Slashdot Mirror
Apple Can Remotely Disable iPhone Apps
mikesd81 writes "Engadget reports Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. It seems the new 2.x firmware contains a URL which points to a page containing a list of 'unauthorized' apps — a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. Jonathan Zdziarski, the man who discovered this, explains, 'This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.'" Update: 08/11 13:07 GMT by T : Reader gadgetopia writes with a small story at IT Wire, citing an interview in the Wall Street Journal, in which this remote kill-switch is "confirmed by Steve Jobs himself."
It's better than having a lot of malicious programs out there, using data or sending personal information, with no way of recalling them.
Shouldn't be used unless it's deemed "dangerous".
"I am rich" for instance is a legitimate app, although without much purpose. But let's be honest, a lot of apps in the app store has little or no purpose. A 12$ flash light, anyone?
..Apple fanbois!
*ABSOLUTELY NOTHING* justifies phoning home without having asked the user at some point.
Explicitly.
Up front.
In his/her face.
"But it was there in the EULA" is a stupid argument. The "ohhh shiny!!11" crowd wouldn't have read it, and most reasonable people cannot be expected to.
Disclosure: I have a 4gb iPod Nano which I got for free. I'd rather have something else which wasn't bound to the fancies of Lord Steve, but currently cannot afford it..
[Slashdot Comments We Liked]
I still don't get why it was pulled.
Let rich idiots throw their money away on tat.
How about we stop pretending that philosophical issues are the most important things when someone buys a product? Yeah, Apple products are more closed and restrictive, but they work for me. And until I get burnt by them bad enough to consider switching, I have no problem with them. I mean, they do behave pretty well for a Corporation. No need to spread FUD at the first sight of something that may not be ideal.
Lesser companies work out what people want then try to provide that to them at the lowest cost.
True for a lot of products... but put Apple in context here. The PC market isn't exactly flush with good natured business folk doing their upmost to protect consumers. And there's way too much choice in the phone market. The upshot being Apple has a reasonably well trusted, well known brand that looks good. To your average consumer this will be enough to warrant a little extra on a product.
This sort of problem is now years past the place where it can be solved by "voting with your dollars," or hoping that exposing the problem will create bad PR and shame the company into correcting it.
I don't know what parts of our constitution are still operative today, but if we can't get the public interested in privacy rights, get Congress interested in passing appropriate legislation, making "phoning home" against the law--and getting those laws enforced--then Apple and Microsoft and Sony and everyone else will continue to do whatever is technologically feasible, convenient, and supportive of their corporate goals.
It's naive to think that there are Good Companies and Evil Companies and that the answer is to put your faith in the Good Companies.
Of course, I do hope that exposing the problem creates bad PR and shames Apple into fixing it.
"How to Do Nothing," kids activities, back in print!
Scandalous!
I record my sleeptalking
More and more it feels like every iPhone belongs to Steve - people are just leasing it from him. There's just *no way* a phone should contact another server without the user knowing it or expressly permitting it, and there's absolutely no way in hell it should disable an application which the user deliberately installed, period. The end.
There are currently 2000+ iphone applications. When polling a server should you a) return a list of 1999 good applications, or b) return a list of the 1 bad application...
http://daringfireball.net/2008/08/core_location_blacklist :
"An informed source at Apple confirmed to me that the âoeclblâ in the URL stands for âoeCore Location Blacklistâ, and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location â" an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines."
ok so let me understand this. I buy a phone, I write software for my phone, apple can tell me to piss off and that my applications dont meet their guidelines? Ok so they dont know about my application until I share it with others, which btw appears to not be allowed since they want you to use the store that they get 30% off the sales of. Hmm.. something just does not seem that right here.
If I own the phone I should be able to run any app I choose to. If Apple wants to blacklist an app then really it should ask me for permission to do that on *my* phone, and so far no one has suggested that there is a confirmation (anyone with an iphone can test this, edit /etc/hosts, change the IP to your server, have it spit out valid formatted blacklists for an app and see if there is a confirmation).
As long as big brother is there telling me what I can and cannot run I somehow think I will choose something else.
BTW this exact feature was to be in vista, code was written, but eventually due to marketing concerns it was abandoned. It seemed that people did not like the fact that microsoft would have control over what apps could do what on their system. Funny how it seems much more acceptable when apple does the same thing.
It's probably in the terms and conditions of ownership, and thus every owner has given permission already.
It's not like Apple is collecting user information here. It's a HTTP GET as far as I can tell, with no information being supplied to Apple, just a list of applications that are bad and that the user shouldn't run for their own protection.
Going beyond this into the realm of assuming that apple are collecting user data, disabling applications they just don't like, etc, is stupidity on the level of people who believe in conspiracy theories.
