Filed under: iPod Family, Bad Apple, iPhone, App Store
iPhone hacker says devices "phone home," allows for disabling apps remotely
https://iphone-services.apple.com/clbl/unauthorizedApps
Jonathan Zdziarski, an iPhone hacker, says nothing has been blacklisted as of yet. However, the mechanism is there, and the iPhone could call in on occasion to see what has been blacklisted. Zdziarski says that Apple could have the ability to shut down applications you've purchased from the App Store.
While this may sound like a privacy violation, our sources tell us that Apple has put this tool into place as a security measure to shut down rogue apps if needed, and it could simply be a proof of concept that hasn't yet been implemented for actual takedowns. We're not convinced that this is new, considering that the only entry in the unauthorizedApps list is dated "2004" and is clearly a test entry.
[via Engadget & Macrumors]


![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)


Reader Comments (Page 1 of 2)
Unregistered said 11:36AM on 8-07-2008
mmm, mal.licio.us sounds like a great URL!
Reply
Jason Hung said 1:32PM on 8-07-2008
Haha, indeed it does.
Anyway, I think a simple workaround is if you've jailbroken your phone and you want to use an illegal app, you'd just edit /etc/hosts and for iphone-services.apple.com route to 127.0.0.1 until a patch is worked around.
punkassjim said 3:24PM on 8-07-2008
Kudos to Jason for the suggested workaround, but here are my thoughts:
iPhone Atlas isn't linking directly to Zdziarski's original comments, but I'm seeing all over Google that he found this URL string deep within the CoreLocation framework.
Um...isn't anyone even entertaining the notion that this "blacklist" is set up specifically to disallow rogue applications from using CoreLocation? Kinda stands to reason, eh? The truth of the matter is, there's a LOT of potential for location-aware applications to do Bad Things without much—if any—indication to the end-user (meaning, Apple could inadvertently allow malware into AppStore). I see no evidence at all that this is linked to "remotely deleting your applications."
I just think people are jumping to some really quick conclusions, and there's enough shadow of doubt that I'm not inclined to point the "insidious" finger yet.
Eckofish said 11:43AM on 8-07-2008
Do you think developers should get together and sign a M.A.D. petition to neuter Apples power?
Just a silly thought :)
Reply
Chris said 11:49AM on 8-07-2008
"Description" = "Being really bad!"; "App Name" = "Malicious"
Lol
Reply
Ryan said 11:50AM on 8-07-2008
Holy crap, could you imagine if MS did this for the same reasons and still had it as a proof of concept as you believe. The backlash would be huge.
These past few months I have been liking Apple a little less everyday :-|
Reply
icehawk said 3:42PM on 8-07-2008
They do. Their CRL is at http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
Windows grabs it on startup.
Ryan said 4:10PM on 8-07-2008
What are you talking about? Do you even know what a CRL is? It has nothing to do with what we are taking about, Microsoft is only going to sign MS applications - not some random 3rd party. On top of that you can disable the CRL checking if you don't care.
Look, I don't use MS products so I'm not shilling for them and Apple puts the dinner on my plate so I certainly am a fan, but if I bought a piece of hardware, I don't want anyone else's hands messing around inside of it. It's mine, stay the F**k out.
Richie said 11:53AM on 8-07-2008
I really can't say I care, I don't think cydia or installer will magically dissapear as long as they don't support pirated iPhone apps. Blacklist any dev from the repository allowance that throws up pirated apps, they are going to ruin it for everyone. :(
Reply
Hawkman said 11:56AM on 8-07-2008
Of course, the real question here is how Malicious got through their rigourous initial vetting, if it's "really bad"? :)
Reply
Rich said 11:58AM on 8-07-2008
You obviously haven't seen some of the available apps...
Josh Freeman said 12:46PM on 8-07-2008
This was pretty clearly stated in the Apple keynote, where they talked about enterprises having the ability to disable apps and wipe info to protect confidentiality. Couldn't sell the iPhone to large corporations or the military without that capability.
Reply
punkassjim said 3:28PM on 8-07-2008
That's entirely different. Enterprise phones are capable of remote-wipe, it's a Microsoft Exchange thing. Remotely wiping a run-of-the-mill consumer iPhone is (as far as I've seen) not possible.
Roger Mudd said 12:05PM on 8-07-2008
"... a security measure to shut down rogue apps if needed."
Why would this be needed? Surely Apple scrutinizes all the applications that it distributes via the locked-down App Store. Rogue apps shouldn't even make it to the marketplace under the current model.
Reply
ars_workerbee said 12:37PM on 8-07-2008
There's no possible way the cows can escape the pasture. We don't need any plans to get them back if they do.
Oh hey, a tornado took out the fence. Guess we're screwed.
Same flawed logic. Look at the privacy issues we've already run into, with Aurora Feint, and the SMS spam from Loopt. Apple doesn't get the source to submitted apps, they get compiled binaries. If someone wanted to be truly malicious, they could cleverly hide something and set it off later.
mrt2 said 12:03PM on 8-07-2008
To the commenter in post #4, MS does this... it's called Genuine Advantage
Reply
Ryan said 12:13PM on 8-07-2008
No, WGA does not disable third party applications. Having the ability to kill your own pirated software is one thing (of which we are not arguing here), killing third-party apps is another.
mrt2 said 12:04PM on 8-07-2008
At #4, MS already does this... it's called Genuine Advantage
Reply
Max said 12:15PM on 8-07-2008
As long as it's not abused (eg, used to kill apps like NetShare), this is definitely a good thing.
Reply
drunkenoaf said 1:18PM on 8-07-2008
If that list really had been at that location (https://iphone-services.apple.com/clbl/unauthorizedApps) since 2004 -- somebody would have noticed "iPhone" in the URL well before the device's launch... so I doubt the test entry is >4 years old.
Reply