Apple Can Remotely Disable iPhone Apps

mikesd81 writes "Engadget reports Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. It seems the new 2.x firmware contains a URL which points to a page containing a list of 'unauthorized' apps — a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. Jonathan Zdziarski, the man who discovered this, explains, 'This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.'" Update: 08/11 13:07 GMT by T : Reader gadgetopia writes with a small story at IT Wire, citing an interview in the Wall Street Journal, in which this remote kill-switch is "confirmed by Steve Jobs himself."

Refunds

I Am Rich app, anyone?

Re:Refunds

[HungryHobo]

I still don't get why it was pulled.
Let rich idiots throw their money away on tat.

Re:Refunds

[Chuck+Chunder]

I still don't get why it was pulled.

Probably for violating an Apple business method patent.

Re:Refunds

[CountBrass]

I Am Rich app, anyone?

I always enjoy old adages being proved right. In this case "A fool and his money are soon parted."

I just wish I'd been the one to think of marketing an app to the terminally stupid.

Re:Refunds

[BasilBrush]

No. This is a Core Location Black List. It stops listed apps from retrieving your current location. But it doesn't stop that app from working otherwise.

Re:Refunds

[BasilBrush]

No. There is a certificate system for all apps, and Apple can revoke the certificate. In tabloid terms that is a kill switch. BUT the functionality described here - the URL with the blacklist - is a Core Location Black List. The clue is in the library that that URL was found in, and in the URL itself if you read it.

Re:Refunds

[iElucidate]

Seriously, no, it is theCore Location Blacklist. He got it from the Daring Fireball link he included in his comment. Apple does claim that there is a capability to remotely disable applications. He does not claim that the URL to the Core Location Blacklist is that capability.

Re:Refunds

[HungryHobo]

"ethical standpoint"?
How is there anything wrong with offering a useless piece of overpriced tat?
You don't have to be amoral to do this.
Hell I wish I'd come up with something this easy and effective.
It wasn't misrepresented, it wasn't claimed to do anything it didn't.
Where is the problem?

Re:Refunds

[jcr]

Steve Jobs apparently confirms that it is a malicious app kill switch.

No. He confirmed that there is a "kill switch", he said nothing about how it's implemented.

The Core Location black list is only about what apps get to access your phone's location data.

-jcr

Re:Refunds

[HungryHobo]

[quote]you are taking advantage of other's stupidity, and benefitting at their expense (very different from benefitting while benefitting others).[/quote]
How is this wrong as long as you don't mislead them.
If I try to sell a shiny piece of rock for a stupidly high price and even put up a big sign saying "THIS DOES NOTHING USEFUL, ALL IT DOES IS SHOW YOU CAN AFFORD IT!"
How am I doing anything at all wrong?
I haven't lied, I haven't cheated, I haven't climed my shiny rock will keep tigers away.
I'm basicly saying "if you give me $1000 I will give you something to show you're so wealthy that you could give me $1000 for the hell of it."
If someone chooses of their own free will to hand me money then who are you to say they shouldn't be allowed to spend their money how they wish.

"you encourage a culture of overconsumption, which, in the long term, is not sustainable for the projected populations we are looking at, and is not necessary."
Ya cause making a copy of a piece of useless software puts such a strain on our natural environment.
If you follow that argument then every industry based on selling status symbols is evil and immoral.

Re:Refunds

[BasilBrush]

Security is layered.

Applications have permission to run by virtue of the fact that they are signed by Apple. That certificate can be revoked. (The so called kill switch).

This black list deals with apps that make inappropriate use of Core Location, but are otherwise OK. For example an app might constantly use explicit Core Location requests to find the current location. That would drain the battery in no time. (versus requesting to be notified when location has changed by more than a threshhold). The App is non-malicious, just sloppily programmed. Apple could blacklist it's core location functionality, whilst leaving the rest of the functionality working. Until such time as the developer produces a fixed version.

Re:Refunds

[Provocateur]

I have my black "CoreLocation Blacklist #1 certified by Apple" stickers ready, with a nice lime green apple logo background, in case anyone wants to buy em...

What, you think only Vista can have nice stickers like that??

Re:Refunds

[MightyYar]

What's wrong with AOL's business model? At the time, it was a great way for a complete neophyte to get online. And it never got in the way of geeks getting on line through "better" alternatives.

There's more than just the "geek" market, you know.

Re:Refunds

[MightyYar]

you are taking advantage of other's stupidity

Is Prada taking advantage of other's stupidity? Some people just have a lot of money and want to flash it. If anything, you are taking advantage of other's vanity - not stupidity.

Re:Refunds

[Shakrai]

What's wrong with AOL's business model?

Which part? The walled garden part or the part where they would keep charging your credit card after you left them?

Re:Refunds

[D+Ninja]

If I try to sell a shiny piece of rock for a stupidly high price and even put up a big sign saying "THIS DOES NOTHING USEFUL, ALL IT DOES IS SHOW YOU CAN AFFORD IT!"

...a nice, subtle reference to the diamond industry.

Nice.

