Apple's secret iPhone app blacklist
A researcher has discovered a URL buried in the iPhone hardware that appears to point to an application blacklist - potentially allowing Apple to retroactively remove applications it decides no longer fit the bill. The URL, reported by iPhone Atlas, links to a file on apple.com called "unauthorizedApps" that seems to contain a …
...but really, I think I'd be more worried if they didn't have this facility. So long as they don't use it except for apps that really are dangerous - as the test app would imply. The tethering app that got pulled hasn't appeared on that list, which is a very good indicator.
One assumes that there would be an automatic refund via iTunes for any paid app being automagically removed?
...then that's good enough for me.
As long as such a tool isn't abused (and I'm sure Webster will be along to provide an articulate and insightful post explaining how it will be), it's essentially no different to any filtering technology that gets a blacklist from a remote source.
What it does show is Apple are a little more realistic about their abilities to catch malware at the submission stage than their press might suggest.
So who owns that shiny new iPhone? Well the consumer holds it in their hands and possession is 9/10ths of the law. ROFLMAO.
I for one actually want control over the products and software I use. I want to determine what it does, what is run, where it may or may not connect and what it does or doesn't download and install.
I must say the more that hardware and software systems come under the control of the manufacturer the more OSS should become the norm for the wise user. Jump on the iPhone sheeple, conform, consume, obey.
Flame me by all means, after all you really need to defend that purchase don't you? Why did you buy it again? Because it offers something you cannot live without, or because it looks good and makes you feel cool when you whip it out at the pub/restaurant? Rhetorical question, I am sure lots of excuses can be bandied about concerning the essential, can't live without it iPhone.
Flame cos i's flame baiting, come on and bite posers ;-)
If, after the release of some App, the developer or Apple, finds that a it has a major bug that could cause data loss, instability or some other negative effect, then it makes sense to have a way of disabling it, until the fixed version is available.
Not every iPhone or iPod touch user is going to actively keep up-to-date on the status of every app they have installed.
Or, more worryingly, if a rogue application developer has implemented some 'hidden' nasty features in one of their apps, a trojan, if you like - it's even more important to have some way of disabling it.
I don't see the problem. The facility is there, IF it's ever needed. I don't see why Apple would "retroactively remove applications it decides no longer fit the bill." - unless that app has some major negative effect on the smooth running of the device.
Apple could use this to remove virus and security damaging apps to protect their customers...
Oh yeah right they'll just use it as an extra level of control and to screw their users into giving them money.
You may call Apple paranoid, but they want to make damn sure that 3rd party apps don't compromise usability, battery life or other characteristics considered key by Apple. As they cannot test every 3rd party application to the full extent, some application may slip onto the iPhones that only after a while expose some undesirable behavior. And how do you stop such applications?
Every operating system has an application launching service, and this service may call home when or before launching an application. Asking for a YES/NO information will be very fast even if not on 3G. Alternatively, a scheduled task may periodically check the apps that are installed.
A suspect has to be considered innocent until proven to be otherwise.
...I rejected upgrading to an iphone on grounds of I couldn't tether to it via bluetooth (even moreso when I read here on El Reg that an application which would support that function was killed off, once let alone twice!). Sticking to sony ericssons from now on as I was assured by a helpful o2 staffer that the new W and C series phones tether nicely with HDSPA :)
....WHY would anyone want to buy into Apple's draconian business model?
I used to think that MS was unpleasant to deal with - But no - MS is a kitten in comparison to Apple.
MS doesn't offer a service like this. They want all developers to work hourly; they do not want developers to share in the profits.
Period.
or maybe just a way to cripple any SIP app for the ipod touch?
don't want to give people a reason to go for the cheaper device now, would we? ;)
That the arguments from apple supporters saying why apple stuff is so great and everything they do is for your own good are usually the exact same ones the same people usually throw at microsoft as a criticism
What have you done with the real Webster?!
Or did your racist, islamaphobic rant against Obama use up all of today's bile?
"A suspect has to be considered innocent until proven to be otherwise."
apple is not a suspect, apple is a moneymaking machine. Does not matter, the fact that is was hidden and not launched as a "security measure" says a lot
guess some people (usualy the ones paranoid about big companies) still see apple as a hippy outfit only interested is speading love and good will
Bracket, semicolon, quote backslash. Should bugger up their ascii..
>That the arguments from apple supporters saying why apple stuff is so great and everything they do is for your own good are usually the exact same ones the same people usually throw at microsoft as a criticism
Yeah, that'd be why I allow MS's malicious software removal tool to run on my Windows boxes, wouldn't it?
What's with the legions of idiot fanboys on the Reg comments section? I used to think the Mac fanboys were annoying, but the Windows fanboys are beyond insufferable; there's so damn many of them.
.. so long as it's got an official apple logo on it, people will bow down before it and hail it as the greatest turd, the apple turd, a turd of breathtaking beauty and outstanding design. A turd that has indeed been polished!
"Man, that polished turd is the mutts!"
"Give me that polished turd lovin'!"
