Apple Can Remotely Disable iPhone Apps

mikesd81 writes "Engadget reports Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. It seems the new 2.x firmware contains a URL which points to a page containing a list of 'unauthorized' apps — a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. Jonathan Zdziarski, the man who discovered this, explains, 'This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.'" Update: 08/11 13:07 GMT by T : Reader gadgetopia writes with a small story at IT Wire, citing an interview in the Wall Street Journal, in which this remote kill-switch is "confirmed by Steve Jobs himself."

makes sense to me..

[Tarraq]

It's better than having a lot of malicious programs out there, using data or sending personal information, with no way of recalling them.
Shouldn't be used unless it's deemed "dangerous".
"I am rich" for instance is a legitimate app, although without much purpose. But let's be honest, a lot of apps in the app store has little or no purpose. A 12$ flash light, anyone?

Re:makes sense to me..

[duffel]

And this certainly isn't there to make sure they can blacklist any iphone breakout software that gets into the wild. God no! Apple cares about their customers! *Cough Cough Cough*

Well, considering there already is breakout software in the wild and it has nothing to do with the apple store... No, this looks like another line of defence in case malware somehow makes it past their reviewing process.

And, you know what? I'm in favour of it. I don't want my phone making unsolicited phonecalls.

Re:makes sense to me..

[muffen]

Shouldn't be used unless it's deemed "dangerous".

Who decides what's dangerous? Are pirated apps going to be deemed dangerous? If you bypass certain security measures, is that dangerous? I don't like control being taken away from me (where "me" in this case is any end-user).

Even if the intent is to only blacklist malware, does apple have a research lab to determine whats malicious and what isnt? Will they tell us how they decide on malware? What if you release an app that is infected with malware, the app is still legit whereas the malware part of the code is not. What happen if that app gets blacklisted, can it be revoked? If the iPhone contacts a webpage every now and then, will apple pay the bill for the connection?

I don't like this, at the moment I don't like it because they did it without saying they are doing it. Going forward, they should say what they intend to block and give the enduser and option of either using the "service" or not... especially since the end-user is the one paying the bill for the datatransfer, the amount of money is imho completely irrelevant.

Re:makes sense to me..

[Jellybob]

Not without it asking you first.

Although it probably wouldn't hard to write an app with a legitimate reason to use the GPS, and throw in a few lines that will also tell the author where you are as well.

Re:makes sense to me..

[Trogre]

Wow. Just... wow

Let's change the players a bit:
"Engadget reports Microsoft has readied a blacklisting system which allows the company to remotely disable applications on your Vista PC."

Do we still feel warm and protected?

Re:makes sense to me..

[rsmith-mac]

Based on what Apple has told developers since the start of the program, revocation appears to be certificate based; Apple is revoking the developer's certificate for that program, which breaks the authentication chain and prevents the application from running. As for what they can block, it does not look like this would be effective against a jailbroken kernel, since much of the authentication chain is patched out anyhow; in other words they wouldn't be able to revoke: the jailbreak, applications for it, and perhaps even regular applications once the jailbroken kernel is installed.

As for what they'll revoke, that's the bigger question. Apple has not shown to be particularly hostile towards the jailbreak community in the past; even if they could revoke it, I don't believe they will. The real test on this policy would be the NetShare application, it's an application Apple has ceased to allow post-release and if the revocation system were to be abused it would be the prime target. So far Apple has not revoked it, even though they've had ample time to do so.

That leaves us with malware. I don't find this to be something hard to define, but perhaps other Slashdot readers do. If the application is legit but has a problem (backdoor for exploiting the Mobile account, for example) I'd assume Apple will revoke the certificate for the bad application and let the author issue an updated version as long as they didn't intentionally create a problem (which is grounds for being expelled from the AppStore program). If it's outright malware that somehow passed Apple's QC, then they'll still revoke it, will not issue further certificates to the guilty party, and since they had to sign up for the program, track the guilty party down and sue them for computer crimes in some form.

I'm not too worried about this (I consider blocking malware from running a good thing) but I can see why other people here would be worried. In either case it's a well thought-out system that seems to cover every contingency, so there shouldn't be any "friendly fire" of applications being unintentionally revoked.

Re:makes sense to me..

[mdwh2]

I choose to run the virus scanner, and I can choose to disable it or run another one in its place if it causes problems.

I love the fuss people are making about this, as if it's a new idea to disable programs on your computer.

I love the tenuous analogies that people try to come up with to justify it, just because it's Apple, when it would never be accepted if it was any other company.

Re:Refunds

[HungryHobo]

I still don't get why it was pulled.
Let rich idiots throw their money away on tat.

Re:excuses, let it rain

[SoupIsGoodFood_42]

How about we stop pretending that philosophical issues are the most important things when someone buys a product? Yeah, Apple products are more closed and restrictive, but they work for me. And until I get burnt by them bad enough to consider switching, I have no problem with them. I mean, they do behave pretty well for a Corporation. No need to spread FUD at the first sight of something that may not be ideal.

Not an Apple-specific problem

[dpbsmith]

This sort of problem is now years past the place where it can be solved by "voting with your dollars," or hoping that exposing the problem will create bad PR and shame the company into correcting it.

