Slashdot Log In
Apple Can Remotely Disable iPhone Apps
Posted by
Soulskill
on Mon Aug 11, 2008 05:02 AM
from the they're-making-a-list dept.
from the they're-making-a-list dept.
mikesd81 writes "Engadget reports Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. It seems the new 2.x firmware contains a URL which points to a page containing a list of 'unauthorized' apps — a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. Jonathan Zdziarski, the man who discovered this, explains, 'This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.'" Update: 08/11 13:07 GMT by T : Reader gadgetopia writes with a small story at IT Wire, citing an interview in the Wall Street Journal, in which this remote kill-switch is "confirmed by Steve Jobs himself."
Related Stories
[+]
Technology: Why the Kill Switch Makes Sense For Android 384 comments
Technologizer writes "It came out this week that Google's Android phone OS, like the iPhone, has a kill switch that lets Android Market applications be disabled remotely. But it's a mistake to lump Google's implementation and Apple's together — the Google version is a smart, pro-consumer move that avoids all the things that make Apple's version a bad idea."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Security Risk? (Score:5, Interesting)
Given the unpatched Kaminsky DNS stuff on desktop OS X, or even just spoofed ips, doesn't this mean that a malicious attacker might be able to spoof the apple "ban list" and disable core functionality? How long until this can be exploited with a list of the core os x daemons thus "bricking" the phone until ?
It is a Core Location Blacklist (Score:5, Informative)
Re:It is a Core Location Blacklist (Score:5, Informative)
Parent
Re:It is a Core Location Blacklist (Score:5, Funny)
That'll be Slashdot's lack of unicode support -_-
Jeeze! If we can put a man on the moon, you'd think that... Oh, nevermind...we can't even do that anymore either.
Parent
Re:It is a Core Location Blacklist (Score:5, Funny)
No, /. sucks. Try to point out the price of something in Euros. It won't work.
"10 Euro".
Hmm, seems to work here...
Parent
re: CoreLocation (Score:5, Informative)
Re: CoreLocation (Score:5, Funny)
Oh, come on don't you spoil our neat little flamefest based on mere guesswork and Anti-Apple bias with your boring and irrelevant facts, please.
I mean this if Slashdot, if you want news, please go to CNN.com. Ah, damned, they don't want their stories being diluted by facts either...
Parent
Not an Apple-specific problem (Score:5, Insightful)
This sort of problem is now years past the place where it can be solved by "voting with your dollars," or hoping that exposing the problem will create bad PR and shame the company into correcting it.
I don't know what parts of our constitution are still operative today, but if we can't get the public interested in privacy rights, get Congress interested in passing appropriate legislation, making "phoning home" against the law--and getting those laws enforced--then Apple and Microsoft and Sony and everyone else will continue to do whatever is technologically feasible, convenient, and supportive of their corporate goals.
It's naive to think that there are Good Companies and Evil Companies and that the answer is to put your faith in the Good Companies.
Of course, I do hope that exposing the problem creates bad PR and shames Apple into fixing it.
This has already been addressed by Steve Jobs! (Score:5, Interesting)
http://www.engadget.com/2008/08/11/jobs-60-million-iphone-apps-downloaded-confirms-kill-switch/ [engadget.com]
Steve Jobs has confirmed the kill-switch, and defends it as a "responsible" way to make sure they can deal with it if a malicious app finds its way into the App Store.
Get with the times, editors!
Apple can kiss my shiny metal ass (Score:5, Insightful)
Re:Apple can kiss my shiny metal ass (Score:5, Informative)
"There's just *no way* a phone should contact another server without the user knowing it..."
Actually, when you stop to think about it, every cell phone in existence does just that, as all of 'em continually poll local cell towers to tell the servers that they're in that particular neighborhood. You might not have known it's doing that, but it does.
Then there's the fact that the iPhone checks iTunes servers for application updates, does push/pull on various and sundry mail servers, handles SMS messaging, will shortly begin checking for push notifications, checks who knows what stock and weather servers....