Re:Refunds

[nomadic]

may be you should go back to NOT buying over priced, over hyped, vendor locked devices.

But what would the other pretentious hipsters think of me if I did that???

Re:Refunds

[Moryath]

malicious app kill switch

"For your security."

"For your own good."

"For the children."

I've got a message for Apple, quite simple - I am perfectly capable of deciding for myself what I want on my iPhone, or any other computing device I own.

If you can't understand that, and continue down this road, then the chances of my buying an iPhone (of any generation) are most definitely going to diminish to nothingness.

I already kicked Verizon to the curb for locking down the phone and trying to force me into their own ridiculous $/month ringtone service when I have perfectly good midi, wav, and mp3 files to make ringtones of myself. Don't think I won't go to a provider that has the sense to let me work with things MY way.

Re:Refunds

[Machine9]

The diamond business is somewhat more odd though, the rocks do indeed not "do" anything but are presumed to be "rare" and thus "valuable".

However, the fact remains that diamonds are in fact not very rare at all, barring the very largest specimens, they are intentionally stockpiled and kept rare by controlling the rate at which they enter the market.

You want rare? get a proper red ruby!

Why is this relevant? because apple prices it's product like a luxury company prices it's jewelry (which, for the record can be upwards of a 500% profit margin from my experience in working in the high-end jewelry business) the price is based on:

-brand name prestige
-design

the brand name prestige equates in the consumer's eye to "rarity" but a device like the iphone is of course not rare at all, apple can produce a near infinite amount of them quite readily.

I don't really have a point i guess... other than "people are very silly" =/

Re:Refunds

[PainMeds]

No. The CoreLocation blacklist doesn't prevent applications from using CoreLocation, it kills applcations that use it. That's a big difference.

Re:Refunds

[King_TJ]

All fine and good, but I'd counter-argue that if YOU can't comprehend why it's potentially very BENEFICIAL for a carrier to be able to globally "kill off" some new app that turns out to be a trojan horse, leaking out your private information everywhere ... then I don't know what to tell you, really?

It's one thing to claim you're "perfectly capable of deciding for yourself what you want on your phone" ... but another for that statement to be truly 100% accurate.

Working in I.T. as long as I have, I, too, like to feel "in control" of the devices I use. Most of the time, I know what I'm *trying* to install and leave out on the computers I use. But the problem comes in because none of us have time (or even the ability) to audit the source code for each program we install. We have to go on faith that apps do what they say, most of the time. We can pay other people to act as "watchdogs" for us, which is essentially what paid subscriptions for anti-virus/anti-spyware software really are. But ultimately, we still have to trust SOMEONE, or else we'd never install ANY new software on a computer, a phone, or other electronic device, out of fear it might destroy our data or send it where it's not supposed to go!

Re:Refunds

[ph0rk]

I am perfectly capable of deciding for myself what I want on my iPhone, or any other computing device I own.

I'm sure you are, but it is an iPhone, for crissakes. If you want complete control over devices, why are you even looking at apple's products?

Re:Refunds

[Moryath]

Working in I.T. as long as I have, I, too, like to feel "in control" of the devices I use.

I work in the same field.

But the problem comes in because none of us have time (or even the ability) to audit the source code for each program we install. We have to go on faith that apps do what they say, most of the time.

Mostly correct. Which is why I am highly careful on what I do install, and even LESS likely to let someone else have the decision on removing something.

All fine and good, but I'd counter-argue that if YOU can't comprehend why it's potentially very BENEFICIAL for a carrier to be able to globally "kill off" some new app that turns out to be a trojan horse, leaking out your private information everywhere ... then I don't know what to tell you, really?

And if I could trust that that is the ONLY way that Apple would ever use this... they I *might* consider it a feature.

But come on, seriously. You know precisely what comes up with this. Any freeware program that competes with something Apple might want to make pay software for, will instantly be on the blacklist. This isn't a tool for "protecting people from malicious software". If it was, it would be 100% optional anyways. No, this particular setup is a compulsory setup designed for Apple to be able to kill off the competition.

Re:Refunds

[yabos]

Apple has already sold MILLIONS of iPhones. Can you say that most of these people that bought these are like you? Good for you if you think you can somehow verify every application on the App Store before installing it. You perhaps have some magic to analyze the binaries before actually downloading it, decrypting it and then running it. The purpose of this capability is if something gets past Apple's QA(which from what I can tell so far could be a possibility). Apple does not get the source code, they only get the binary from the developer. If there was some time bomb say 1 month in the future, Apple would likely not notice it until perhaps hundreds of thousands of people have downloaded it.

Re:Refunds

[duffel]

I am perfectly capable of deciding for myself what I want on my iPhone, or any other computing device I own.

Apple cannot reliably tell the difference between you and someone who would install malware that threatens that particular user, the network, or the reputation of the iPhone's safety (and thus apple), so they don't really have much of a choice. If you think you know better then them and you're smart enough to work around their restrictions, no problem. But they can't endorse it.

It's a different thing with ringtones and such - Verizon forcing you to buy their media is just an irritating money making scheme.

