iPhone can phone home and kill apps?

Apple has apparently included a blacklisting mechanism in iPhone OS 2.x through which the device can phone home, check for unauthorized applications, and disable them. The OS includes a URL that points to a page containing a list of unauthorized applications, specifically those listed here.

According to Jonathan Zdziarski, author of the book iPhone Open Application Development and an iPhone forensics manual:

This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down.

I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.

Originally posted at iPhone Atlas.

Editors' note: For more information, see Tom Krazit's follow-up post, "Much ado about the iPhone's 'kill-switch'."

[jeremyblaze]

yet another reason I wont be getting a new Iphone.

Cant wait to see how the apple fanboys spin this one.

[ittesi259]

I like a lot of Apple Products, and I even though I'll never own one because of AT&T's BS pricing plans for the iPhone I still like it, but this is really stupid. I'm sure this is the next thing someone will develop a hack around.

[YankeePoodle]

Apparently, Apple still thinks the IPhone in your pocket belongs to them.

[scatlizard]

The link looks to me that apple is trying to disable malicious software that can harm the phone.

[Vegaman_Dan]

The problem with the list by calling it malicious software is that Apple gets to decide what is malicious. And that doesn't necessarily mean it is malicious to the iPhone/Touch/network. Apple can simply decdie they don't like the app and put it on the list. There is no justification necessary.

And yes, you own the hardware, but once again you do *NOT* own the operating system on that hardware. You agree to let Apple control your use of the device by buying it. This is standard for all their products.

[M C]

CNet got the details completely wrong - exaggeration makes for more clicks though.

This method would allow Apple to "kill" software downloaded from their store only. Very important protection against malicious and overly crash-prone software.

[troyallen]

Don't. Then why you post here?

[kylebuttermore]

i bet they snuck it into the old iphone during the 2.0 upgrade.

[Perry_Clease]

"yet another reason I wont be getting a new Iphone."

So your current iPhone is fine? :)

To be sure it could be abused by Apple, but it could also be used to kill a malicious or problem app that snuck through the vetting process.

[inachu]

By deleting data remotely I assume they also have the ability to access any data on the phone remotely. I do not think this iphone is very secure.

[pvtech]

What's the purpose of this? To make sure that the device runs smoothly? "Thanks for caring, Apple"? Or "Thanks for caring about your public image more than my autonomy"? (A smoothly running device = "our device won't crash on you!"

Yeah, I got my fug Palm TX, and yeah, I reset it about 1x/month, but I have a multitude of apps, mostly free, that do almost everything that I want a pocket device to do. And I like the calendar better on the TX. Basic control.

And my cellphone: free through Cingular.

[nmprofessional]

I agree with you pvtech. I was out of range from a cell network this past week. I think my iPhone "phoned home" because after a few vibrates on the phone... I could not open any third party app.

I guess my take on this whole thing is... may the "old technology" that is not connected like a Palm TX is better solution for me too. I need my iPhone/PDA data at all times... not at times or apps that are just "okayed" by apple.

How many people do you think will be mad, when they buy a $12-30 app - then have it become non-functioning. Makes me very mad.

[inachu]

I bought a legit version of software from their app store to remote my XP computer and I APPLE decided to delete it from ITUNES and my iphone.

But do they have the guts to refund me? No.
Do they explain why they removed the VNC program? No
So far Apple has a lot of quality control issues that I am not happy with.
Will they uninstall super monkey ball from my phone also in the near future?

[habdelra]

inachu: if you visit the URL mentioned you will see that it references a dummy app--not VNC. apple did not remove this software from your phone.

[Vegaman_Dan]

What is the name of the application you had on your system? It would be interesting to contact the developer and find out what happened.

[Prince2k3]

@inachu ... I don't know what you're talking about but I still have VNC and I did the update. Sure you didn't just uncheck VNC from your iTunes and got it removed. Might wanna check.

I think they made this to remove malicious software thats it. No where does it say it going to remove unauthorized apps. I for one am happy they are trying to protect consumers. not the small group of individuals that wants everything hacked.

[smokinmunky]

Could you imagine if Microsoft did something like this? Everybody would be up in arms. But, at the end of the day I bet Apple will get away with this. Apple has a really nice product line, but when I hear about stuff like this it just make me question if I want to go there.

[freemarket--2008]

Microsoft has already done far worse. As far as this code it just looks like an insurance policy against external software that may cause their users problems. So far there is no reason to suspect any bad behavior by Apple.

