Slashdot Mirror
Apple Can Remotely Disable iPhone Apps
mikesd81 writes "Engadget reports Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. It seems the new 2.x firmware contains a URL which points to a page containing a list of 'unauthorized' apps — a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. Jonathan Zdziarski, the man who discovered this, explains, 'This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.'" Update: 08/11 13:07 GMT by T : Reader gadgetopia writes with a small story at IT Wire, citing an interview in the Wall Street Journal, in which this remote kill-switch is "confirmed by Steve Jobs himself."
I Am Rich app, anyone?
It's better than having a lot of malicious programs out there, using data or sending personal information, with no way of recalling them.
Shouldn't be used unless it's deemed "dangerous".
"I am rich" for instance is a legitimate app, although without much purpose. But let's be honest, a lot of apps in the app store has little or no purpose. A 12$ flash light, anyone?
Given the unpatched Kaminsky DNS stuff on desktop OS X, or even just spoofed ips, doesn't this mean that a malicious attacker might be able to spoof the apple "ban list" and disable core functionality? How long until this can be exploited with a list of the core os x daemons thus "bricking" the phone until ?
Take a look at http://androidwiki.com/wiki/Introduction_to_Android . In this aspect Apple has to leverage the iPhone as quickly as possible.
Vladimir Botka
Here's a interesting DoS to cost people money with DNS poisoning.
ok can we please just get all the apple fans make their excuses early on. the iphone is a fiasco but nothing will take their blinkers off, so lets just let them get it off their chest early.
If you mod me down, I will become more powerful than you can imagine....
http://daringfireball.net/2008/08/core_location_blacklist : "An informed source at Apple confirmed to me that the âoeclblâ in the URL stands for âoeCore Location Blacklistâ, and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location â" an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines."
..Apple fanbois!
*ABSOLUTELY NOTHING* justifies phoning home without having asked the user at some point.
Explicitly.
Up front.
In his/her face.
"But it was there in the EULA" is a stupid argument. The "ohhh shiny!!11" crowd wouldn't have read it, and most reasonable people cannot be expected to.
Disclosure: I have a 4gb iPod Nano which I got for free. I'd rather have something else which wasn't bound to the fancies of Lord Steve, but currently cannot afford it..
[Slashdot Comments We Liked]
This story is more then 3 days old. Am I supposed to be surprised that Apple has this built in?
Sorry guys. This is brouhaha over nothing. The blaclist in question does NOT disable apps remotely but instead disallows listed apps form accessing the CoreLocation framework. See http://daringfireball.net/2008/08/core_location_blacklist
So how long before Net Share gets disabled?
Unfortunately I missed this app when it was on the App Store and I've been looking for a way to install it, but I suspect now that even if I succeed, that it will get disabled by Apple in the coming weeks/months.
iPhone newbie question:
Is there a way to install apps which have been removed from the App Store by somehow getting the binary?
Oh, come on don't you spoil our neat little flamefest based on mere guesswork and Anti-Apple bias with your boring and irrelevant facts, please.
I mean this if Slashdot, if you want news, please go to CNN.com. Ah, damned, they don't want their stories being diluted by facts either...
There are two rules for success:
1. Never tell everything you know.
No, there is indeed something rotten in all this. It's not the destination of the call home thing, it's the call itself. As stated before, there is no reason whatsoever it should call home without asking permission before.
This sort of problem is now years past the place where it can be solved by "voting with your dollars," or hoping that exposing the problem will create bad PR and shame the company into correcting it.
I don't know what parts of our constitution are still operative today, but if we can't get the public interested in privacy rights, get Congress interested in passing appropriate legislation, making "phoning home" against the law--and getting those laws enforced--then Apple and Microsoft and Sony and everyone else will continue to do whatever is technologically feasible, convenient, and supportive of their corporate goals.
It's naive to think that there are Good Companies and Evil Companies and that the answer is to put your faith in the Good Companies.
Of course, I do hope that exposing the problem creates bad PR and shames Apple into fixing it.