Re:Refunds

[BasilBrush]

Read the last paragraph. The guy is a freetard nut.

It might "kill" applications that can't cope with an error when it requests the location. i.e. buggy applications. But all it's there for is to deny named apps the ability to use Core Location.

Re:Refunds

[BasilBrush]

The quoted article is wrong. YOU read the article I linked to ealier. It's right.

Re:Refunds

[peragrin]

are you sure? unlike msft apple actually allows other applications, and freeware. If Apple ever puts an app like on the black list just because it is competing with a pay for app then I will agree with you, but apple hasn't ever blacklisted an app that behaves before.

Now it is an easily abuse-able system especially with how it is setup. I always give the benefit of the doubt in such systems. Even to MSFT. MSFT has abused their setups in the past. apple while a control freak really haven't yet. With yet being the key word.

Re:Refunds

[arminw]

....a compulsory setup designed for Apple to be able to kill off the competition...

I sincerely hope you are wrong about that. It is quite usual for some to ascribe ulterior motives to others, because they themselves have such thoughts. Why not wait a while and see what Apple actually does with this capability, before ascribing ulterior motives to them? It is generally better to assume innocence rather than guilt. I hope that they really only use this ability to kill programs like a fire alarm switch, kinda like "break glass and pull lever" in case of fire.

makes sense to me..

[Tarraq]

It's better than having a lot of malicious programs out there, using data or sending personal information, with no way of recalling them.
Shouldn't be used unless it's deemed "dangerous".
"I am rich" for instance is a legitimate app, although without much purpose. But let's be honest, a lot of apps in the app store has little or no purpose. A 12$ flash light, anyone?

Re:makes sense to me..

[iminplaya]

A 12$ flash light, anyone?

Don't you mean a 512 dollar flash light?

Re:makes sense to me..

[SoupIsGoodFood_42]

Especially when you consider that it's possible to write a program that tells someone exactly where you are.

Re:makes sense to me..

[duffel]

And this certainly isn't there to make sure they can blacklist any iphone breakout software that gets into the wild. God no! Apple cares about their customers! *Cough Cough Cough*

Well, considering there already is breakout software in the wild and it has nothing to do with the apple store... No, this looks like another line of defence in case malware somehow makes it past their reviewing process.

And, you know what? I'm in favour of it. I don't want my phone making unsolicited phonecalls.

Re:makes sense to me..

[muffen]

Shouldn't be used unless it's deemed "dangerous".

Who decides what's dangerous? Are pirated apps going to be deemed dangerous? If you bypass certain security measures, is that dangerous? I don't like control being taken away from me (where "me" in this case is any end-user).

Even if the intent is to only blacklist malware, does apple have a research lab to determine whats malicious and what isnt? Will they tell us how they decide on malware? What if you release an app that is infected with malware, the app is still legit whereas the malware part of the code is not. What happen if that app gets blacklisted, can it be revoked? If the iPhone contacts a webpage every now and then, will apple pay the bill for the connection?

I don't like this, at the moment I don't like it because they did it without saying they are doing it. Going forward, they should say what they intend to block and give the enduser and option of either using the "service" or not... especially since the end-user is the one paying the bill for the datatransfer, the amount of money is imho completely irrelevant.

Re:makes sense to me..

[Jellybob]

Not without it asking you first.

Although it probably wouldn't hard to write an app with a legitimate reason to use the GPS, and throw in a few lines that will also tell the author where you are as well.

Re:makes sense to me..

[Trogre]

Wow. Just... wow

Let's change the players a bit:
"Engadget reports Microsoft has readied a blacklisting system which allows the company to remotely disable applications on your Vista PC."

Do we still feel warm and protected?

Re:makes sense to me..

[Narpak]

I don't want my phone making unsolicited phonecalls.

Unless it is Apple installed software doing it?

Re:makes sense to me..

[rsmith-mac]

Based on what Apple has told developers since the start of the program, revocation appears to be certificate based; Apple is revoking the developer's certificate for that program, which breaks the authentication chain and prevents the application from running. As for what they can block, it does not look like this would be effective against a jailbroken kernel, since much of the authentication chain is patched out anyhow; in other words they wouldn't be able to revoke: the jailbreak, applications for it, and perhaps even regular applications once the jailbroken kernel is installed.

As for what they'll revoke, that's the bigger question. Apple has not shown to be particularly hostile towards the jailbreak community in the past; even if they could revoke it, I don't believe they will. The real test on this policy would be the NetShare application, it's an application Apple has ceased to allow post-release and if the revocation system were to be abused it would be the prime target. So far Apple has not revoked it, even though they've had ample time to do so.

That leaves us with malware. I don't find this to be something hard to define, but perhaps other Slashdot readers do. If the application is legit but has a problem (backdoor for exploiting the Mobile account, for example) I'd assume Apple will revoke the certificate for the bad application and let the author issue an updated version as long as they didn't intentionally create a problem (which is grounds for being expelled from the AppStore program). If it's outright malware that somehow passed Apple's QC, then they'll still revoke it, will not issue further certificates to the guilty party, and since they had to sign up for the program, track the guilty party down and sue them for computer crimes in some form.

