Much ado about the iPhone's 'kill switch'

The discovery of a "kill switch" inside the iPhone 2.0 software prompted much consternation and little fact-finding.

(Credit: Apple)

Apple's iPhone "kill switch" has prompted much hand-wringing, despite the fact that no one knows exactly what it does.

Jonathan Zdziarski, an independent iPhone developer and author, recently discovered a URL while poking around inside the iPhone 2.0 software that downloads a list of "malicious" applications every so often to the iPhone, as noted by Ben Wilson at our sister site iPhone Atlas. Several outlets quickly seized on this detail as proof that Apple is poised to remotely disable any application running on the iPhone that it finds unpalatable.

Before we get into the ways in which Apple might use the blacklist, let's remember that we don't know a damn thing about how this actually works. "All we know is that the iPhone downloads a list of malicious URLs," Zdziarski said in an e-mail exchange Thursday morning. "For all we know, it could trigger world war 3, or it could cause some computer somewhere to spit out recipes for buttermilk pancakes."

There are several explanations for what Apple might be up to. One possibility is that Apple could use this function as a sort of recall notice for applications that were discovered to be malicious or potentially harmful after making it through the initial screening process.

Apple is requiring developers to sign their iPhone applications so that the authors can be tracked, and is vetting every single iPhone application before it is distributed through the App Store. But if Apple later realizes it has to revoke a developer's signature because that developer created a malicious app that slipped through the cracks, that would only prevent new installations of that application. It wouldn't do anything to help the users who have already downloaded that application, but a recall notice (and a refund) would indeed be helpful if the initial round of quality control fails.

Another possibility is that Apple could use this service like an antivirus application, which periodically downloads a list of known Trojans, malware, or other malicious applications and alerts the user. This is perhaps a little more far-fetched at this point, since Apple controls the iPhone development process so tightly, but perhaps one day they plan to open up the process more broadly to where iPhone applications can be distributed through something other than the App Store.

Larry Dignan at ZDnet points out that Apple could have included this function as a nod to enterprise customers who might want tight control over what applications are installed on their handsets. Many corporate IT shops don't even allow people to install unapproved applications on their PCs, and you can bet those folks would want to control what gets installed on one of their iPhones.

All iPhone applications are supposed to pass through the App Store, but what it something malicious slips through the cracks?

(Credit: CNET)

And, of course, there is the possibility that Apple could use this blacklist to disable any applications that it decides are violations of its (or its carrier partners') terms of service, or ones that compete with current or future Apple applications. This theory is not entirely the work of paranoid conspiracy theorists, as Apple's tight-fisted control over the iPhone development process chafes many developers who might be tempted to strike out on their own with applications that go after Apple's core businesses, such as iTunes.

Zdziarski noted that any "truly malicious software is going to find a way to burrow deeper into the iPhone's operating system so that a simple mechanism like this wouldn't affect it... so really the only type of applications this could effectively kill off are applications that are annoying to Apple, but not malicious. That certainly calls for a lot more concern."

But the thing is, we just don't know. Until Apple explains why it has included this function, or an application appears on the blacklist and is wiped from someone's phone, it's all just the usual leaping to conclusions on a sleepy Thursday in August.

[wmyinzer]

Wow. You say you just don't know, but what if Windows Mobile had some kind of software buried in it like this? You'd say Microsoft is trying to be a dictator over their phones. Apple is trying to have 101% control over the iPhone, and it's pitiful. This means Apple can remotely shutdown or delete any application from your phone without even prompting you. I dont even wanna hear it from the Apple fanboys out there, how can you justify this IF THE APPLICATION CAN'T EVEN TAKE CARE OF TRULY MALICIOUS SOFTWARE?!

[kmatzen]

This kind of sucks, but at the same time they were probably just trying to cover themselves to avoid legal liability do to any of the apps that get installed.

For example, with DVR's I think Ecostar was ordered awhile ago to wipe the contents of all of it's DVR units that fell in a certain product group. I remember receiving something in the form of an upgrade and later realizing all my shows were deleted. I'm guessing some networks (Viacom?) got pissed and claimed copyright infringement and Ecostar was ordered to do this.

[R. U. Sirius]

Yawn. Here we have an example of yet another Microsoft fanboi who has to scream in all caps. My guess is that Mr. Fanboi has neglected to use the product called Vista, and hence we have a case of the pot calling the kettle black.

I will make room for the Apple fanboi's to use their caplocks, but just wanted to say all this red team vs. blue team commentary by the respective fanboi communities is getting boring.

[6stringluke]

Seems to me that people are quick to jump on Apple's back at every opportunity. Some of it is merited, with their mobile me debacle but this seems to be hype about nothing. As an Apple Iphone owner, if I felt that Apple were trying to control my use of the product I paid for, I would relinquish said product. However, it seems like people are jumping on every possible perceived imperfection to justify their choice in not using Apple products, e.g the iphone.

[buddesatva]

The opening sentence of this essay makes no sense. "The discovery of a "kill-switch" inside the iPhone 2.0 software prompted much consternation and little fact-finding." There is an obvious and clumsy attempt to sound intelligent. The phrase 'and little fact-finding' is incongruous. The writer seems to mean 'and few facts have come to light'. This may be more cliché but it has the benefit of actually meaning something whereas the sentence as it stands is nonsensical. Perhaps the author means that he doesn't know why kill-switch functions are built into the iPhone and the Blackberry and laptops and a host of other devices. I find this slightly disingenuous but maybe he lacks education in subjects other than grammar.

[MaggieRed]

Food for thought, ever think that this is there to protect the investment of time and money of the developers who make these apps? How about a requirement to protect content or deal with security issues?

