Apple Can Remotely Disable iPhone Apps 550
mikesd81 writes "Engadget reports Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. It seems the new 2.x firmware contains a URL which points to a page containing a list of 'unauthorized' apps — a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. Jonathan Zdziarski, the man who discovered this, explains, 'This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.'" Update: 08/11 13:07 GMT by T : Reader gadgetopia writes with a small story at IT Wire, citing an interview in the Wall Street Journal, in which this remote kill-switch is "confirmed by Steve Jobs himself."
Refunds (Score:4, Informative)
I Am Rich app, anyone?
It is a Core Location Blacklist (Score:5, Informative)
Re:It is a Core Location Blacklist (Score:5, Informative)
re: CoreLocation (Score:5, Informative)
Re:It is a Core Location Blacklist (Score:1, Informative)
That'll be Slashdot's lack of unicode support -_-
"clbl" in the URL stands for "Core Location Blacklist"
Re:Spin this! (Score:5, Informative)
Not true, the iphone doesn't phone back home. (Score:1, Informative)
Search the internet and you'll find that the aforementioned blacklist is actually included in the Core Location service and it serves the only purpose to block certain applications to use it in order to protect the privacy of the user. So no iphone getting back to block your pirated applications. Let's move on boys.
Re:It is a Core Location Blacklist (Score:2, Informative)
No, /. sucks. Try to point out the price of something in Euros. It won't work. Nor does the cents symbol.
Re:Spin this! (Score:1, Informative)
Actually, 'ol Steve says it is:
http://www.engadget.com/2008/08/11/jobs-60-million-iphone-apps-downloaded-confirms-kill-switch/
Re:Spin this! (Score:5, Informative)
Well if that seems perfectly reasonable to you, iPhone isn't really for you since currently no applications are blocked from using your GPS...
is that so mr anonymous coward? that's odd, since my iPhone pops up a message ""app_name" would like to use your current location" the first time each app tries to access the GPS since the last reboot. seems to me you're talking right out your ass
Re:Story is untrue (Score:4, Informative)
Will you kindly shut the fuck up already? We've had about 5 posts like this so far, all of which contradict the following respective pieces of obvious logic and in-your-face authoritative evidence:
1. Just because someone uncovered one URL which is likely to be a Core Location services blacklist, it doesn't automatically disqualify that there are [i]other[/i] blacklists which disable an app entirely.
2. Steve Jobs announced (see recent WSJ article summarized e.g. on macrumors.com) that iPhone has remote app disabling. To announce this if it's not true would be monumentally stupid for two reasons:
(a) He knows he'll piss off a minority contingent of privacy advocates. (shame that it's only a minority, but if there's one thing we learn from our dear country, it's that its citizens generally get exactly what they deserve)
(b) At some point, a malicious app [i]will[/i] appear. Imagine the reaction if, everyone with eyes looking to Apple to disable it, SJ responds with "oh, my bad, actually we can't disable stuff".
In conclusion, the iPhone has remote app disabling. Apple can remotely disable any of your apps. Your apps are remotely disable-able.
In other news, the iPhone developer agreement apparently must include the "we can pull any of your apps from the store for an arbitrary reason aside from the ones mentioned explicitly in the agreement" clause, since removal of _I Am Rich_ was, Apple claims, a "judgment call". Meanwhile, removal of _NetShare_ was due to the ability - the developer seems to have concluded, after a period of silence - to use it to break your service agreement on some of the many global networks iPhone is available for. This is all made harder by an NDA which specifically prohibits an iPhone developer community, let alone any open source + Free software, since you're [i]not allowed to talk about your code[/i].
At the risk of confronting the No True Scotsman fallacy, no true developer codes for the iPhone. It's a get-rich-quick gamble, where Apple may pull your foundations from under you at a whim (as they've already three times to developers) and where you must code alone and in secret.
Re:Apple can kiss my shiny metal ass (Score:5, Informative)
"There's just *no way* a phone should contact another server without the user knowing it..."
Actually, when you stop to think about it, every cell phone in existence does just that, as all of 'em continually poll local cell towers to tell the servers that they're in that particular neighborhood. You might not have known it's doing that, but it does.
Then there's the fact that the iPhone checks iTunes servers for application updates, does push/pull on various and sundry mail servers, handles SMS messaging, will shortly begin checking for push notifications, checks who knows what stock and weather servers....
Re:Refunds (Score:5, Informative)
No. This is a Core Location Black List [daringfireball.net]. It stops listed apps from retrieving your current location. But it doesn't stop that app from working otherwise.
Re:It is a Core Location Blacklist (Score:5, Informative)
€ is your friend ;)
€
Re:Net Share (Score:4, Informative)
Yes, if you get the .app bundle, you can install it manually on a jailbroken iPhone/iTouch.
Re:excuses, let it rain (Score:3, Informative)
Ooh! How dare you take the reasoned intelligent approach! Don't you know where you are?
Also, I agree. My friends bitch about my buying iPod, because its 'eeeevil Apple'. But they work well, I like the build quality, and I have never seen any compelling reason to buy any competing products.
Re:Refunds (Score:1, Informative)
Re:makes sense to me.. (Score:5, Informative)
This is actually a few days old; it did the rounds on the Apple rumour sites and was debunked: it's a blacklist that can prevent applications using Core Location to determine a users' position (so if an app is abusing it & logging everywhere a user goes, they can be prevented from doing that while still allowing the app to function).
The hint was in the filename (and the library that references it): clbl - Core Location BlackList
Re:Refunds (Score:4, Informative)
No. There is a certificate system for all apps, and Apple can revoke the certificate. In tabloid terms that is a kill switch. BUT the functionality described here - the URL with the blacklist - is a Core Location Black List. The clue is in the library that that URL was found in, and in the URL itself if you read it.