I don't know what parts of our constitution are still operative today, but if we can't get the public interested in privacy rights, get Congress interested in passing appropriate legislation, making "phoning home" against the law--and getting those laws enforced--then Apple and Microsoft and Sony and everyone else will continue to do whatever is technologically feasible, convenient, and supportive of their corporate goals.

It's naive to think that there are Good Companies and Evil Companies and that the answer is to put your faith in the Good Companies.

Of course, I do hope that exposing the problem creates bad PR and shames Apple into fixing it.

Apple can kiss my shiny metal ass

[Nycran]

More and more it feels like every iPhone belongs to Steve - people are just leasing it from him. There's just *no way* a phone should contact another server without the user knowing it or expressly permitting it, and there's absolutely no way in hell it should disable an application which the user deliberately installed, period. The end.

Re:It's not called a 'phone home'

[bestinshow]

It's probably in the terms and conditions of ownership, and thus every owner has given permission already.

It's not like Apple is collecting user information here. It's a HTTP GET as far as I can tell, with no information being supplied to Apple, just a list of applications that are bad and that the user shouldn't run for their own protection.

Going beyond this into the realm of assuming that apple are collecting user data, disabling applications they just don't like, etc, is stupidity on the level of people who believe in conspiracy theories.

Re:Refunds

[CountBrass]

I Am Rich app, anyone?

I always enjoy old adages being proved right. In this case "A fool and his money are soon parted."

I just wish I'd been the one to think of marketing an app to the terminally stupid.

Re:excuses, let it rain

[linhares]

Apple really does have an incredible buisness model. Lesser companies work out what people want then try to provide that to them at the lowest cost. Apple tells it's fans what they should want and then sells it to them for a remarkably high price. I never would have thought such a system would work.

That business model is called religion.

Doesn't anyone else find it funny...

[TheVelvetFlamebait]

... that as soon as someone dares to post something other than the usual expressions of paranoia and criticism, other less free-minded individuals accuse him of sheep mentality, or drinking the kool aid? Someone else has to see the irony in that!

Re:Refunds

[HungryHobo]

[quote]you are taking advantage of other's stupidity, and benefitting at their expense (very different from benefitting while benefitting others).[/quote]
How is this wrong as long as you don't mislead them.
If I try to sell a shiny piece of rock for a stupidly high price and even put up a big sign saying "THIS DOES NOTHING USEFUL, ALL IT DOES IS SHOW YOU CAN AFFORD IT!"
How am I doing anything at all wrong?
I haven't lied, I haven't cheated, I haven't climed my shiny rock will keep tigers away.
I'm basicly saying "if you give me $1000 I will give you something to show you're so wealthy that you could give me $1000 for the hell of it."
If someone chooses of their own free will to hand me money then who are you to say they shouldn't be allowed to spend their money how they wish.

"you encourage a culture of overconsumption, which, in the long term, is not sustainable for the projected populations we are looking at, and is not necessary."
Ya cause making a copy of a piece of useless software puts such a strain on our natural environment.
If you follow that argument then every industry based on selling status symbols is evil and immoral.

Re:Refunds

[D+Ninja]

If I try to sell a shiny piece of rock for a stupidly high price and even put up a big sign saying "THIS DOES NOTHING USEFUL, ALL IT DOES IS SHOW YOU CAN AFFORD IT!"

...a nice, subtle reference to the diamond industry.

Nice.

Re:Refunds

[Moryath]

malicious app kill switch

"For your security."

"For your own good."

"For the children."

I've got a message for Apple, quite simple - I am perfectly capable of deciding for myself what I want on my iPhone, or any other computing device I own.

If you can't understand that, and continue down this road, then the chances of my buying an iPhone (of any generation) are most definitely going to diminish to nothingness.

I already kicked Verizon to the curb for locking down the phone and trying to force me into their own ridiculous $/month ringtone service when I have perfectly good midi, wav, and mp3 files to make ringtones of myself. Don't think I won't go to a provider that has the sense to let me work with things MY way.

Re:Refunds

[King_TJ]

All fine and good, but I'd counter-argue that if YOU can't comprehend why it's potentially very BENEFICIAL for a carrier to be able to globally "kill off" some new app that turns out to be a trojan horse, leaking out your private information everywhere ... then I don't know what to tell you, really?

It's one thing to claim you're "perfectly capable of deciding for yourself what you want on your phone" ... but another for that statement to be truly 100% accurate.

Working in I.T. as long as I have, I, too, like to feel "in control" of the devices I use. Most of the time, I know what I'm *trying* to install and leave out on the computers I use. But the problem comes in because none of us have time (or even the ability) to audit the source code for each program we install. We have to go on faith that apps do what they say, most of the time. We can pay other people to act as "watchdogs" for us, which is essentially what paid subscriptions for anti-virus/anti-spyware software really are. But ultimately, we still have to trust SOMEONE, or else we'd never install ANY new software on a computer, a phone, or other electronic device, out of fear it might destroy our data or send it where it's not supposed to go!

Re:Refunds

[ph0rk]

I am perfectly capable of deciding for myself what I want on my iPhone, or any other computing device I own.

I'm sure you are, but it is an iPhone, for crissakes. If you want complete control over devices, why are you even looking at apple's products?