"How to Do Nothing," kids activities, back in print!
Search the internet and you'll find that the aforementioned blacklist is actually included in the Core Location service and it serves the only purpose to block certain applications to use it in order to protect the privacy of the user. So no iphone getting back to block your pirated applications. Let's move on boys.
if it in the end does the same, what difference does it make how you call it?
Assuming that is indeed correct, and I have no reason to believe one way or the other, why is Apple using a BLACKLIST for restricting applications' access to CoreLocation? Wouldn't a WHITELIST be much more appropriate?
Default Deny is a good security maxim and would seem to be very appropriate in this case.
(Not that it would prevent someone from spoofing the site in question)
The blacklist in question does not blacklist applications from running on the phone. It's a registry of applications which are denied access to the "Core Location" service - i.e, when you don't want the phone to use GPS or triangulation data for privacy reasons. Seems perfectly reasonable to me. I don't want apps broadcasting my location without permission.
... and then they built the supercollider.
The whole speculation on Core Location comes simply from the URL having clbl in it, which supposedly stands for Core Location Black List. There is no other evidence provided that this is only what it does, nor does it mean that Apple can't use it in some other form or that they're not working on a set of black listed applications they can retrospectively turn off. Apple have already shown how developer friendly they are by pulling applications from their store without warning.
Personally, I find a black list like this an exceptionally stupid and blunt way to deal with access to Core Location.
Couple of hours before this story got onto the /. front page, Engadget had this scoop:
http://www.engadget.com/2008/08/11/jobs-60-million-iphone-apps-downloaded-confirms-kill-switch/
Steve Jobs has confirmed the kill-switch, and defends it as a "responsible" way to make sure they can deal with it if a malicious app finds its way into the App Store.
Get with the times, editors!
sig:- (wit >= sarcasm)
Slashdot: Well, yeah, I mean it would stop bad apps from being runaway in the wild, right?!
Microsoft: Hey guys, lets make a cellphone, and have it phone home to see if there are any bad apps running on it!
Slashdot: WHAT DO YOU THINK YOU'RE DOING, OH MY STALLMAN, THE HUMANITY!!!!
512$ ought to be enough for anyone
It's not youPhone, it's iPhone. And so it phones.
This story came out a lifetime ago, why is it appearing here now?
The list only disables Location API usage for specified applications, it doesn't actually disable the application entirely. I'm certain that there is also a capability to disable apps completely built-in however.
Any anyway, if a malicious application does get into the app store, surely you need a means to disable it quickly and effectively. You can't find malicious apps in a few hours of testing if they bury the malicious payload deep (or to activate on a certain date, etc), so undoubtedly someone will write a game or tool with a malicious payload. Personally I'd expect someone to write an app that scrapes contact details and sends them somewhere to get spammable email addresses, etc.
Scandalous!
I record my sleeptalking
I never post in these threads, but I thought this one was worthy.. I'm a fan of neither company, but if this was MS instead of Apple - zomg.
More and more it feels like every iPhone belongs to Steve - people are just leasing it from him. There's just *no way* a phone should contact another server without the user knowing it or expressly permitting it, and there's absolutely no way in hell it should disable an application which the user deliberately installed, period. The end.
Where can I sign up for the really expensive phone with no buttons, locked into a single provider, that I can't modify or enjoy in any way (except the approved ways I suppose).
I'd really like one of those.
Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
What? A simple HTTP GET to get a list of applications which can't have access to Core Location services? The simplest explanation is that it will protect user's privacy if an application includes something that gives away this information, and Apple included this as a means to stop rogue apps.
It's not as if it is sending a list of applications back, or other private information. Of course the articles and a lot of people are assuming that it does this and then getting all frothy and righteous about it.
There are currently 2000+ iphone applications. When polling a server should you a) return a list of 1999 good applications, or b) return a list of the 1 bad application...
Slashdot with the total Flame bait article that is not based in fact but FUD. Come on /. dont be a tool... your supposed to be more technical than this but instead you post up a bad/already debunked article...but instead of tagging this properly you give it more legs.
