an iPhone/iPod Touch access this URL?) for any
purpose other than to kill a malicious application which somehow made
it through the Apple review process.

We've already seen that applications can be pulled from the App Store
without affecting any of the existing installations - NetShare and
Aurora Feint for example, so it doesn't look like Apple is interested
in blacklisting an application just because it retroactively failed
their review process.

Now take the example of an iPhone worm, or an application which had a
flaw that caused it to interfere with cell phone traffic, or a Trojan
Horse, say a game which also just happened to send your personal data
back to a server somewhere. In those cases would you not expect Apple
to be able to remotely kill the Application, or should they just leave
it be and hope that every iPhone user can just be persuaded to
uninstall it?

On Thu, Aug 7, 2008 at 1:24 AM, David Farber <dave () farber net> wrote:

http://www.iphoneatlas.com/

ççiPhone can phone home and kill apps?

Posted 6 August 2008 @ 11am in News

Apple has apparently included a blacklisting mechanism in iPhone OS 2.x via
which the device can phone home, check for unauthorized applications, and
disable them. The OS includes a URL that points to a page containing a list
of unauthorized applications, specifically:

https://iphone-services.apple.com/clbl/unauthorizedApps

Per Jonathan Zdziarski, author of the book iPhone Open Application
Development and an iPhone Forensics manual:

"This suggests that the iPhone calls home once in a while to find out what
applications it should turn off. At the moment, no apps have been
blacklisted, but by all appearances, this has been added to disable
applications that the user has already downloaded and paid for, if Apple so
chooses to shut them down.

"I discovered this doing a forensic examination of an iPhone 3G. It appears
to be tucked away in a configuration file deep inside CoreLocation."

Posted 6 August 2008 @ 11am in News

Apple has apparently included a blacklisting mechanism in iPhone OS 2.x via
which the device can phone home, check for unauthorized applications, and
disable them. The OS includes a URL that points to a page containing a list
of unauthorized applications, specifically:

https://iphone-services.apple.com/clbl/unauthorizedApps

Per Jonathan Zdziarski, author of the book iPhone Open Application
Development and an iPhone Forensics manual:

"This suggests that the iPhone calls home once in a while to find out what
applications it should turn off. At the moment, no apps have been
blacklisted, but by all appearances, this has been added to disable
applications that the user has already downloaded and paid for, if Apple so
chooses to shut them down.

"I discovered this doing a forensic examination of an iPhone 3G. It appears
to be tucked away in a configuration file deep inside CoreLocation."

________________________________
Archives



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]