I believe the developer who discovered the line of code stated it wasn't being used.

So let me get this straight, you all are complaining about Apple for discovery of a line of code that possibly protects the developers investments and ability to earn money from legally selling their products, who as a software company otherwise doesn't force registration of software products or forces you to marry your application to your hardware like Microsoft or Adobe does? You complaining about a company who for the most part uses the honor system when it comes to stuff like this and your complaining about something that is not truly implemented?

Must be a slow news day for writers and respondents.

[Lerianis]

With all due respect to the writer of this article, the furor isn't really over the 'kill-switch' being there, it is that it is there and Apple wasn't forthcoming and say "We have a special switch in iPhone's that can be used to remotely kill malicious applications and get rid of them!"

[inachu]

I confirmed again when a cnet user asked me if I was just mistaken but Apple destroyed my VPN connector that lets me remote control my pc at home while I am away from home.
Apple has yet to refund me. I am very livid!

[wheresjustice]

I thought I read a while back that the new iphone could be disabled by its user from a distance if necessary. in otherwords, say you have important information on your iphone, and you discover a pickpocket has relieved you of your iphone. You could then enter password or code from any computer that would go to your iphone, no matter where it was, and kill it. All important information erased....your identity protected....and your iphone worthless to the thief.

[bwvla]

To: Apple
Re: The iPhone

You had me at Hello, but lost me at 2.0

The new software is buggy and slow.

Should we wait for a less proprietary 3.0?

Or will something more open command tomorrow.

[oldmanwoerle]

These seems very reminiscent to the debacle with sony a year or two ago where they were distributing there cds with a program that they would install on your computer when you listened to the cd. Essentially what this program did is it opened up a back door onto your computer that allowed sony to look at your computer and see if you had copied any songs to your harddrive. To make this program even worse, if you found it and deleted it, your cd drive would be disabled. In the end I think Sony was sued in three countries over it and they were forced to stop sending out cd's with the program. This program held many implications besides the question of our privacy as consumers but also opened up a backdoor for hackers to enter your computer and the possibility of an innocent person losing the cd drive. This program on the IPhone stinks of that. I for one would be extremely pissed if I had bought a program that Apple decided it no longer liked and had it deleted off my phone. If it is as much of a nicety as potential virus protection, then it should be out in the open as such. I should have the choice as to whether or not I would want to allow that type of virus protection on my phone (Or computer for that matter). As I read all these stories over the App store / blacklisting / and the iphone I'm starting to feel like big brother is coming through the apple machine. I think Apple might be finding themselves in some of the same issues as M$ had with bundling IE with windows in the 90's, and with what Sony went through with their malicious software, if they are not careful

[totorototoro]

Finally a reasoned article about this issue. From Dignan's (and others) rather inflammatory articles, you'd think Apple had already started nuking applications left and right remotely.

Its amazing how bloggers can completely ignore the actual facts of the case (i.e. they don't have them) and leap ahead to the worst case scenarios.

[AppleSuxLeo]

Don`t get suckered in by Mr Whipple...buy a non-Apple device.

[sestone]

Not a fanboy of M$ or Apple, but find it amazing how Apple fanboys always have some 'valid' reason why Jobs does what he does yet if it were Gates its because he's greedy and wants to control the world.

buddesatva completely disregards the intent of the story so that he can pick on the literally shortcomings of an individual - an Apply fanboy trait that I've noticed throughout many blogs.

MaggieRed - how does having this protect the developer investments??? If the iPhone owner already purchased the developers application then the developer received what he wanted - money for his product. And if a developer chooses to give his app away, then he received what he wanted as well - notoriety and credit.

The way I see it, if a person purchases a phone...any phone, they should be able to add to it whatever they want. If an app screws up the phone then its on them and not the manufacturer to fix it.

wheresjustice - if this is something that Apple hasn't announced or advertised then it seems to me that the 'user' doesn't have access to this and, therefore, can't disable his device if its lost or stolen. This 'kill-switch' is for Apple and nobody else.

[ralfthedog]

Any service provider can disable any software running on a phone connected to their network by a software update. This just makes it a bit easier.

Any tool can be used for good or bad. Lets see what Apple does with this. Then we can all hysterically run around in circles screaming our heads of like a bunch of Microturfing fanboys.

[winstein]

Overblown! Apple probably hasn't decide what to do with it yet, just have a "hook" in there for future use and development.

[sobes79]

Makes perfect sense to me. Apple has a high 'quality of service' mandate to uphold, so if there are any apps out there that aren't up to par, Apple needs to reserve the ability to block them, or at least warn users before they're run.

Sure, there's a danger that Apple will start blocking apps that compete with their own, or apps that do things Apple doesn't like. In those cases the third-party app vendors/distributors have legal tools to their disposal such as anti-trust laws and the EFF.

Just think of it this way -- if your iPhone crashes because of some little-known app you just installed on it, who do you blame? Apple. No one ever blames the little guy.

If you're an app developer that's pissed off by this, that just means you don't want to play by Apple's rules. If that's the case, go find another platform to code your app on (or even better, build your own one).

sobes.

[hdtravel]

I think this is a really good thing to protect consumers from harmful or illegal apps that may have made it through the approval process.

As long as they refund the money you already paid for the app to the consumer.

Nice job Apple !!

[kmackdog]

is that the only line a Windows person can state. "If MS did that you'd be ?" Move on!! It's Apple's OS and Hardware, you want different control, move to a different platform.

[Riquez-001]

You people jump to conclusions too quickly.
Cnet, why not do a story called "Is Steve Jobs a witch?" & then everyone can jump in with calls of BURN HIM!