I'm not too worried about this (I consider blocking malware from running a good thing) but I can see why other people here would be worried. In either case it's a well thought-out system that seems to cover every contingency, so there shouldn't be any "friendly fire" of applications being unintentionally revoked.

Re:makes sense to me..

[eclectro]

which allows the company to remotely disable applications

You mean like what complete strangers currently do now on a windows pc?

Re:makes sense to me..

[BasilBrush]

I trust Amazon with my credit card number and address. I wouldn't trust Scammy Viagra Co with either.

Of course it's within the realms of possibility that Amazon may misuse it, but the benefit I get in a wide access to cheap books outweighs my risk.

On the other hand I'd expect Scammy Viagra Co to misuse it.

It's perfectly reasonable to accord different companies with different levels of trust. And giving out your credit card number is a far more significant trust level than allowing a company to prevent selected apps from accessing your current location.

I do trust Apple to use it responsibly. I wouldn't trust Microsoft to. And there's absolutely nothing wrong with that. All companies are not the same. Microsoft's evil misdeeds negatively affect their trustworthiness, but they don't affect all other companies too.

Re:makes sense to me..

[pdbaby]

This is actually a few days old; it did the rounds on the Apple rumour sites and was debunked: it's a blacklist that can prevent applications using Core Location to determine a users' position (so if an app is abusing it & logging everywhere a user goes, they can be prevented from doing that while still allowing the app to function).

The hint was in the filename (and the library that references it): clbl - Core Location BlackList

Re:makes sense to me..

[SerpentMage]

>I do trust Apple to use it responsibly. I wouldn't trust Microsoft to. And there's absolutely nothing wrong with that. All companies are not the same. Microsoft's evil misdeeds negatively affect their trustworthiness, but they don't affect all other companies too.

Well you are a fool... Both are corporations and both have profit motives. I trust neither!

Re:makes sense to me..

[catwh0re]

I second that, meanwhile there is a lot of distrust for apple - in spite of them having one of the most trusted operating systems... bizarre.

Re:makes sense to me..

[catwh0re]

The concept of a virus scanner is exactly this: an application designed to stop malicious apps from running. Since virus scanners for your phone aren't an ideal application, apple had to step in and provide that extra layer of security. Plus apple know the moment they start disabling applications for no reason at all, will be the same day their app store sales take a huge dive.

Re:makes sense to me..

[BasilBrush]

Then you're doomed to not deal with any company and live the life of a hermit collecting nuts and berries.

Speaking of nuts...

Re:makes sense to me..

"Oh, but's Apple, and this is good! Want to know why the PC prospered? Apple around the time of when it could have gone its way introduced an SDK development process where every developer who wanted to deliver something had to have a developer token. Without the blessing of Apple no go on Apple hardware! It annoyed many developers and the rest is history...

Don't believe? Do some historical checks..."

Really, I was an Apple developer back in the day, moving from the Apple II all the way to the original Mac (the all in one) and then getting out of the business a few years later.

I don't remember EVER contacting Apple for the SDK. I simply bought Lightspeed /Think C and Pascal and developed. Want more in-depth info? Get the Inside Macintosh books. I had like 2 dozen...each taking up a few hundred pages, and each focusing on an API and/or group of related items. Things like Audio had entire volumes written about it (this was my focus).

In this time, I *NEVER* once asked Apple for a 'token'...it wasn't needed. The most you'd ever need would be to have an official App ID (or whatever it was called) that ensured that documents created with specific doc types would know what application would open it -- and to keep other developers from trying to usurp yours. It could easily be done on the local computer.

Honestly, you don't know what the fuck you are talking about. This falls into the realm of not just ignorance, but making shit up.

Re:makes sense to me..

[Fujisawa+Sensei]

I second that, meanwhile there is a lot of distrust for apple - in spite of them having one of the most trusted operating systems... bizarre.

Not trusting them keeps them honest.

Re:makes sense to me..

[mdwh2]

I choose to run the virus scanner, and I can choose to disable it or run another one in its place if it causes problems.

I love the fuss people are making about this, as if it's a new idea to disable programs on your computer.

I love the tenuous analogies that people try to come up with to justify it, just because it's Apple, when it would never be accepted if it was any other company.

Re:makes sense to me..

[muffen]

when you run a virus scanner, you let symantec et. al. decide what is dangerous - I love the fuss people are making about this, as if it's a new idea to disable programs on your computer.

You choose to run the virus scanner, you choose which company to run it from or you could just as well choose not to run a virus scanner. And, if you are a person that does not want a virus scanner, should you have to pay for one, like you will have to do with the traffic charges for the iPhone?

The freedom of choice, that is what Apple is taking away from you... I am not saying the service is a bad idea, I am saying its a bad idea to run it without saying you are running it, and without saying why you are running it, and that people have to pay traffic charges to check that list without knowing they are doing so or without maybe even wanting to do so.

Re:makes sense to me..

