Filed under: iPod Family, Rumors, Security, iPhone
Rumors: iPhone Application Key reportedly leaked
Last night, an anonymous tipster pointed us to this Austin Heap webpage that purportedly reveals the iPhone's secret Application SDK key. Another tipster, also anonymous, then tipped me to iPhone "Elite" developer Zibri's blog, that shows the same key. So what does this mean? Since all iPhone applications must be properly signed for iTunes to process them and for the iPhone to load them, this key suggests that hackers are closer to creating compliant IPA application bundles for home-brew iTunes distribution. With the proper key, developers can create and distribute applications that load through iTunes without Apple's blessing.
photo by 2create via flickr
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 3)
FoundInTheFlood said 3:39PM on 1-28-2008
sounds Hullabaloo !!!
Reply
Hecktic said 3:52PM on 1-28-2008
o my i almost dropped my iphone when i read this, but wtf?
Why are we releasing/leaking everything when the SDK is not even out yet?
i soft updated my iphone to 1.1.3, and its not all that, went back to 1.1.2, so i defintly can wait till apple makes a move with the SDK puts some apps up and then we stick it to them, can anyone keep a secret these days?
im not trying to wait till 1.1.4 because everyone couldn't keep their mouths shut ( current drama between nate/dev team )
but i guess, "a secret between two people is only good when one of them is dead"
Reply
krye said 4:16PM on 1-28-2008
Why does everyone have to ruin a good thing? Why can't people just leave well enough alone?
Reply
starkruzr1701 said 10:14PM on 1-29-2008
Let's see if you change your tune after the SDK is released and is gimpier than a one-legged octogenarian.
DistortedLoop said 4:24PM on 1-28-2008
Yep, Apple's sure to change the key now.
Reply
Bender Bending Rodriguez said 4:33PM on 1-28-2008
What kind of dumbass releases the key before the SDK is released. I say it's bogus.
Greg said 4:28PM on 1-28-2008
And this is a good thing why? That's all I need, an authentication key available to anyone who wants to write malicious code for my iPhone.
Reply
DrWho said 4:40PM on 1-28-2008
Good point
calvin said 4:48PM on 1-28-2008
Wouldn't that require you installing an application from an untrusted source?
Jasarien said 8:58AM on 1-29-2008
If you read the article, it says that the key would allow the app to be distributed through iTunes. Isn't iTunes considered a 'trusted' source?
C(h)rispy said 4:22PM on 1-29-2008
iTunes is the means through which these "malicious codes" could be distributed, so it's not really the "source" of anything. Bad things could still happen. However, I don't think this is going to be a big deal at all. There are other keys, and I imagine that if the SDK isn't even finished these keys would be subject to change.
However... this does probably cost apple money and slows the process. I bet a number of folks are mighty pissed off, but that's likely the worst that could come of this.
stainboy said 4:39PM on 1-28-2008
as a potential customer for third-party apps, i'd actually prefer purchasing and installing software through iTunes. i would presume there would be some sort of quality control involved before the software would be allowed in the store. sorry, but i have enough trouble getting a good AT&T signal, let alone deal with some malware or buggy application knocking my phone out of commission.
Reply
Zeke said 4:43PM on 1-28-2008
This is not a good thing, unless you are OK opening up your iPhone to malware.
Obviously we want free application development on iPhone, but unless you want to compromise on security, the ball is in Apple's court to allow such a thing. Let's hope they do the right thing and make third party development both open and secure.
Leaked keys and the like might allow third party apps, but that's just the clean face of the technical reality - proof-of-concept code is already out there showing that malware can infect an iPhone, and continued hacked development that relies on leaked keys or security explots will leave this possible.
Reply
punkassjim said 4:51PM on 1-28-2008
Are you not jailbroken? Because every single jailbroken phone is susceptible to malware. Blows my mind that, even given that fact, malware isn't a problem on jailbroken phones yet. I fully agree with you in this regard, but I also would like to be able to programs I'VE written onto my phone for free. Make sense?
I don't know if this is a real report, but I just don't understand blabbing it about. Makes no sense.
Zeke said 7:11PM on 1-28-2008
punkassjim, I was jailbroken, but I decided to upgrade to 1.1.3 anyways and "virginize" it. I, too, want to put *my* programs on the phone, without any artificial restrictions. However, the jailbreaking method currently in place cannot protect your phone (more than patching an exploit). There may not be malware out there yet, but when there is, you will not have a way to protect yourself from it. For each one of "your" programs, you open up your iPhone to potential others.
Apple needs to be responsible and create an environment that is both open AND secure. I doubt it will happen, but I am unwilling to keep my iPhone vulnerable to exploits just so I can run third-party software.
James said 5:03PM on 1-28-2008
Signing isn't a bad idea when you have a staff that can control and manage the signed binaries. I think most consumers don't have a staff period, so it just doesn't belong on a consumer device.
The worst case is, without signing the security of the iPhone is the same as the security of any computer running a general purpose OS. Considering the iPhone doesn't run Windows, we should have some hope that it's not about to be assaulted by an army of viruses.
Reply
Fritz Laurel said 5:12PM on 1-28-2008
I'll wait for the SDK, but I'll keep this knowledge in case the SDK offering is less than stellar.
Reply
frogbat said 5:13PM on 1-28-2008
mmm interesting. I hope to see lots of third party development especially for the touch (cos that's what i have :D) i'd love a voip client for the iphone would be great for work as we use an asterisk based pbs...
am i the only one that thinks apple underestimated both the power of their touch platforms and the demand for these devices to run more software?
Reply
The Brad said 5:18PM on 1-28-2008
This is not good folks. Apple has slowly but surely listened to consumers almost every step of the way since the iPhone was launched: 3rd party apps? check. Compensation for early adopters after price drop? check. Multi SMS? check. GPS? kinda sorta check. Why antagonize them now?
Reply
TAK said 6:26PM on 1-28-2008
I'm quite sorry, but one major problem people are having right now is the fact that Apple is simply NOT listening to their customer base. The limitations of the iPhone is an obvious example, the current version of Java in Tiger/Leopard is another.
They are only changing because their customer base is extremely frustrated and taking things into their own hands. They have no choice but to continue playing catchup (except the only difference is that they have all the proper tools to implement everything as it should have been in the first place)