Nice. Even though nothing from the article is factual you still post it up.
Get over it. Apple isnt screwing over the phone users...as much as you want to think they are.
Watch as Apple becomes the powerhouse of phone makers. /. is such a fucking tool
. I love the sound of burning women and screaming rubber....
One more thing to tell and remind us whom we can trust... Isn't it just another "didn't I tell you?", which RMS is classy enough not to spell out?
Now, mod me down freely. My karma can't get any worse...
It's probably in the terms and conditions of ownership, and thus every owner has given permission already.
It's not like Apple is collecting user information here. It's a HTTP GET as far as I can tell, with no information being supplied to Apple, just a list of applications that are bad and that the user shouldn't run for their own protection.
Going beyond this into the realm of assuming that apple are collecting user data, disabling applications they just don't like, etc, is stupidity on the level of people who believe in conspiracy theories.
That blacklist is about using CoreLocation API, not about disabling the applications completely. Application needs to ask the user if they want to use CoreLocation for obvious reasons, and apparently there it also keep a blacklist for security purposes.
Unless they're going to produce a "disabled apps" page for each individuals iPhone then of course this wouldn't allow them to do that.
Bad analogies are like waxing a monkey with a rainbow.
Wouldnt an app just jailbreak the phone, edit /etc/hosts to remap this to somewhere else (or see another way to disable it)? That would stop the app from being blacklisted on that phone (and all the others that would come after it).
Sure you have to get perms but if you can get a user to install malware that can be blocked its probably not that hard to get them to also enable it (or find an automated way around the "permission request").
Would that not mean its a trivial thing to make this whole concept of blacklisting moot? And if malware can disable it quickly and easily, would this not just be a wasted effort on apples part?
If the Beast gets wind of this concept, they'll start shutting down Quicken, Firefox, Thunderbird....
A cynic is a man who, when he smells flowers, looks around for a coffin. -H. L. Mencken
The combination of this and DNS cache poisoning attacks sounds bad. Of course, it could be checking some kind of server certificate, if Apple is smart. The "article" (more a rumor report) doesn't say...
One word: rental.
Here be signatures
Old news for nerds. Stuff from last week. (tm)
Hmmm, explains a lot - though I can see a lot of infringement cases come up. Including one against patent infringement lawyers. I wonder who'll represent Apple there?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
If /. missed the news, then what is better? Never have it posted in here at all, or post it here (better late then never) for the people who only read /.?
But if you are reading newer news, then why don't you take a few minutes to submit these stories to /.?
Here be signatures
Could you imagine if someone managed to hack that site and put up a list of all known iPhone apps...
+2 Insightful.
I love Slashdot moderating. It always gives methe image of some bearded wiseman nodding their head and saying "hmmm, that *is* both interesting and insightful."
That's nothing, I fuck plastic yoda dolls, shove them WAY up my hiney!
Hmmm, interesting and insightful!
All intents and purposes. Not intensive purposes.
Well, YOU don't make the choice of when you want your leased phone to use GPS or triangulation data when it's phoning home behind your back, do you?
Technology -- No Place For Wimps! Grateful Dead and Jerry Garcia Chatroom -- http://www.wemissjerry.org
Or you could be talking out of your arse.
Bad analogies are like waxing a monkey with a rainbow.
But then let's not hear any philosophical issues as to why we should use Linux or MacOS instead of Windows. If you are a pragmatist about your tech gear and use whatever does the job you want the best at the best price, then great. That's a very unhypocritical position, and a rather practical one. However if you get all high and mighty when a company you don't like does something that has a philosophical downside but then downplay philosophical concerns for practical ones when a company you do like does something, well then you are a hypocrite.
I don't mind people from either camp: Those that feel that philosophical issues are the most important and if that causes practical problems, it's worth it and those that feel that practical use is what matters the most, never mind the philosophy behind it. However I can't stand people who are ok with anything so long as "their side" does it and yet cry foul when the "other side" does it. That is just fanboy crap right there.