[Shakrai]

Not trusting them keeps them honest.

Wouldn't that make Microsoft the most honest company ever?

Re:makes sense to me..

[Daimanta]

So you either have to blindly trust companies or live like a hermit?

Speaking about false dichotomies(and nuts too).

Security Risk?

Given the unpatched Kaminsky DNS stuff on desktop OS X, or even just spoofed ips, doesn't this mean that a malicious attacker might be able to spoof the apple "ban list" and disable core functionality? How long until this can be exploited with a list of the core os x daemons thus "bricking" the phone until ?

Re:Security Risk?

[HungryHobo]

10 points to the first person to brick some iphones with this!

Re:Security Risk?

[rsmith-mac]

In theory? Sure, why not. In practice, it would be one of the greatest screwup in all history if this could be done. Presumably Apple is signing the list (via private/public keypairs) just like they do iPhone firmware updates; you sign this kind of stuff exactly so that hackers can't do stuff like this.

In other words no, I doubt this list can be exploited in that manner.

Re:Security Risk?

[jamesh]

10 points to the first person to brick some iphones with this!

These points you speak of... are they redeemable for cash?

Re:Security Risk?

[IBBoard]

And 100 points to the first person who actually bricks it (i.e. makes it completely and irretrievably unusable), rather than just temporarily disabling it until the next update.

Re:Security Risk?

[vodevil]

10 points to the first person to brick some iphones with this!

These points you speak of... are they redeemable for cash?

They are good for one free app from the app store.

excuses, let it rain

[timmarhy]

ok can we please just get all the apple fans make their excuses early on. the iphone is a fiasco but nothing will take their blinkers off, so lets just let them get it off their chest early.

Re:excuses, let it rain

[SoupIsGoodFood_42]

How about we stop pretending that philosophical issues are the most important things when someone buys a product? Yeah, Apple products are more closed and restrictive, but they work for me. And until I get burnt by them bad enough to consider switching, I have no problem with them. I mean, they do behave pretty well for a Corporation. No need to spread FUD at the first sight of something that may not be ideal.

Re:excuses, let it rain

[symes]

Lesser companies work out what people want then try to provide that to them at the lowest cost.

True for a lot of products... but put Apple in context here. The PC market isn't exactly flush with good natured business folk doing their upmost to protect consumers. And there's way too much choice in the phone market. The upshot being Apple has a reasonably well trusted, well known brand that looks good. To your average consumer this will be enough to warrant a little extra on a product.

Re:excuses, let it rain

[Bender+Unit+22]

I'll bet you think Linux is a good desktop solution for the average user.

Re:excuses, let it rain

[linhares]

Apple really does have an incredible buisness model. Lesser companies work out what people want then try to provide that to them at the lowest cost. Apple tells it's fans what they should want and then sells it to them for a remarkably high price. I never would have thought such a system would work.

That business model is called religion.

Re:excuses, let it rain

[whisper_jeff]

the iphone is a fiasco...

I think you're using that word without knowing what it means. I suspect most companies would like to have a "fiasco" like the iPhone n their product catalogue.

Re:excuses, let it rain

[thermian]

Ooh! How dare you take the reasoned intelligent approach! Don't you know where you are?

Also, I agree. My friends bitch about my buying iPod, because its 'eeeevil Apple'. But they work well, I like the build quality, and I have never seen any compelling reason to buy any competing products.

Re:excuses, let it rain

[Khaed]

I own nothing by Apple, but I kind of disagree with you here.

Nobody can say they bought an iPhone, at this point, and didn't know what they were signing up for. Apple's attitude is well known, and only an idiot I wouldn't feel sorry for will have gone into an agreement with them without being aware of what kind of company Apple is. Clearly, people like Apple despite their flaws (just like people like Google despite theirs, and Linux, and Microsoft -- all are flawed but Jesus they have annoying fanboys). Apple fans just don't care about the same stuff you do.

I use Linux almost exclusively on my home PC, but none of my friends do; they want to play games or don't want to learn to use a new OS or whatever. It's not that they've drank the MS kool-aid. They just don't have the same outlook as I do.

That said, I don't like the idea of a device that I've paid for talking to a third party and deciding which programs (that I've paid for) to run. So I guess I won't be getting an iPhone (not like it was ever in consideration in the first place).

Re:excuses, let it rain

[Angostura]

Gosh, there are some patronising people around today aren't they. My wife gave me an iPod Touch as a gift and as an atheist I can tell you that it is a really rather splendid device. It has flaws (the biggest being a very low-level, volume independent hiss on audio - a pretty big problem for a music player) but other than that, I love it.

I paid for the 2.0 software update and yes, I've downloaded a heap of apps (and paid for one). It works very well, it has a pleasing form factor and yes it is expensive, but not outrageously so.

So a little less of the old high-horse.

Re:excuses, let it rain

[bloodninja]

I use Linux almost exclusively on my home PC, but none of my friends do; they want to play games or don't want to learn to use a new OS or whatever. It's not that they've drank the MS kool-aid. They just don't have the same outlook as I do.

