Interesting People mailing list archives
Re: iPhone can phone home and kill apps? - says yes
From: David Farber <dave () farber net>
Date: Fri, 8 Aug 2008 01:11:58 -0700
________________________________________ From: ed.well.com () googlemail com [ed.well.com () googlemail com] On Behalf Of Edward S. Rustin [ed () well com] Sent: Friday, August 08, 2008 3:25 AM To: David Farber Subject: Re: [IP] Re: iPhone can phone home and kill apps? - says yes John Gruber, of Daring Fireball, has posted his thoughts about this supposed blacklist. http://daringfireball.net/2008/08/core_location_blacklist His conclusion was this: "An informed source at Apple confirmed to me that the "clbl" in the URL stands for "Core Location Blacklist", and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location — an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines." On Thu, Aug 7, 2008 at 5:45 PM, David Farber <dave () farber net> wrote:
Nor to the best of my knowledge in S60 ________________________________________ From: Lauren Weinstein [lauren () vortex com] Sent: Thursday, August 07, 2008 11:34 AM To: David Farber Cc: lauren () vortex com Subject: Re: [IP] Re: iPhone can phone home and kill apps? - says yeshttps://iphone-services.apple.com/clbl/unauthorizedAppsAnd that's with the assumption that this URL (seems bizarre to make it so easily identifiable) is what it appears to be. If so, it should be possible to block in various ways (but are there hidden alternative paths?), though if the phone can't reach that URL for too long an interval maybe it "bricks" itself eventually. And what happens to an "unauthorized app"? Does this vary based on severity as determined by the phone's remote regal masters at Apple? Put up a warning message? Block program execution? Delete the program? Melt the phone? Or maybe just a voice announcement ("You have attempted to execute a program not authorized by Apple, Inc. Please stay where you are until authorities arrive at your GPS determined location.") As far as I know anyway, nothing like this has ever appeared in the Microsoft mobile platforms (e.g. WM5 at least). --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, NNSquad - Network Neutrality Squad - http://www.nnsquad.org Founder, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com - - -Ot is interesting -- when Microsoft was suspected of being able to do the same type of thing, that is disable apps that it considered improper or damaging, t here was a yell that was heard around the world. Apple , with it shiny armor, gets mild noice. Hmm. djf ________________________________________ From: ed.well.com () googlemail com [ed.well.com () googlemail com] On Behalf Of Edward S. Rustin [ed () well com] Sent: Thursday, August 07, 2008 2:43 AM To: David Farber Subject: Re: [IP] iPhone can phone home and kill apps? - says yes To take the other side of the argument - just because Apple =can= blacklist applications doesn't mean it =will= blacklist applications. Surely it should not be a surprise that it's possible for applications to be blacklisted, but I would be very surprised if the mechanism exists (and that's assuming that it really does exist, rather than this just being an unused setting tucked away in the code - has anybody actually seen an iPhone/iPod Touch access this URL?) for any purpose other than to kill a malicious application which somehow made it through the Apple review process. We've already seen that applications can be pulled from the App Store without affecting any of the existing installations - NetShare and Aurora Feint for example, so it doesn't look like Apple is interested in blacklisting an application just because it retroactively failed their review process. Now take the example of an iPhone worm, or an application which had a flaw that caused it to interfere with cell phone traffic, or a Trojan Horse, say a game which also just happened to send your personal data back to a server somewhere. In those cases would you not expect Apple to be able to remotely kill the Application, or should they just leave it be and hope that every iPhone user can just be persuaded to uninstall it? On Thu, Aug 7, 2008 at 1:24 AM, David Farber <dave () farber net> wrote:http://www.iphoneatlas.com/ ççiPhone can phone home and kill apps? Posted 6 August 2008 @ 11am in News Apple has apparently included a blacklisting mechanism in iPhone OS 2.x via which the device can phone home, check for unauthorized applications, and disable them. The OS includes a URL that points to a page containing a list of unauthorized applications, specifically: https://iphone-services.apple.com/clbl/unauthorizedApps Per Jonathan Zdziarski, author of the book iPhone Open Application Development and an iPhone Forensics manual: "This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. "I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation." Posted 6 August 2008 @ 11am in News Apple has apparently included a blacklisting mechanism in iPhone OS 2.x via which the device can phone home, check for unauthorized applications, and disable them. The OS includes a URL that points to a page containing a list of unauthorized applications, specifically: https://iphone-services.apple.com/clbl/unauthorizedApps Per Jonathan Zdziarski, author of the book iPhone Open Application Development and an iPhone Forensics manual: "This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. "I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation." ________________________________ Archives------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Re: iPhone can phone home and kill apps? - says yes David Farber (Aug 07)
- <Possible follow-ups>
- Re: iPhone can phone home and kill apps? - says yes David Farber (Aug 07)
- Re: iPhone can phone home and kill apps? - says yes David Farber (Aug 08)
- Re: iPhone can phone home and kill apps? - says yes David Farber (Aug 08)
- Re: iPhone can phone home and kill apps? - says yes David Farber (Aug 08)
- Re: iPhone can phone home and kill apps? - says yes David Farber (Aug 08)
- Re: iPhone can phone home and kill apps? - says yes David Farber (Aug 08)