"Steve Jobs makes the best dang turd in town! It's so good, I queued for six days just to get one!"
Nutty.
... sounds like a faboy to me.
Here's a good example: MS was apparently so evil for forcing users to use perfectly good software like IE and WMP that they were even forced by the courts to release a version of Windows XP that didn't include WMP.
On the other hand, Apple forces everyone (at least, everyone who isn't a techie and a good deal more who are) to use iTunes and a bunch of other software, and apparently this is perfectly acceptable.
Paris, cos I feel as confused by this as she presumably does about everything.
Dialing home you say?
where's David Ike when you need him?!
Flame me if you want, but at least with M$ or Symbian you have some semblance of control over your phone/PC, and can install whatever you want, whenever you want without having to have permission from MS/Nokia. You can choose whether to remove those apps too!
The control over who can develop and sell these apps mean that there is a real chance of competition on MS/Symbian phones, in terms of both app quality and price, whereas Apple force developers to sell via iTunes, so no competition there then - Apple will sell whichever apps make most money for them.
M$ & Apple are both the same - screwing as much money as they can out of everyone they can think of - the only difference is that M$ has historically been better at it - M$ use their market position (which even their customers don't like) - Apple rely on their religeous fanatics who still love Saint Jobs after being screwed.
**Wanted both Jobs & Gates with horns icons together**
"It's about security, stupid!" - Apple have proven many time in the past that they have no concept of security. this backdoor it there is to illegally control what you can run on your useless piece of shiny plastic called the iphone.
"A suspect has to be considered innocent until proven to be otherwise." - Apple have been found guilty of various crimes many times in the past. Apple is anything but innocent.
Anti-Virus - Program design to prevent malicious applications from running (and cause harm) on a operating system. That is what will protect your iPhone from "bad" application. Apple pathetic attamps at controlling your iphone is not design for that. it is design to PREVENT you from using applications of your choice.
The real evil empire is the no obvious one.. it is the one who prevent you by any means (legal or not) from enjoying products (that have been proven many times to be of inferior design and quality) that they have sold to you as inflated price.
Apple is only good one thing: find peoples with lots of money who also are extremly simple minded and stupid and then sell them lower quality, badly design gadgets at very high price....
Dan Kaminsky must be laughing his ass off today. All that is required is to poison iphone-services.apple.com in the cache of a few DNS servers, and presto-bango, iphones are queuing up to to slurp up delicious malware posing as firmware, or whatever it is that Apple plans to serve up on this channel.
I guess iPhone owners don't really own their own phones anyway. Now they can look forward to having them ged pwned as well.
...is that ANY different from the 'Malicious software removal tool' that gets downloaded to every Idiot-PC every time MS does a software update?
Microsoft has this service up and running for better than five years now. 18000+ in Apps. So what exactly are you speaking of Jodo Kast?
Man these comments on here, research before please. The air is thick enough around this reality distortion fieled Jobs puts out.
If Microsoft distributed third party applications across all PC's wirelessly, one would expect them to have a similar blacklist infrastructure... <sarcasm>Not like anyone has ever seen a virus, work, or Trojan Horse on a Microsoft PC?</sarcasm>
If you think about it, Apple is in the unique position to distribute software to their equipment for free from their users & 3rd party vendors.
If someone secretly embedded Malware into an application which subsequently was deployed into 2 million iPhone's, this mechanism would be a reasonable way to address the security issue quickly.
I suspect Apple customers are probably quite happy that Apple had considered security implications before releasing a capability as powerful as free wireless third-party application distribution to their platform.
>Paris, cos I feel as confused by this as she presumably does about everything.
You certainly are confused, or at the very least you can't read.
Hm... I does not seem so to me. At least not in the way you describe, injecting malware into people's phones. I might be mistaken, but from reading the article this looks like nothing more than a file containing app names. Maybe for **removal** of apps present on the device (can that be done automatically, without user's permission? I have no iPhone or Touch, so I have no clue). What makes you think that the list of apps would enable remote **installation** of malware?
Well, if I can be accused of any fanboysm it would be the Linux-related one. And I am still happily using my 1st gen Nano, which does all I want it to do (play music).
But I have to agree: if it was Microsoft hiding some "interesting" feature like that in one of their products, there would be huge uproar. No matter what their "future intentions" might be -- since **we don't know them**!
Yes, it can be a good feature if done properly and with decency. But for some reason I'm not putting any money on it. I still want a 32 GB Touch though.
"You suckers didn't REALLY think you OWNED those phones, did you?"
PT Barnum proved right again.
This is actually a great feature. Apple is providing a true integrated experience. So they do not want you making inappropriate use of your iPhone, which might lead to a scrappy and fragmented experience and make you unhappy.
They also do not want rogue unintegrated apps floating around, so they need to be able to remove inappropriate apps from your phone, since they would lead to inappropriate uses.
I have been using Apple products for 20 years now, and am very happy with this. I do not understand what all you nay sayers and denigrators of Apple are talking about. Apple is great!
or whatever the Latin is for "buyer be aware".