Parent
wow, expensive *and* restrictive? (Score:5, Funny)
Where can I sign up for the really expensive phone with no buttons, locked into a single provider, that I can't modify or enjoy in any way (except the approved ways I suppose).
I'd really like one of those.
Re:Refunds (Score:5, Insightful)
I still don't get why it was pulled.
Let rich idiots throw their money away on tat.
Parent
Re:Refunds (Score:5, Funny)
Probably for violating an Apple business method patent.
Parent
Re:Refunds (Score:5, Insightful)
I always enjoy old adages being proved right. In this case "A fool and his money are soon parted."
I just wish I'd been the one to think of marketing an app to the terminally stupid.
Parent
Re:Refunds (Score:5, Informative)
No. This is a Core Location Black List [daringfireball.net]. It stops listed apps from retrieving your current location. But it doesn't stop that app from working otherwise.
Parent
Re:excuses, let it rain (Score:5, Insightful)
How about we stop pretending that philosophical issues are the most important things when someone buys a product? Yeah, Apple products are more closed and restrictive, but they work for me. And until I get burnt by them bad enough to consider switching, I have no problem with them. I mean, they do behave pretty well for a Corporation. No need to spread FUD at the first sight of something that may not be ideal.
Parent
Re:Spin this! (Score:5, Informative)
Parent
Re:Spin this! (Score:5, Informative)
Well if that seems perfectly reasonable to you, iPhone isn't really for you since currently no applications are blocked from using your GPS...
is that so mr anonymous coward? that's odd, since my iPhone pops up a message ""app_name" would like to use your current location" the first time each app tries to access the GPS since the last reboot. seems to me you're talking right out your ass
Parent
Re:It's not called a 'phone home' (Score:5, Funny)
It's not youPhone, it's iPhone. And so it phones.
Parent
Re:It's not called a 'phone home' (Score:5, Insightful)
It's probably in the terms and conditions of ownership, and thus every owner has given permission already.
It's not like Apple is collecting user information here. It's a HTTP GET as far as I can tell, with no information being supplied to Apple, just a list of applications that are bad and that the user shouldn't run for their own protection.
Going beyond this into the realm of assuming that apple are collecting user data, disabling applications they just don't like, etc, is stupidity on the level of people who believe in conspiracy theories.
Parent
Re:makes sense to me.. (Score:5, Insightful)
Shouldn't be used unless it's deemed "dangerous".
Who decides what's dangerous? Are pirated apps going to be deemed dangerous? If you bypass certain security measures, is that dangerous? I don't like control being taken away from me (where "me" in this case is any end-user).
Even if the intent is to only blacklist malware, does apple have a research lab to determine whats malicious and what isnt? Will they tell us how they decide on malware? What if you release an app that is infected with malware, the app is still legit whereas the malware part of the code is not. What happen if that app gets blacklisted, can it be revoked? If the iPhone contacts a webpage every now and then, will apple pay the bill for the connection?
I don't like this, at the moment I don't like it because they did it without saying they are doing it. Going forward, they should say what they intend to block and give the enduser and option of either using the "service" or not... especially since the end-user is the one paying the bill for the datatransfer, the amount of money is imho completely irrelevant.
Parent
Re:makes sense to me.. (Score:5, Insightful)
Wow. Just... wow
Let's change the players a bit:
"Engadget reports Microsoft has readied a blacklisting system which allows the company to remotely disable applications on your Vista PC."
Do we still feel warm and protected?
Parent
Re:makes sense to me.. (Score:5, Insightful)
And this certainly isn't there to make sure they can blacklist any iphone breakout software that gets into the wild. God no! Apple cares about their customers! *Cough Cough Cough*
Well, considering there already is breakout software in the wild and it has nothing to do with the apple store... No, this looks like another line of defence in case malware somehow makes it past their reviewing process.
And, you know what? I'm in favour of it. I don't want my phone making unsolicited phonecalls.
Parent
Re:makes sense to me.. (Score:5, Insightful)
Not without it asking you first.
Although it probably wouldn't hard to write an app with a legitimate reason to use the GPS, and throw in a few lines that will also tell the author where you are as well.
Parent