Mac Hoe

A hacker named Jonathan Zdriarski, also an author of the book iPhone Open Application Development and iPhone Forensics discovered a hidden URL in iPhone’s CoreLocation that he believes the iPhone uses to check whether any apps on your phone match with those listed in a database of blacklisted applications. Presumably, that would allow Apple to remotely de-authorize those apps, or perhaps even delete them.

““This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down.

“I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.” - Zdrianski explains

When Apple launched the App Store, they suggested that the use of DRM’d and signed applications could allow them to protect the iPhone from malicious applications and suggested that they could deactivate such applications remotely. Also note that this is very different from just removing an application from the App Store. In case of this black listing, Apple could presumably shut down applications already installed on every iPhone.

A bigger question may come to mind about this issue. If Apple is keeping tabs on the applications a person is downloading, what else is it keeping tabs on? our phone calls? our text messages? our browsing history? The type of content I chose to consume? personnal infos we store on our iphones? I surely hope not, as that’s a major breach of privacy. Let us just hope that Apple will reserve the use of this black list remote-deactivation for truly malicious apps.

This entry was posted on Saturday, August 9th, 2008 at 2:23 am and is filed under Apple, Apps, Community News, iPhone. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.