The discovery of a "kill switch" inside the iPhone 2.0 software prompted much consternation and little fact-finding.
(Credit: Apple)Apple's iPhone "kill switch" has prompted much hand-wringing, despite the fact that no one knows exactly what it does.
Jonathan Zdziarski, an independent iPhone developer and author, recently discovered a URL while poking around inside the iPhone 2.0 software that downloads a list of "malicious" applications every so often to the iPhone, as noted by Ben Wilson at our sister site iPhone Atlas. Several outlets quickly seized on this detail as proof that Apple is poised to remotely disable any application running on the iPhone that it finds unpalatable.
Before we get into the ways in which Apple might use the blacklist, let's remember that we don't know a damn thing about how this actually works. "All we know is that the iPhone downloads a list of malicious URLs," Zdziarski said in an e-mail exchange Thursday morning. "For all we know, it could trigger world war 3, or it could cause some computer somewhere to spit out recipes for buttermilk pancakes."
There are several explanations for what Apple might be up to. One possibility is that Apple could use this function as a sort of recall notice for applications that were discovered to be malicious or potentially harmful after making it through the initial screening process.
Apple is requiring developers to sign their iPhone applications so that the authors can be tracked, and is vetting every single iPhone application before it is distributed through the App Store. But if Apple later realizes it has to revoke a developer's signature because that developer created a malicious app that slipped through the cracks, that would only prevent new installations of that application. It wouldn't do anything to help the users who have already downloaded that application, but a recall notice (and a refund) would indeed be helpful if the initial round of quality control fails.
Another possibility is that Apple could use this service like an antivirus application, which periodically downloads a list of known Trojans, malware, or other malicious applications and alerts the user. This is perhaps a little more far-fetched at this point, since Apple controls the iPhone development process so tightly, but perhaps one day they plan to open up the process more broadly to where iPhone applications can be distributed through something other than the App Store.
Larry Dignan at ZDnet points out that Apple could have included this function as a nod to enterprise customers who might want tight control over what applications are installed on their handsets. Many corporate IT shops don't even allow people to install unapproved applications on their PCs, and you can bet those folks would want to control what gets installed on one of their iPhones.
All iPhone applications are supposed to pass through the App Store, but what it something malicious slips through the cracks?
(Credit: CNET)And, of course, there is the possibility that Apple could use this blacklist to disable any applications that it decides are violations of its (or its carrier partners') terms of service, or ones that compete with current or future Apple applications. This theory is not entirely the work of paranoid conspiracy theorists, as Apple's tight-fisted control over the iPhone development process chafes many developers who might be tempted to strike out on their own with applications that go after Apple's core businesses, such as iTunes.
Zdziarski noted that any "truly malicious software is going to find a way to burrow deeper into the iPhone's operating system so that a simple mechanism like this wouldn't affect it... so really the only type of applications this could effectively kill off are applications that are annoying to Apple, but not malicious. That certainly calls for a lot more concern."
But the thing is, we just don't know. Until Apple explains why it has included this function, or an application appears on the blacklist and is wiped from someone's phone, it's all just the usual leaping to conclusions on a sleepy Thursday in August.
Apple has apparently included a blacklisting mechanism in iPhone OS 2.x through which the device can phone home, check for unauthorized applications, and disable them. The OS includes a URL that points to a page containing a list of unauthorized applications, specifically those listed here.
According to Jonathan Zdziarski, author of the book iPhone Open Application Development and an iPhone forensics manual:
This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down.
I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.
Originally posted at iPhone Atlas.
Editors' note: For more information, see Tom Krazit's follow-up post, "Much ado about the iPhone's 'kill-switch'."
If you were wondering whether the iPhone software development kit would end the unofficial third-party development craze, stop wondering.
O'Reilly, one of the most well-known publishers of technology primers for professionals, has released a book on developing applications for a jailbroken iPhone. iPhone Open Application Development, written by Jonathan Zdziarski, was spotted by dozens of iPhone aficionados Tuesday. Chapter 1? "Breaking Into and Setting Up the iPhone."
That's not a Tiger or a Leopard, but it will show the way to unofficial iPhone applications.
(Credit: O'Reilly)Zdziarski was among the first hackers to take aim at the iPhone last year in light of Apple's Web-only application policy, and his book is essentially a how-to guide for using the "unofficial" iPhone SDK to create applications. Apple, of course, has started to outline its own vision of how applications should be created for the iPhone, giving developers two options for their projects.
There's a group of developers, of an uncertain size, who feel that Apple's SDK restricts their freedom to develop creative applications for the iPhone. Those folks will likely be all over this book. The book itself appears to be a summation of a lot of the iPhone jailbreaking and development techniques that are easy to find online, but condensed into one handy reference guide.
Once the official SDK is released in June, it will be interesting to watch how unofficial iPhone development progresses. Apple's restrictions have some carrots attached, such as a powerful distribution vehicle in iTunes and the App Store, which will definitely attract those trying to make a living off the iPhone.
But those who are trying to circumvent Apple's restrictions by developing unlocking software, music players, or applications unlikely to sit well with Apple, will need a handbook.
- prev
- 1
- next