Re:Refunds (Score:1, Informative)
Steve also confirmed the existence of the kill switch for malicious apps, despite last week's news to the contrary. "Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull." And you can't argue with that logic.
I fail to see where you got that from. Steve Jobs apparently confirms that it is a malicious app kill switch.
Apple raised hackles in computer-privacy and security circles when an independent engineer discovered code inside the iPhone that suggested iPhones routinely check an Apple Web site that could, in theory trigger the removal of the undesirable software from the devices.
Mr. Jobs confirmed such a capability exists, but argued that Apple needs it in case it inadvertently allows a malicious program -- one that stole users' personal data, for example -- to be distributed to iPhones through the App Store. "Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull," he says.
This is the citation from Wall Street Journal. It clearly states that it will disable and remove applications.
Re:Refunds (Score:4, Informative)
Seriously, no, it is theCore Location Blacklist [daringfireball.net]. He got it from the Daring Fireball link he included in his comment. Apple does claim that there is a capability to remotely disable applications. He does not claim that the URL to the Core Location Blacklist is that capability.
Comment removed (Score:5, Informative)
Re:It is a Core Location Blacklist (Score:3, Informative)
Say what?
It's gibberish [gibberish.co.il]. Hebrew internet users are all too familiar with it, hence the linked website. It will translate some non-Hebrew gibberish as well.
Actually, I think that the technical word for gibberish is Mojikame, from Japanese.
Re:makes sense to me.. (Score:1, Informative)
"Engadget reports Microsoft has readied a blacklisting system which allows the company to remotely disable applications on your Vista PC."
Which, it's worth mentioning, they do. It's called a "hard block." When an application is placed on the "hard block" list for Vista, it simply cannot be run under Vista. The OS will not allow you to run the application, simple as that.
Microsoft claims that the list is only for "applications that would damage the operating system." Which, I'm sure, is the same claim Apple makes about their iPhone application blacklist.
Re:It is a Core Location Blacklist (Score:3, Informative)
Re:Refunds (Score:5, Informative)
Security is layered.
Applications have permission to run by virtue of the fact that they are signed by Apple. That certificate can be revoked. (The so called kill switch).
This black list deals with apps that make inappropriate use of Core Location, but are otherwise OK. For example an app might constantly use explicit Core Location requests to find the current location. That would drain the battery in no time. (versus requesting to be notified when location has changed by more than a threshhold). The App is non-malicious, just sloppily programmed. Apple could blacklist it's core location functionality, whilst leaving the rest of the functionality working. Until such time as the developer produces a fixed version.
Re:Spin this! (Score:3, Informative)
Uh, yes it's justifiable. Apple wants its product to behave this way, and I purchase their devices knowing they want to control everything. Don't buy the phone if you want an open market model! Hell you shouldn't own any Apple product if that's the kind of market you prefer, it is simply not their thing.
Besides, as other posters have pointed out, it's not phoning home to control apps, it's to prevent malicious use of CoreLocation because Apple cares about privacy.
(okay I'm not actually arguing they care, but that's the impression they want to give. It protects their profit margin)
Re:makes sense to me.. (Score:5, Informative)
"Oh, but's Apple, and this is good! Want to know why the PC prospered? Apple around the time of when it could have gone its way introduced an SDK development process where every developer who wanted to deliver something had to have a developer token. Without the blessing of Apple no go on Apple hardware! It annoyed many developers and the rest is history...
Don't believe? Do some historical checks..."
Really, I was an Apple developer back in the day, moving from the Apple II all the way to the original Mac (the all in one) and then getting out of the business a few years later.
I don't remember EVER contacting Apple for the SDK. I simply bought Lightspeed /Think C and Pascal and developed. Want more in-depth info? Get the Inside Macintosh books. I had like 2 dozen...each taking up a few hundred pages, and each focusing on an API and/or group of related items. Things like Audio had entire volumes written about it (this was my focus).
In this time, I *NEVER* once asked Apple for a 'token'...it wasn't needed. The most you'd ever need would be to have an official App ID (or whatever it was called) that ensured that documents created with specific doc types would know what application would open it -- and to keep other developers from trying to usurp yours. It could easily be done on the local computer.
Honestly, you don't know what the fuck you are talking about. This falls into the realm of not just ignorance, but making shit up.
Re:It is a Core Location Blacklist (Score:3, Informative)
Re:Refunds (Score:2, Informative)
re: only acceptable because it's Apple?? (Score:2, Informative)
Hardly the case...
The Blackberrys have the ability to be remote wiped of all data, for example.
And although no mention has really ever been made of it, I see no technical reason why other carriers like US Cellular couldn't easily "revoke/kill" purchased apps on their users' phones either? They use a DRM mechanism where they issue you a "key" when you download the app. Seems like a forced download of an update could cause all the apps to need a fresh key in order to keep running? (Unlike Apple, who has the whole iTunes store with actual user accounts on it though, you're screwed if your physical phone breaks with US Cellular. All your apps are just lost, period. You don't get to re-download them using some user acct. that "remembers" what you paid for previously.)
I fully understand and expect that my mobile phones are subject to more control by carriers than a "stand alone" device like my personal computer. If your #1 worry is getting to run whatever you want on your iPhone, vs. actually USING it as a CELLPHONE - then fine. Just re-flash the thing with whatever code you like. It's not a "non user updatable" device, obviously ... as all the "jailbreaks" prove.
Re:Refunds (Score:3, Informative)
Read the last paragraph. The guy is a freetard nut.
It might "kill" applications that can't cope with an error when it requests the location. i.e. buggy applications. But all it's there for is to deny named apps the ability to use Core Location.
Re:Refunds (Score:3, Informative)
The quoted article is wrong. YOU read the article I linked to ealier. [daringfireball.net] It's right.