Presumably you don't have outlook at all on that Linux box. Evolution / Kontact maybe.

Re:excuses, let it rain

[TheRaven64]

Yeah, Apple products are more closed and restrictive, but they work for me. And until I get burnt by them bad enough to consider switching, I have no problem with them

Has it occurred to you that the people spouting 'philosophical issues' are the ones who have already been burnt by locked-down products? Great for you if you haven't - come back when you have and we'll talk about those philosophical issues.

It is a Core Location Blacklist

http://daringfireball.net/2008/08/core_location_blacklist : "An informed source at Apple confirmed to me that the âoeclblâ in the URL stands for âoeCore Location Blacklistâ, and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location â" an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines."

Re:It is a Core Location Blacklist

[zonky]

helpfully, the url: contains the template! https://iphone-services.apple.com/clbl/unauthorizedApps { "Date Generated" = "2008-08-11 09:19:37 Etc/GMT"; "BlackListedApps" = { "com.mal.icious" = { "Description" = "Being really bad!"; "App Name" = "Malicious"; "Date Revoked" = "2004-02-01 08:00:00 Etc/GMT"; }; }; }

Re:It is a Core Location Blacklist

[iminplaya]

...Ãoeclblà in the URL stands for ÃoeCore Location BlacklistÃ...

Say what?

Re:It is a Core Location Blacklist

[iminplaya]

That'll be Slashdot's lack of unicode support -_-

Jeeze! If we can put a man on the moon, you'd think that... Oh, nevermind...we can't even do that anymore either.

Re:It is a Core Location Blacklist

[digitig]

No, /. sucks. Try to point out the price of something in Euros. It won't work.

"10 Euro".
Hmm, seems to work here...

Re:It is a Core Location Blacklist

[teh+kurisu]

€ is your friend ;)

€

Re:It is a Core Location Blacklist

[bloodninja]

...Ãoeclblà in the URL stands for ÃoeCore Location BlacklistÃ...

Say what?

It's gibberish. Hebrew internet users are all too familiar with it, hence the linked website. It will translate some non-Hebrew gibberish as well.

Actually, I think that the technical word for gibberish is Mojikame, from Japanese.

Re:It is a Core Location Blacklist

[Fahrvergnuugen]

It's JSON

Re:It is a Core Location Blacklist

[e4g4]

No it isn't. JSON uses the javascript hash notation - keys and values are separated by ':'s, not '='s

Re:It is a Core Location Blacklist

[maskedbishounen]

& is also your friend.

Now you have two!

Spin this!

[consonant]

..Apple fanbois!

*ABSOLUTELY NOTHING* justifies phoning home without having asked the user at some point.

Explicitly.
Up front.
In his/her face.

"But it was there in the EULA" is a stupid argument. The "ohhh shiny!!11" crowd wouldn't have read it, and most reasonable people cannot be expected to.

Disclosure: I have a 4gb iPod Nano which I got for free. I'd rather have something else which wasn't bound to the fancies of Lord Steve, but currently cannot afford it..

Re:Spin this!

[SoupIsGoodFood_42]

Not even a malicious app that is violating someone's privacy without them noticing? I'd rather have Apple disable it and risk the possibility of a false deactivation which I can sort out later than have my iPhone pwned because someone decided that iPhones phoning home was something to get paranoid about.

Re:Spin this!

[dangitman]

Except that it doesn't. The blacklist in question does not blacklist applications on the phone. It's a registry of applications which the user denies access to the "Core Location" service - i.e, when you don't want the phone to use GPS or triangulation data for privacy reasons. Seems perfectly reasonable to me. I don't want apps broadcasting my location without permission.

Re:Spin this!

[lucas+teh+geek]

Well if that seems perfectly reasonable to you, iPhone isn't really for you since currently no applications are blocked from using your GPS...

is that so mr anonymous coward? that's odd, since my iPhone pops up a message ""app_name" would like to use your current location" the first time each app tries to access the GPS since the last reboot. seems to me you're talking right out your ass

Re:Spin this!

[gaggle]

Uh, yes it's justifiable. Apple wants its product to behave this way, and I purchase their devices knowing they want to control everything. Don't buy the phone if you want an open market model! Hell you shouldn't own any Apple product if that's the kind of market you prefer, it is simply not their thing.

Besides, as other posters have pointed out, it's not phoning home to control apps, it's to prevent malicious use of CoreLocation because Apple cares about privacy.

(okay I'm not actually arguing they care, but that's the impression they want to give. It protects their profit margin)

re: CoreLocation

[akarnid]

Sorry guys. This is brouhaha over nothing. The blaclist in question does NOT disable apps remotely but instead disallows listed apps form accessing the CoreLocation framework. See http://daringfireball.net/2008/08/core_location_blacklist

Net Share

[nmg196]

So how long before Net Share gets disabled?

Unfortunately I missed this app when it was on the App Store and I've been looking for a way to install it, but I suspect now that even if I succeed, that it will get disabled by Apple in the coming weeks/months.

iPhone newbie question:
Is there a way to install apps which have been removed from the App Store by somehow getting the binary?