Now I'm not accusing you of being this way, I've not read your posts, I don't know. I am just calling your attention to this. If you are truly a pragmatist, then let's not hear any bitching about things Microsoft does that are generally against a free and open philosophy, but don't matter in the practical world.
More and more its beginning to seem more like the !phone.
Mod me down, my New Earth Global Warmingist friends!
"Apple raised hackles in computer-privacy and security circles when an independent engineer discovered code inside the iPhone that suggested iPhones routinely check an Apple Web site that could, in theory trigger the removal of the undesirable software from the devices.
Mr. Jobs confirmed such a capability exists, but argued that Apple needs it in case it inadvertently allows a malicious program -- one that stole users' personal data, for example -- to be distributed to iPhones through the App Store. "Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull," he says." - http://online.wsj.com/article/SB121842341491928977.html?mod=rss_whats_news_technology
So - it IS for disabling apps - and we(you the iPhone owners) will just have to hope that they donøt disable something they shouldn't disable.
To sum it up: The blacklist IS for disabling apps!
Default allow means you're open for abuse. Doesn't matter that there's only 1 bad app (right now). Could be thousands next month. And I'm modded troll for saying this?
.
Instead, we are treated to a headline that displays inaccurate three-day old information.
Strange... No "conspiracy haters" idiots writting on this topic yet? Ok, the blacklist is to disable use of GPS and related API... But I do not like too much, because if Apple can do this, who will stop then for blacklisting other software like "jailbreak" and any non-apple (but desired by user) software?
Religion: The greatest weapon of mass destruction of all time
So, Apple is my Mommy!?
Oh, come on don't you spoil our neat little flamefest based on mere guesswork and Anti-Apple bias with your boring and irrelevant facts, please.
I mean this if Slashdot, if you want news, please go to CNN.com. Ah, damned, they don't want their stories being diluted by facts either...
Yeah! And another thing, I'm getting a kick out of negative Apple posts getting +5 and positive ones getting -1 !
I'm going to church to today because I'd never thought I'd see this on Slashdot! There's all these wars and oil and food prices are through the roof. I think I saw this in a movie about the World coming to an end with that 'Growing Pains' kid all grown up. And my cat, it slept with a dog last night.
The end is nigh!
Reminds me of that 1984 television commercial vilifying IBM. When apple does it then all of a sudden they are doing it for their users. The irony is precious
If Apple wants to do crap like this, why not just create a host file entry to the offending "deleting website" to prevent the phone from accessing the site. Make it work much like the poor man's version of ad blocking by setting the offending URL to pair up with 127.0.0.1. After all there is no place like 127.0.0.1
How is this practically any different?
And that's the way we like it. Now get off our lawn! *shakes fist*
I bought a 3g iphone on day 0 and was presented with 12 page att contract and a 15ish page Apple agreement, AFTER SWIPING MY CARD! I COULD NOT POSSIBLY READ THEM THERE, before signing the touch pad. I started to scan the Apple agreement, as I have never seen an agreement like that from MS, Nokia or RIM...and the Apple employee informed me that there was no time for that because the line needed to move. so no, it is not reasonable to say "IT WAS IN THE EULA!"
- I still can't sync iPhone's iCal or contacts to my employer's enterprise Oracle Calendaring system, a full year after the iPhone was released.
- The phone does crash. It has input method problems, particularly when auto-correct does something wrong and there's no means to turn it off.
- A (somewhat expensive) flashcard app I bought to study Simplified Chinese characters lost all of the cards I input due to the Apple 2.0.1 OS update. There is no mechanism in the app to save cards externally. Furthermore, it is buggy and crashes often. The app store is filled with crap and there's no mechanism for returns. Also, many reviews in the app store are clearly sales propaganda.
But, if jailbroken, the iPhone is the best smartphone on the market for IT folks. You get a shell and ssh with network anywhere in the city. That's very nice for when I have to fix a server nightmare while in the movie theater or out at a party. I sure wish Apple would sell me something like that so I wouldn't have to bother jailbreaking my phone. I'd also like a WIFI VOIP phone for campus wide communications off the cell phone network. A good laptop tethering solution, like most other smartphones offer. And, perhaps, a way to sync my calendar over the air with competing products - like, say, from Oracle.