But the URL being talked about in this /. post is not a kill switch as reported in earlier replies.
So, this means that there is still a hidden kill switch in the iPhone.
Unless they're going to produce a "disabled apps" page for each individuals iPhone then of course this wouldn't allow them to do that.
Bad analogies are like waxing a monkey with a rainbow.
I always enjoy old adages being proved right. In this case "A fool and his money are soon parted."
I just wish I'd been the one to think of marketing an app to the terminally stupid.
Bad analogies are like waxing a monkey with a rainbow.
In theory? Sure, why not. In practice, it would be one of the greatest screwup in all history if this could be done. Presumably Apple is signing the list (via private/public keypairs) just like they do iPhone firmware updates; you sign this kind of stuff exactly so that hackers can't do stuff like this.
In other words no, I doubt this list can be exploited in that manner.
If the Beast gets wind of this concept, they'll start shutting down Quicken, Firefox, Thunderbird....
A cynic is a man who, when he smells flowers, looks around for a coffin. -H. L. Mencken
Apple really does have an incredible buisness model. Lesser companies work out what people want then try to provide that to them at the lowest cost. Apple tells it's fans what they should want and then sells it to them for a remarkably high price. I never would have thought such a system would work.
That business model is called religion.
And 100 points to the first person who actually bricks it (i.e. makes it completely and irretrievably unusable), rather than just temporarily disabling it until the next update.
the iphone is a fiasco...
I think you're using that word without knowing what it means. I suspect most companies would like to have a "fiasco" like the iPhone n their product catalogue.
So, Apple is my Mommy!?
Gosh, there are some patronising people around today aren't they. My wife gave me an iPod Touch as a gift and as an atheist I can tell you that it is a really rather splendid device. It has flaws (the biggest being a very low-level, volume independent hiss on audio - a pretty big problem for a music player) but other than that, I love it.
I paid for the 2.0 software update and yes, I've downloaded a heap of apps (and paid for one). It works very well, it has a pleasing form factor and yes it is expensive, but not outrageously so.
So a little less of the old high-horse.
may be you should go back to NOT buying over priced, over hyped, vendor locked devices.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
... that as soon as someone dares to post something other than the usual expressions of paranoia and criticism, other less free-minded individuals accuse him of sheep mentality, or drinking the kool aid? Someone else has to see the irony in that!
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
[quote]you are taking advantage of other's stupidity, and benefitting at their expense (very different from benefitting while benefitting others).[/quote]
How is this wrong as long as you don't mislead them.
If I try to sell a shiny piece of rock for a stupidly high price and even put up a big sign saying "THIS DOES NOTHING USEFUL, ALL IT DOES IS SHOW YOU CAN AFFORD IT!"
How am I doing anything at all wrong?
I haven't lied, I haven't cheated, I haven't climed my shiny rock will keep tigers away.
I'm basicly saying "if you give me $1000 I will give you something to show you're so wealthy that you could give me $1000 for the hell of it."
If someone chooses of their own free will to hand me money then who are you to say they shouldn't be allowed to spend their money how they wish.
"you encourage a culture of overconsumption, which, in the long term, is not sustainable for the projected populations we are looking at, and is not necessary."
Ya cause making a copy of a piece of useless software puts such a strain on our natural environment.
If you follow that argument then every industry based on selling status symbols is evil and immoral.
Err, where did you get the idea that this killed iPhones?
It's a list of applications that the iPhone shouldn't run because they're malicious. There's nothing about killing iPhones remotely here.
Of course, the ITWire story itself is written with so much hyperbole and bullshit and speculation it is easy to get caught up in it and lose sight of the simple explanation. Apple run an application store and thus have some responsibility over the contents on that store. If they let some bad software on by accident, they need a way to ensure that end users can't run it.
All the rest is conspiracy theory non-story verbal wankery.
What's wrong with AOL's business model? At the time, it was a great way for a complete neophyte to get online. And it never got in the way of geeks getting on line through "better" alternatives.
There's more than just the "geek" market, you know.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
What's wrong with AOL's business model?
Which part? The walled garden part or the part where they would keep charging your credit card after you left them?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
If I try to sell a shiny piece of rock for a stupidly high price and even put up a big sign saying "THIS DOES NOTHING USEFUL, ALL IT DOES IS SHOW YOU CAN AFFORD IT!"
...a nice, subtle reference to the diamond industry.
Nice.
malicious app kill switch
"For your security."
"For your own good."
"For the children."
I've got a message for Apple, quite simple - I am perfectly capable of deciding for myself what I want on my iPhone, or any other computing device I own.
If you can't understand that, and continue down this road, then the chances of my buying an iPhone (of any generation) are most definitely going to diminish to nothingness.