Re:Net Share

[Dog-Cow]

Yes, if you get the .app bundle, you can install it manually on a jailbroken iPhone/iTouch.

Re: CoreLocation

[bursch-X]

Oh, come on don't you spoil our neat little flamefest based on mere guesswork and Anti-Apple bias with your boring and irrelevant facts, please.

I mean this if Slashdot, if you want news, please go to CNN.com. Ah, damned, they don't want their stories being diluted by facts either...

Not an Apple-specific problem

[dpbsmith]

This sort of problem is now years past the place where it can be solved by "voting with your dollars," or hoping that exposing the problem will create bad PR and shame the company into correcting it.

I don't know what parts of our constitution are still operative today, but if we can't get the public interested in privacy rights, get Congress interested in passing appropriate legislation, making "phoning home" against the law--and getting those laws enforced--then Apple and Microsoft and Sony and everyone else will continue to do whatever is technologically feasible, convenient, and supportive of their corporate goals.

It's naive to think that there are Good Companies and Evil Companies and that the answer is to put your faith in the Good Companies.

Of course, I do hope that exposing the problem creates bad PR and shames Apple into fixing it.

Story is untrue

[dangitman]

The blacklist in question does not blacklist applications from running on the phone. It's a registry of applications which are denied access to the "Core Location" service - i.e, when you don't want the phone to use GPS or triangulation data for privacy reasons. Seems perfectly reasonable to me. I don't want apps broadcasting my location without permission.

Re:Story is untrue

Will you kindly shut the fuck up already? We've had about 5 posts like this so far, all of which contradict the following respective pieces of obvious logic and in-your-face authoritative evidence:

1. Just because someone uncovered one URL which is likely to be a Core Location services blacklist, it doesn't automatically disqualify that there are [i]other[/i] blacklists which disable an app entirely.

2. Steve Jobs announced (see recent WSJ article summarized e.g. on macrumors.com) that iPhone has remote app disabling. To announce this if it's not true would be monumentally stupid for two reasons:

(a) He knows he'll piss off a minority contingent of privacy advocates. (shame that it's only a minority, but if there's one thing we learn from our dear country, it's that its citizens generally get exactly what they deserve)

(b) At some point, a malicious app [i]will[/i] appear. Imagine the reaction if, everyone with eyes looking to Apple to disable it, SJ responds with "oh, my bad, actually we can't disable stuff".

In conclusion, the iPhone has remote app disabling. Apple can remotely disable any of your apps. Your apps are remotely disable-able.

In other news, the iPhone developer agreement apparently must include the "we can pull any of your apps from the store for an arbitrary reason aside from the ones mentioned explicitly in the agreement" clause, since removal of _I Am Rich_ was, Apple claims, a "judgment call". Meanwhile, removal of _NetShare_ was due to the ability - the developer seems to have concluded, after a period of silence - to use it to break your service agreement on some of the many global networks iPhone is available for. This is all made harder by an NDA which specifically prohibits an iPhone developer community, let alone any open source + Free software, since you're [i]not allowed to talk about your code[/i].

At the risk of confronting the No True Scotsman fallacy, no true developer codes for the iPhone. It's a get-rich-quick gamble, where Apple may pull your foundations from under you at a whim (as they've already three times to developers) and where you must code alone and in secret.

It *Might* be a Core Location Black List

[segedunum]

The whole speculation on Core Location comes simply from the URL having clbl in it, which supposedly stands for Core Location Black List. There is no other evidence provided that this is only what it does, nor does it mean that Apple can't use it in some other form or that they're not working on a set of black listed applications they can retrospectively turn off. Apple have already shown how developer friendly they are by pulling applications from their store without warning.

Personally, I find a black list like this an exceptionally stupid and blunt way to deal with access to Core Location.

This has already been addressed by Steve Jobs!

[djkitsch]

Couple of hours before this story got onto the /. front page, Engadget had this scoop:

http://www.engadget.com/2008/08/11/jobs-60-million-iphone-apps-downloaded-confirms-kill-switch/

Steve Jobs has confirmed the kill-switch, and defends it as a "responsible" way to make sure they can deal with it if a malicious app finds its way into the App Store.

Get with the times, editors!

Re:This has already been addressed by Steve Jobs!

[El_Muerte_TDS]

But the URL being talked about in this /. post is not a kill switch as reported in earlier replies.

So, this means that there is still a hidden kill switch in the iPhone.

Slashdot VS Logic

Apple: Hmm, how about we make our iPhones phone home to see if they have any blacklisted apps on them, and then we can remotely disable them!

Slashdot: Well, yeah, I mean it would stop bad apps from being runaway in the wild, right?!

Microsoft: Hey guys, lets make a cellphone, and have it phone home to see if there are any bad apps running on it!

Slashdot: WHAT DO YOU THINK YOU'RE DOING, OH MY STALLMAN, THE HUMANITY!!!!

512$ ought to be enough for anyone

512$ ought to be enough for anyone

Re:It's not called a 'phone home'

[temcat]

It's not youPhone, it's iPhone. And so it phones.