[jake49]

i agree it's ridiculous... there's no excuse for it... it's like apples the parent and your a child... the dev team will find a way around this...

[Grizlupo]

Does this strike anyone else as just plain creepy? It is ironic that Apple, which so brilliantly used Orwellian imagery in its famous "1984" superbowl ad, would even contemplate this.

[inachu]

Just think if Microsoft did this and did not like the idea you ran java on your pc and decided it could at its whim uninstall it. This is invasion of privacy pure and simple. Nobody big or small business or NSA or CIA has any right to travel through my hardware remotely without getting permission first and no legal loohole can bypass that! What if I named a custom app that randomly pictured my family and if Apple decided it did not like the name of the app because the name and file size matched a previously name app that was banned? They have no right. Sounds like out of the BOOK "COMMUNION" The aliens reply "Oh but we do have a right!" yeah right.

[jeremyblaze]

no, "I" dont, but we do have one at the house. My current is a Pearl, and I want my next device to be more web-capable so I too was contemplating. The more I hear about the app-store, Jobs control-freak attitude, and yeah the mobileme disaster, the more I think I need to wait for different choice.

[jhawk95]

Give me a break! You weren't contemplating buying an iPhone any more than you were contemplating having a sex change!

You are just another RIM Fan BOY who is jealous at what we can do on our iPhones and what Apple has accomplished in such a short time period. Imagine where Apple will have this phone at in another year.... another 5 years.

[jeremyblaze]

no, "I" dont, but we do have one at the house. My current is a Pearl, and I want my next device to be more web-capable so I too was contemplating. The more I hear about the app-store, Jobs control-freak attitude, and yeah the mobileme disaster, the more I think I need to wait for different choice.

[jake49]

yeah there r going to be more touchscreen iphone like phones in the future... without all of the control... if blackberry has a touchscreen phone... i'd trade in my iphone on day 1

[habdelra]

Who's to say that this would be used for paid apps? Perhaps it is for jailbroken iPhones. There is really not enough info to go on here until apple decides to actually put (whatever this is) into use...

[habdelra]

Who's to say that this would be used for paid apps? Perhaps it is for jailbroken iPhones. There is really not enough info to go on here until apple decides to actually put (whatever this is) into use...

[tacit]

*shrug* Sounds like a non-issue to me. Many programs, including Microsoft Internet Explorer, have a mechanism to disable third party software; Explorer can set a "kill bit" for ActiveX plugins to disable them if Microsoft wants.

Does it mean that Apple and Microsoft are conspiring, Big Brother-like, to control what you put on your device? No. It means they can kill software known to be malicious, such as Trojan horse programs.

I think it's interesting that people hate and fear software companies so much that they will immediately jump to Big Brother scenarios. Don't jump the gun, y'all. If the mechanism is not being used and no programs are blacklisted, there's no problem. Save the over-the-top emotional histrionics for when (and if) the mechanism actually gets used for nefarious purposes, 'kay?

[William Schnippert]

The capability is there. Has or will Apple use it? Could it be a concession to the corporate customers that also required remote wipe capability (just like blackberry). Talk about loss of autonomy.

Bottom line is as of now Apple has not abused me as a customer the way Microsoft has with windows Genuine advantage and onerous DRM built into Vista. They haven't abandoned me as a customer of itunes like MS abandoned its Plays-for-sure customers. They haven't tried to con me into paying more for music with Zune points. So I'll give Apple the benefit of the doubt for now.

[jake49]

what does this have anything to do with apple? you just switched everything around... this article isn't comparing anything between microsoft and apple! It's just give out true statements...

[fear-teagaisg]

How dare Apple and ATT be concerned about wanting to control malicious applications on device that is connected to the internet, GPS, and every phone system in the world!

It's as though Apple and ATT think someone might want to leverage that connectivity for malicious purposes. I think they harbor the delusion that the effects of a poorly designed or intentionally troublesome application might be able to quietly propagate through a network in a few minutes, infecting innumerable devices and systems worldwide without any ordinary users being aware of the problem until it's too late. They may even imagine that the users themselves might download privacy-compromising or destructive malware, disguised, perhaps, as as innocent games or family photos. Who would do such a thing?

Apple and ATT know full-well that stories of secretly installed code stealing credit card numbers, disrupting network traffic, or relaying pornography are all urban legends. Gee whiz, they probably think they have licensed software to people who have signed agreements to subscribe to a telephone service.