Look. I didn't hack the phone to run Bittorrent or Skype over AT&T's wireless network. But I bought this phone to service work-flow. It must pay for itself in increased productivity, or I will consider this a wasted investment. Apple: Get your act together. Your App store sucks, with even suckier apps, and this customer is feeling pretty damn used and abused by the process. Furthermore, please pay more attention to your customer needs. I do not need to show off this nifty iPhone to everyone around. I do, however, happen to need a good handheld calendaring solution that is compatible with my employer's system.
... that as soon as someone dares to post something other than the usual expressions of paranoia and criticism, other less free-minded individuals accuse him of sheep mentality, or drinking the kool aid? Someone else has to see the irony in that!
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
I never thought of that, mabye I should go do it right now, I do have the 5 mod points.
What exactly does that mean? do you stretch your piss hole to epic proportions?
There is a marked difference between contacting a party on a pay per month internet fee as opposed to a pay per connection cell phone. Also, it should be noted that, in the case of the windows pc, that a competent end-user will result in this being avoided all together. This is not the same as your case at all. In fact, it looks like Apple using the "malicious app remover" as a cover up to remove "malicious software" as they see fit. I wonder if the service agreement states they can do this and charge you for the connection fee. Are they going to reimburse people that purchase software that is later deemed "malicious"? After spending 512$... One should be able to put whatever the hell one pleases on it. They should offer it as a free app that can be installed if the end-user wishes to like windows does.
> Or you could be talking out of your arse
I could, I suppose, although I admit that the physical reality is that even musical flatulence is beyond me. Your speculation, albeit much funnier than mine, shows nothing whatsoever about whether this is true; if that were your goal, you probably should have suggested ways in which DNS might not be connected, the simplest being that the alleged URL of the blacklist server is coded with a fixed IP address.
But considering the amount of real info the "article" had, everything which was posted here was speculation.
Default allow means you're open for abuse. Doesn't matter that there's only 1 bad app (right now). Could be thousands next month.
No it doesn't. The set of installed applications on the phone is known. The allow/deny is a subset of that and can be inferred no matter which set is pulled from the server. The only question is which set to pull, e.g. the one that sends the least data.
heck even windows phones home when you do a search.
Also this approach is slightly different from phoning home, it's checking a list which is on the internet, it doesn't actually provide apple with any data about your phone/application list/who you are (which is what phoning home is about.)
Also, maintaining a blacklist is no different from a virus scanner downloading updates on the latest malware.
He can use Spotlight to find it.
This is my signature.
soid st egr.hyTa rsiugm usnin
Any questions?
It's a feature.
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
Oh, come on don't you spoil our neat little flamefest based on mere guesswork and Anti-Apple bias with your boring and irrelevant facts, please.
I mean this if Slashdot, if you want news, please go to CNN.com. Ah, damned, they don't want their stories being diluted by facts either...
If you want facts go to the Onion [theonion.com] for pete's sake!
Oh, come on don't you spoil our neat little flamefest based on mere guesswork and Pro-Apple bias with your boring and irrelevant facts, please. ;-)
Okay, I got Linux installed. So where's the free beer everyone keeps talking about??
Let the race to first blocked app begin!!
Eclipse PDE and Me
Why? They are by far the best devices out there. Invariably people who compain about the price are peopl that can't afford them. Well poor you and all that, but I, a fairly average person, can.
As to "vendor locked", that's freetard talk. Irrelevant to what I want. When I want the inferior crap that is Linux, I'll ask your advice, until then realise that it's only your preference, not a universal truth.
someone needs to mod this guy as flamebait
Trace the code(s) and target this, overwriting with bogus data - then track it and any changes on subsequent updates.
I wouldn't doubt that Apple is setting up other processes, deeply hidden in the code.
Really, I think it's time we took these jerks to task. I am so sick of these corporations trampling our use.