You mean there is protection against iphone virus?

[sleeponthemic]

Scandalous!

Apple can kiss my shiny metal ass

[Nycran]

More and more it feels like every iPhone belongs to Steve - people are just leasing it from him. There's just *no way* a phone should contact another server without the user knowing it or expressly permitting it, and there's absolutely no way in hell it should disable an application which the user deliberately installed, period. The end.

Re:Apple can kiss my shiny metal ass

[shmlco]

"There's just *no way* a phone should contact another server without the user knowing it..."

Actually, when you stop to think about it, every cell phone in existence does just that, as all of 'em continually poll local cell towers to tell the servers that they're in that particular neighborhood. You might not have known it's doing that, but it does.

Then there's the fact that the iPhone checks iTunes servers for application updates, does push/pull on various and sundry mail servers, handles SMS messaging, will shortly begin checking for push notifications, checks who knows what stock and weather servers....

wow, expensive *and* restrictive?

[spottedkangaroo]

Where can I sign up for the really expensive phone with no buttons, locked into a single provider, that I can't modify or enjoy in any way (except the approved ways I suppose).

I'd really like one of those.

Re: CoreLocation

[Standard+User+79]

There are currently 2000+ iphone applications. When polling a server should you a) return a list of 1999 good applications, or b) return a list of the 1 bad application...

Re:It's not called a 'phone home'

[bestinshow]

It's probably in the terms and conditions of ownership, and thus every owner has given permission already.

It's not like Apple is collecting user information here. It's a HTTP GET as far as I can tell, with no information being supplied to Apple, just a list of applications that are bad and that the user shouldn't run for their own protection.

Going beyond this into the realm of assuming that apple are collecting user data, disabling applications they just don't like, etc, is stupidity on the level of people who believe in conspiracy theories.

Nonsense

[CountBrass]

Unless they're going to produce a "disabled apps" page for each individuals iPhone then of course this wouldn't allow them to do that.

Don't Tell Microsoft

[gmdiesel]

If the Beast gets wind of this concept, they'll start shutting down Quicken, Firefox, Thunderbird....

Re:Is /. falling behind?

[Legion303]

Old news for nerds. Stuff from last week. (tm)

business method patent?

[petes_PoV]

What, you mean Apple have patented taking money from rich, gullible people?

Hmmm, explains a lot - though I can see a lot of infringement cases come up. Including one against patent infringement lawyers. I wonder who'll represent Apple there?

Apple is my mommy!

[BitterOldGUy]

...just a list of applications that are bad and that the user shouldn't run for their own protection

So, Apple is my Mommy!?

Need to go to Church

[BitterOldGUy]

Oh, come on don't you spoil our neat little flamefest based on mere guesswork and Anti-Apple bias with your boring and irrelevant facts, please.

I mean this if Slashdot, if you want news, please go to CNN.com. Ah, damned, they don't want their stories being diluted by facts either...

Yeah! And another thing, I'm getting a kick out of negative Apple posts getting +5 and positive ones getting -1 !

I'm going to church to today because I'd never thought I'd see this on Slashdot! There's all these wars and oil and food prices are through the roof. I think I saw this in a movie about the World coming to an end with that 'Growing Pains' kid all grown up. And my cat, it slept with a dog last night.

The end is nigh!

Antivirus definitions

[fabs64]

How is this practically any different?

Re:Once Again

[Piranhaa]

You know it's really sad when a poster doesn't even RTFA or read the RTFT(thread). Engadget, and now Slashdot.. Are people on the internet really that illiterate now and just follow the leader? After MANY posts (many by me and many by others) on Engadget, people STILL insist "APPLE IS GETTING SUED!" or "Ha! What are you fanboys going to say to this?" and the best one "Haha Same as the Microsoft WGA". Anyways I've already made too many posts and feel redundant, but rumors and speculation to get THIS far is simply sickening.

Doesn't anyone else find it funny...

[TheVelvetFlamebait]

... that as soon as someone dares to post something other than the usual expressions of paranoia and criticism, other less free-minded individuals accuse him of sheep mentality, or drinking the kool aid? Someone else has to see the irony in that!

Re:Steve Jobs

[Carl_Stawicki]

He can use Spotlight to find it.

Re:EULA SIGNED UNDER DIRESS

[bestinshow]

Err, where did you get the idea that this killed iPhones?

It's a list of applications that the iPhone shouldn't run because they're malicious. There's nothing about killing iPhones remotely here.

Of course, the ITWire story itself is written with so much hyperbole and bullshit and speculation it is easy to get caught up in it and lose sight of the simple explanation. Apple run an application store and thus have some responsibility over the contents on that store. If they let some bad software on by accident, they need a way to ensure that end users can't run it.

All the rest is conspiracy theory non-story verbal wankery.

Re: CoreLocation

[Alsee]

if you want news, please go to CNN.com. Ah, damned, they don't want their stories being diluted by facts either...

You're absolutely right. People should go to Fox News instead.

-