The nerve.

[Vegaman_Dan]

It is a possibility to consider. Since all applications run as Root and have zero means of security, it only takes on iPhone out there to get pwned and then have an email message sent out that means nothing to desktops, but makes the iPhone/Touch units into one massive zombie net.

There is zero protection against this right now. Apple has cause to be worried and keep the ability to remove problems like this remotely if they can.

[Vegaman_Dan]

This isn't news. This was announced back when the SDK was first released. This is the same mechanism that Apple stated they would use to remove applications from customer's phones for applications that had been removed from the Apps Store.

Basically the idea being that in order for an app to stay available, the developer had to pay their yearly fees to stay active. If they dropped out, then their apps would be pulled from the Apps Store and from the handunits that customers had purchased the product for. It calls into question again if you are buying software or only renting it. Another EULA situation to be dealt with.

Jailbreaking makes more and more sense. Apple can't do anything about that. If they do remove apps that were not in the Apps Store origianlly, then they become guilty of actively and knowingly causing damage / data destruction and that's simply not something they can afford to get caught doing. The federal government doesn't like that sort of thing and can easily shut the company down for terrorism as a result. Not a good thing at all.

[setgo]

Sounds to me like they are just trying to protect the iPhone and it's users from something malicious. Why would Apple kill apps for no reason at all. The people who mostly comment are the ones who say "well this is the reason that I don't have an iPhone", or "if Microsoft did this then blah, blah, blah". Hey guys, you don't need any more reasons, just don't buy one! No one cares whether you buy an iPhone or not. I guarantee you jeremyblaze and pvtech that trumpets will not sound the day you decide to buy an iPhone.

[jeremyblaze]

isnt that exactly the fanboys point, that the trumpets will sound and the heavens will smile upon those who see the light and convert to Apple???

Like I said, we have 1 iphone 1.0 here, and I have been evaluating my options, so my comment is just as valid as your "Sounds to me like they are just trying to protect the iPhone" praise for the company.

And as for your question, why would Apple do it... why wouldn't they. They are already pulling apps from the store that WERE approved, and according to the EULA they can remove those now from the handset. I am not saying they will, but am saying that they could.

My blackberry has all kinds of hooks I.T. could use to take control, except mine is a personal berry, meaning only I have control over it. The times Tmobile has exerted control (only pushing new apps so far, but I know they can try to remove) I have not been happy. So I'm not just ripping on Apple here.

As a private citizen, I feel we must fight back against these controls. If I 'purchase' something, I feel I should be able to control it. Just like my car. If I wanted to upgrade the stereo, engine, exhaust, tires, rims, etc I can. I couldn't if I were renting, but certainly if I purchased it. And that is basically how I want my phone to work too.

Oh, and the argument about protecting the network will only take you so far. Many of the countless apps I have installed to try or use on my blackberry have not had access to the network at all.

So maybe the trumpets wont sound when/if I buy another Apple product, but I bet they will if you realize that Apple isn't perfect and innocent.

[inachu]

Nope it is 100% gone and did never delete it on purpose.
The only major thing I ever did was did the 2.0 update bought a few nice apps I like then the patch then now I have missing software.

[Vegaman_Dan]

Applying an OS patch typically wipes the unit of all data. If you do a restore in iTunes, you should ideally be able to get it all back.

If you are installing apps by buying them through the Apps Store on the iPhone itself, it's critical to make sure you allow iTunes to transfer the content to the host system you sync with or else you can and will lose them. If you sync with more than one machine then you complicate matters.

This isn't really a fault of the iPhone so much as it is with iTunes and that's been going on for years now with paid content.

What was the name of the application you were using that you lost?

[troyallen]

lol. All the haters in one package

[bobmarleypeople]

**cough netshare cough**

What's the betting that apple will use this on those who still have the app on their phonei. I'm not sure if it's back up over there in americaland, but here in the uk, the app's gone (mainly cos tethering is against O2's TOS). When I get an iPhone, I'm gonna jailbreak it and hopefully someone will make their own version of NetShare. **crosses fingers**

[DivingDancer]

If somebody found this in a Microsoft device, people would be screaming for congressional hearings, and the EU would be salivating. And Apple gets a pass.

Add that to poor quality control, and high priority security patches that come out last in the industry and don't actually patch the vulnerability when they are released...

No thanks. Their paranoid BS, and super secret culture, is more than I want to deal with.