I can't dream of ever buying an iPhone. I just want to make and receive calls and texts. No music, pictures, diary, up/down/side/back-loads. But it's nice to know that there are people out their who look into these things as it opens ones eyes to the potential greed and malevolence of suppliers that can be dressed up as "user protection".
I believe the point is, nobody outside of Apple knows what the "phone home" functionality does, since nobody has decompiled the firmware. All we know is that there's a URL encoded in there, and that currently residing at that URL is a text file with a list of apparently blacklisted apps. I personally find it very unlikely that this is the only functionality available over this channel --- it wouldn't surprise me at all if a change in the data available at the URL could trigger a download/update of some sort.
Leaving aside the trust implications of Apple screwing with people's phones without letting them know about it, they're doing the usual incompetent security job of it that is rapidly becoming the familiar signature of Apple software distribution. Given what we know about DNS weaknesses, at a minimum they need to hard-code a list of IP addresses, if they want phones to check back with them automatically. This may be less flexible than using DNS, but that inflexibility is better than creating a whole new class of mobile-phone botnets.
What I want to know is why Apple keeps DEMANDING that I download and install a 48 meg iTunes update whose sole feature is to make it iPhone compatible. I don't own an iPhone, I am certain never to buy one, yet I am forced to add this to my system.
Which, like every iTunes update, and nearly every of the weekly Apple updates, requires a reboot.
Honestly, MS at least gives you the option of refusing an update that you don't want.
(Mine's the one with the cheapo LG phone in the pocket that (horror!) is used as a phone and nothing else, on a Virgin pay-as-you go plan no less.)
Who else is waiting for netshare to disappear from their phone? Just me?...
You are exactly why at Apple, we made light of the "Think Different" campaign of the late '90's by joking that we'd be shocked to see an Apple customer "Think", much less "Think Different".
Is what buyer beware means in Latin.
Personally i have no problem with what apple are doing to do, for instance what if a app posed as a free game secretly logged data and internet usage and sent back the information when connected to the net - would it not be better for apple to remove that app??
More signs of the apocalypse soon to follow.
unless the "app" they remove is the one that unlocks your iphone
(or the one in your tinfoil hat that keeps the voices at bay)
Now let me get this straight. After the initial process of 1-3 mos of diligent code proding by Jobs and company, through the vaunted security of Mac, several of you think this is about malware protection? Think about that for a minute. I dont think so. This is strictly about Jobs obsessive heavy boot control issues.
Do you really want to know why 95% of the pc sold are window configured? We like choice! You figure it out.
"Apple is great!" The Koolaide is strong in this one!!
Don't see this as any worse than ActiveX Killbits in IE. Could be a good emergency app killer.
But, we all know apple like to be in control, and I'm a little sceptical after the stunt they pulled with Safari and Apple Update.
Bottom line: Nothing wrong with the idea - it's how they use it that will be the decider of this being a good or a bad feature.
If you are all as amazing and clever as most of you seem to think, why are you stuck in two bit jobs, obviously no girlfriend to speak of (come to mention it no life) and spending you days expressing how apple/ms/a.n.other sucks/got it wrong/are better than the other and how you'd do it so much better? Stop bitching and whining and do it if you're that good! At least gates and jobs had the balls to have a go. They are now of course incredibly rich - unlike you losers.
I'm rich....why arent you?"your are mostly all nerds! "
I know, its a shame software developers like adobe and autodesk dont have to give microsoft 30% every time they sell a product.
And when someone makes a free alternative microsoft cant blacklist it to make sure they get their money for the pay version.
Avoid Apple because of the Draconian control they can exercise if they choose by all means... except Nokia, Palm, RIM etc. all have exactly the same feature. Why does no-one make a fuss about that though, I wonder?
>obviously no girlfriend to speak of
Umm sorry to disapoint but I DO have a girlfriend, I just hope to christ the wife doesnt find out !!!
:)
Seriously, its called argument/debate/banter, you should try it sometime. Reading El Reg is only the same as picking up a newspaper every day, you spend 30 mins or so browsing the stories and another 30 mins chuckling at some of the comments.
Of course your 'losers' comment suggests you are a mega-rich head of a multi-national company, no ?
An open Back door , just what NSA needs to turn the device into a fully fledged active mobile self bugging machine , now where are the open side windows for the wayward socialites to escape from , that be the question ?
"possession is 9/10ths of the law. ROFLMAO"
Ah, yet another taken-out-of context quote which has made its way into the cosmic consciousness. The other one is "people only use 10% of their brain".
Yes, possession *is* 9/10th of the law - but the original quote was pointing out the fact that 9 out of 10 items in the Law books dealt with how to decide who owned what. This may have changed since then to "litigation is 9/10th of the Law". ^_^
As for the 10% bit, it had to do with the early MRIs where doctors found that *at any point in time* about 10% of an average person's brain was active. Not the same 10%, not "only 10% ever used". The active parts kept on changing as the victim... er, subject... was asked to do different tasks.
Sign up, sign up for The Register's weekly mobile & wireless newsletter - click here