You want to do this type of crap. Then give us the phone and the service free.
I pay good money for both my hardware and my media...so leave it the !@#$% alone Apple/AT&T.
- The Saj
After being the main driver behind establishing DRM technologies in the market place, Apple is now trying to firmly establish remote control over people's phones and the software they can install on it.
None of the other smart phone vendors can do this. I can install whatever I like on my Palm, Nokia, or Windows Mobile device, and none of those companies nor my cellular provider can do anything about it.
If Microsoft did anything like this, they would be torn apart in the press and investigated by the justice department. But somehow, when Steve Jobs does this, it's supposed to be OK?
Apple is using a pretty face to push some of the most evil technologies around. Apple must be stopped.
Classic open source reply! Not everyone codes.
First off, what are you doing here if you can't?
Second RTFM and learn.
All major smart phones in existence, other than the iPhone, only contact the servers and services that the user wants them to contact.
Nokia, Microsoft, and Palm cannot remotely disable the phone. They can't remotely push updates on the phone. They don't control where users download applications from. You don't even need to use them with their desktop software. And all of them are available unlocked and on many carriers.
Only Apple's iPhone has mandatory tie-ins with the phone maker's desktop software, servers, store, and preferred carrier.
Apple has truly innovated here: in taking away control from users and setting a very bad precedent.
EvilApp(tm): I'm going to secretly log your geospatial location and travel history (and how many times you've used a public toilet in the last week) using the built-in CoreLocation API and send the information to my creators for their nefarious purposes.
Core Location Blacklist: Oh no you don't!
If Apple is doing this with the iPhone, what's stopping them from doing a similar type of thing with their OS X operating system? Could there possibly be any similar type of function in OS X that has yet to be discovered? If there was, I think that the backlash would be mammoth.
You currently have a standard iPhone and want (since it is now out of warranty) to unlock it to move elsewhere.
But the jailbreak program is blocked.
Or is it?
To sum it up: The blacklist IS for disabling apps!
Jobs says, "There is a lever," not that "this blacklist is the lever."
To sum it up: The blacklist is for blocking applications' access to Core Location. The total application kill-switch is something else.
Correction: Apple Can Remotely Disable iPhone Apps from the App Store. Cydia and Installer are a-okay.
Attention deficit disorder is a complicated issue, spanning several major... HEY LET'S GO RIDE BIKES!
... a really simple cure to the entire situation: don't use an iPhone. Yes. I know that they are incredible. They're are a wonderful device and beautifully designed. To be quite honest, I want one myself! The cost, and the thought of the contract that goes with it have kept me from purchasing one. Besides, what is a person really purchasing a phone for: to use a phone, or to be a member of the "in" crowd? There *are* alternatives. How about OpenMoko? http://www.openmoko.com./ They even have a developers site set up: http://wiki.openmoko.org/wiki/Main_Page.
Going beyond this into the realm of assuming that apple are collecting user data, disabling applications they just don't like, etc, is stupidity on the level of people who believe in conspiracy theories.
So I take it you believe one bullet killed JFK whilst simultaneously denying physics? I'd take a conspiracy theory over that load of bull put out by our government.
if you want news, please go to CNN.com. Ah, damned, they don't want their stories being diluted by facts either...
You're absolutely right. People should go to Fox News instead.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Hardly the case...
The Blackberrys have the ability to be remote wiped of all data, for example.
And although no mention has really ever been made of it, I see no technical reason why other carriers like US Cellular couldn't easily "revoke/kill" purchased apps on their users' phones either? They use a DRM mechanism where they issue you a "key" when you download the app. Seems like a forced download of an update could cause all the apps to need a fresh key in order to keep running? (Unlike Apple, who has the whole iTunes store with actual user accounts on it though, you're screwed if your physical phone breaks with US Cellular. All your apps are just lost, period. You don't get to re-download them using some user acct. that "remembers" what you paid for previously.)