I already kicked Verizon to the curb for locking down the phone and trying to force me into their own ridiculous $/month ringtone service when I have perfectly good midi, wav, and mp3 files to make ringtones of myself. Don't think I won't go to a provider that has the sense to let me work with things MY way.
All fine and good, but I'd counter-argue that if YOU can't comprehend why it's potentially very BENEFICIAL for a carrier to be able to globally "kill off" some new app that turns out to be a trojan horse, leaking out your private information everywhere ... then I don't know what to tell you, really?
It's one thing to claim you're "perfectly capable of deciding for yourself what you want on your phone" ... but another for that statement to be truly 100% accurate.
Working in I.T. as long as I have, I, too, like to feel "in control" of the devices I use. Most of the time, I know what I'm *trying* to install and leave out on the computers I use. But the problem comes in because none of us have time (or even the ability) to audit the source code for each program we install. We have to go on faith that apps do what they say, most of the time. We can pay other people to act as "watchdogs" for us, which is essentially what paid subscriptions for anti-virus/anti-spyware software really are. But ultimately, we still have to trust SOMEONE, or else we'd never install ANY new software on a computer, a phone, or other electronic device, out of fear it might destroy our data or send it where it's not supposed to go!
I am perfectly capable of deciding for myself what I want on my iPhone, or any other computing device I own.
I'm sure you are, but it is an iPhone, for crissakes. If you want complete control over devices, why are you even looking at apple's products?
semantics are everything!
Apple has already sold MILLIONS of iPhones. Can you say that most of these people that bought these are like you? Good for you if you think you can somehow verify every application on the App Store before installing it. You perhaps have some magic to analyze the binaries before actually downloading it, decrypting it and then running it. The purpose of this capability is if something gets past Apple's QA(which from what I can tell so far could be a possibility). Apple does not get the source code, they only get the binary from the developer. If there was some time bomb say 1 month in the future, Apple would likely not notice it until perhaps hundreds of thousands of people have downloaded it.
But come on, seriously. You know precisely what comes up with this. Any freeware program that competes with something Apple might want to make pay software for, will instantly be on the blacklist. This isn't a tool for "protecting people from malicious software". If it was, it would be 100% optional anyways. No, this particular setup is a compulsory setup designed for Apple to be able to kill off the competition.
But come on, seriously. I think your tin-foil hat is cutting off the circulation to the rest of your brain.
Paranoia aside, if the iPhone doesn't fit your ideal vision for a pda/phone/whatever, then go buy something better. Oh wait, there isn't currently anything better.
Have a nice day!
Ok, you have the capability to decide for yourself, but what it you don't have the technical ability? Like, what if it turns out that Super Monkey Ball is tracking you throughout your day, and relaying that information back to someone? In that case, even if you knew that, how would you disable Super Monkey Ball from having access to your location?
Since we are all paranoid here...
I write a nice little game and sell it through the iPhone store. One day when you get the high score, it lets you enter your name (as games do) and town and offers to look it up through GPS. When you allow the lookup, an error comes "sorry, this town is not in my database".
Three months later, a gang of robbers starts stealing iPhones. The strange thing is, they know exactly where people with iPhones are. Even stranger, all these people who got robbed have been using my little iPhone game. That is where a core location blacklist would be handy.
I am perfectly capable of deciding for myself what I want on my iPhone, or any other computing device I own.
Apple cannot reliably tell the difference between you and someone who would install malware that threatens that particular user, the network, or the reputation of the iPhone's safety (and thus apple), so they don't really have much of a choice. If you think you know better then them and you're smart enough to work around their restrictions, no problem. But they can't endorse it.
It's a different thing with ringtones and such - Verizon forcing you to buy their media is just an irritating money making scheme.
are you sure? unlike msft apple actually allows other applications, and freeware. If Apple ever puts an app like on the black list just because it is competing with a pay for app then I will agree with you, but apple hasn't ever blacklisted an app that behaves before.
Now it is an easily abuse-able system especially with how it is setup. I always give the benefit of the doubt in such systems. Even to MSFT. MSFT has abused their setups in the past. apple while a control freak really haven't yet. With yet being the key word.
i thought once I was found, but it was only a dream.
....a compulsory setup designed for Apple to be able to kill off the competition...
I sincerely hope you are wrong about that. It is quite usual for some to ascribe ulterior motives to others, because they themselves have such thoughts. Why not wait a while and see what Apple actually does with this capability, before ascribing ulterior motives to them? It is generally better to assume innocence rather than guilt. I hope that they really only use this ability to kill programs like a fire alarm switch, kinda like "break glass and pull lever" in case of fire.
All theory is gray