I fully understand and expect that my mobile phones are subject to more control by carriers than a "stand alone" device like my personal computer. If your #1 worry is getting to run whatever you want on your iPhone, vs. actually USING it as a CELLPHONE - then fine. Just re-flash the thing with whatever code you like. It's not a "non user updatable" device, obviously ... as all the "jailbreaks" prove.
The reason the file is buried deep inside CoreLocation is because it's a blacklist for preventing specifically listed applications from accessing CoreLocation, not for disabling them. This is for obvious privacy reasons. Here's Gruber's explanation from a few days ago.
A virus that is transmitted to all nearby phones via bluetooth that repeatedly calls 911 or some other number...
I'm sure that creative folks here can think of things that would be even worse...
Should there be a way to pull from all phones simultaneously? Even if its never used, would probably discourage such malware from ever being written.
Reality has a liberal bias
Get people to accept it on their phones, and this 'feature' will be accepted on peoples desktops. "to protect us against evil hacker viruses" or some other such nonsense.
Then its our documents.....
---- Booth was a patriot ----
I thought it was AT&T's job to disable iPhones with their crappy coverage.
Have gnu, will travel.
revocation appears to be certificate based
Did they really say that?
It appears to actually be based on the 'package name' (or whatever they call it):
{ "Date Generated" = "2008-08-11 16:32:49 Etc/GMT"; "BlackListedApps" = { "com.mal.icious" = { "Description" = "Being really bad!"; "App Name" = "Malicious"; "Date Revoked" = "2004-02-01 08:00:00 Etc/GMT"; }; }; }
The guys at Management Alternatives Limited have already taken down the page for their blacklisted app.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I will never understand why the geek community gives Apple a free pass. It seems to me like they're a far more worrisome company than Microsoft and seek not just to embrace DRM, but innovate in the onerous field and extend it to the masses.
Comment removed based on user account deletion
It's my phone, not yours, so you don't get to decide what is and isn't acceptable to me. Arrogant fuck.
http://www.macrumors.com/c.php?u=http%3A%2F%2Fdaringfireball.net%2F2008%2F08%2Fcore_location_blacklist&t=1218475803
DaringFireball.net clarifies that the published blacklist url likely only blocks malicious apps from accessing the iPhone's Core Location functions. Core Location allows applications to detect the user's location through GPS and Wi-Fi triangulation.
An informed source at Apple confirmed to me that the âoeclblâ in the URL stands for âoeCore Location Blacklistâ, and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location â" an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines.
This is analagous to the kill switch installed in Jobs by God himself.
So what if it exists? It's a tempest in a teacup. Apple has always controlled its gizmos more tightly than anybody else, in the name of mediating the user experience. If you don't like it, you go use someone else's gizmo instead.
Anyway, as lax as the approval process seems to be for their App Store (NetShare, IAmRich, etc.) it is probably a good thing they have a malware kill switch; sooner or later they'll probably end up approving some malware by accident.
Editor Emeritus and Senior Writer, TeleRead.org
even though I paid $1k for that app, I'm too rich to be worried about it.
I for one would really, really like to have some central authority able to disable botnets, viruses, worms, trojans and other such malicious software on Windows instantly all by remote control.
This could solve many common user problems instantly. Why do you think this might be a bad thing? Oh, they might disable BitTorrent? Probably hard to do - smart people able to use BitTorrent just might be able to work around it. Whereas your neighbor Joe Sixpack just might be able to have their spambot software turned off remotely.
Think about it.
You are completely wrong. I have a white 3G iPhone. I installed and ran an IM app called Palringo for a few days before it was disabled by Apple/Rogers. It was a great IM app that Rogers doesnt want people to use as it cuts into their obscene text messaging profits.
Rogers Sucks, so does Apple.
Somehow, I don't think Apple's agenda is protecting users from malware. This is the same company who can't bother its beautiful mind with DNS security holes, Safari flaws, etc., etc., etc.
What they have done is bricked jailbroken iphones.
Looks like Apple has become the Big Brother they used to heave hammers at, and that the nice, friendly, easy-going Mac guy is just a front. So what else is new?
The solution is pretty obvious. Don't believe ads. Go open source.
Disclaimer: IANA iPhone developer
Would it be possible for an app to defeat the blacklist somehow, perhaps by hijacking DNS or otherwise intercepting the network stream ? I could even see customer demand for this sort of thing, so people could continue using blacklisted apps. This is all assuming that Apple would use it for censorship, which is always very tempting for a big company with many big friend$ in the media industry.
-Billco, Fnarg.com
And Apple taketh it away. ...and people STILL love their iPhones. It's hard not to sound like a troll or flamebait, but you know? If happiness can be found in this way, there must be something wrong with me since there's more people who are happy with their Apple stuff than there are people like me.
Hmmm, a massive outbreak of lack of sense of humour. Oh wait, this is slashdot.
Just think about what would happen if this was Bill @ MS pulling this with their software. WOW wouldnt that be a bitch. g
...the user could decide for him/herself whether that application is worth running notwithstanding its relatively poor performance. Amazingly, the user may even have a better idea of his or her personal requirements than a large corporation which does not actually own the device in question.
The willingness of people to defend Apple in situations where they would be prepared to hunt down and kill the equivalent executives at Microsoft or Sony continues to stun me.
Read Pynchon.
Now I hate to be the one to point this out and I'm probably going to take a massive karma hit... but only in true Apple fashion can they add this "feature" and get away with it.
Remember the Windows Genuine Advantage fiasco? Microsoft got slaughtered on this very site for it, yet you all sit back and take this from Apple? If Microsoft had released the iPhone instead, and you all suddenly found out there was a Phone Home function, don't you think someone would be up-in-arms about it?
At what point does anything Apple do become evil? When is it you suppose people will figure out they don't like receiving? Must Apple start sacrificing virgins to pagan gods and donating directly to the Al Qaeda Slush Fund before people realise they're not the golden-haired child?
If this kind of behaviour is not tolerated from Microsoft, why do we accept it from Apple?
There is no knowledge that is not power.
Of course, access to this core framework is somehow necessary for the app to work! This accomplishes the task of disablement in a left handed fashion.
After I successfully ported the Easywriter program to the IBM-PC, I was offered a $35K contract by IUS to port Easywriter to the LISA but Apple was mad a John Draper, and they refused me the Pascal development system and allowed as how I could write the application in basic if I wanted to. I lost the contract. My first example of Apple deciding who could have an app on their equipment, and it wasn't me. After that I avoided Apples until Vista reared its ugly head. I have decide to give Apple another chance hoping they are less evil than Microsoft. Time will tell.
Your Iphone is in the hands of Apple, not you. What other backdoors are in place to your phone? Could apple see your e-mails, corp data, personal files if the wanted? Pulling apps off your phone is one thing, Apple getting sued for copyright violation and providing information about your personal data is another.
"The RIAA is suing Apple for allowing users to download copyrighted programs via their app store. Apple has since pulled these programs, but legal correspondent X says that may not matter..."
Modding me -1 troll doesn't make me wrong.
I'm seeing otherp hones coming onto the market with similar functionality that aren't as tightly controlled as the iPhone. I'll get one of those. The iPhone lacks a video camera and voice command capabilities.....so not very interesting to me.
Only boring people are ever bored.
Classic rebuttal. Too bad it misses the point.
You can pay me to write a patch for Slashdot or another open source project but you couldn't pay to have a patch written for a closed-source project. Not everyone codes, but everyone uses money.
Could Jobs activate the Order 66?
iphone phones home? My Treo doesn't, unless I allow it to. And then it's only crash reports, if any. Plus, Windows Mobile contains no bullshit like this where someone can tell you what you can and can't install on a device that you bought.
GET /clbl/unauthorizedApps HTTP/1.1 ...
User-Agent: iPhone/2.0.1
X-Device-ID: 09f911029d74e35bd84156c5635688c0
X-IMEI:
Heck yeah, they could provide user information if they wanted.
Wow it looks he came back and modded us offtopic as well.