[IP] Re: iPhone can phone home and kill apps? - says yes

[David Farber <dave@farber.net>]

________________________________________
From: ed.well.com@googlemail.com [ed.well.com@googlemail.com] On Behalf Of Edward S. Rustin [ed@well.com]
Sent: Friday, August 08, 2008 3:25 AM
To: David Farber
Subject: Re: [IP] Re: iPhone can phone home and kill apps? - says yes

John Gruber, of Daring Fireball, has posted his thoughts about this
supposed blacklist.

http://daringfireball.net/2008/08/core_location_blacklist

His conclusion was this:

"An informed source at Apple confirmed to me that the "clbl" in the
URL stands for "Core Location Blacklist", and that it does just that.
It is not a blacklist for disabling apps completely, but rather
specifically for preventing any listed apps from accessing Core
Location — an API which, for obvious privacy reasons, is covered by
very strict rules in the iPhone SDK guidelines."


On Thu, Aug 7, 2008 at 5:45 PM, David Farber <dave@farber.net> wrote:
> Nor to the best of my knowledge in S60
> ________________________________________
> From: Lauren Weinstein [lauren@vortex.com]
> Sent: Thursday, August 07, 2008 11:34 AM
> To: David Farber
> Cc: lauren@vortex.com
> Subject: Re: [IP] Re: iPhone can phone home and kill apps? - says yes
>
>> > https://iphone-services.apple.com/clbl/unauthorizedApps
>
> And that's with the assumption that this URL (seems bizarre to make
> it so easily identifiable) is what it appears to be.  If so, it
> should be possible to block in various ways (but are there hidden
> alternative paths?), though if the phone can't reach that URL for too
> long an interval maybe it "bricks" itself eventually.
>
> And what happens to an "unauthorized app"?  Does this vary based on
> severity as determined by the phone's remote regal masters at
> Apple?  Put up a warning message?  Block program execution?  Delete
> the program?  Melt the phone?  Or maybe just a voice announcement
> ("You have attempted to execute a program not authorized by Apple,
> Inc.  Please stay where you are until authorities arrive at your GPS
> determined location.")
>
> As far as I know anyway, nothing like this has ever appeared in the
> Microsoft mobile platforms (e.g. WM5 at least).
>
> --Lauren--
> Lauren Weinstein
> lauren@vortex.com or lauren@pfir.org
> Tel: +1 (818) 225-2800
> http://www.pfir.org/lauren
> Co-Founder, PFIR
>   - People For Internet Responsibility - http://www.pfir.org
> Co-Founder, NNSquad
>   - Network Neutrality Squad - http://www.nnsquad.org
> Founder, PRIVACY Forum - http://www.vortex.com
> Member, ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
>
>  - - -
>
>> Ot is interesting -- when Microsoft was suspected of being able to do the same type of thing, that is disable apps that it considered improper or damaging, t
>> here was a yell that was heard around the world. Apple , with it shiny armor, gets mild noice. Hmm. djf
>> ________________________________________
>> From: ed.well.com@googlemail.com [ed.well.com@googlemail.com] On Behalf Of Edward S. Rustin [ed@well.com]
>> Sent: Thursday, August 07, 2008 2:43 AM
>> To: David Farber
>> Subject: Re: [IP] iPhone can phone home and kill apps? - says yes
>>
>> To take the other side of the argument - just because Apple =can=
>> blacklist applications doesn't mean it =will= blacklist applications.
>>
>> Surely it should not be a surprise that it's possible for applications
>> to be blacklisted, but I would be very surprised if the mechanism
>> exists (and that's assuming that it really does exist, rather than
>> this just being an unused setting tucked away in the code - has
>> anybody actually seen an iPhone/iPod Touch access this URL?) for any
>> purpose other than to kill a malicious application which somehow made
>> it through the Apple review process.
>>
>> We've already seen that applications can be pulled from the App Store
>> without affecting any of the existing installations - NetShare and
>> Aurora Feint for example, so it doesn't look like Apple is interested
>> in blacklisting an application just because it retroactively failed
>> their review process.
>>
>> Now take the example of an iPhone worm, or an application which had a
>> flaw that caused it to interfere with cell phone traffic, or a Trojan
>> Horse, say a game which also just happened to send your personal data
>> back to a server somewhere. In those cases would you not expect Apple
>> to be able to remotely kill the Application, or should they just leave
>> it be and hope that every iPhone user can just be persuaded to
>> uninstall it?
>>
>> On Thu, Aug 7, 2008 at 1:24 AM, David Farber <dave@farber.net> wrote:
>> >
>> > http://www.iphoneatlas.com/
>> >
>> > ççiPhone can phone home and kill apps?
>> >
>> > Posted 6 August 2008 @ 11am in News
>> >
>> > Apple has apparently included a blacklisting mechanism in iPhone OS 2.x via
>> > which the device can phone home, check for unauthorized applications, and
>> > disable them. The OS includes a URL that points to a page containing a list
>> > of unauthorized applications, specifically:
>> >
>> > https://iphone-services.apple.com/clbl/unauthorizedApps
>> >
>> > Per Jonathan Zdziarski, author of the book iPhone Open Application
>> > Development and an iPhone Forensics manual:
>> >
>> > "This suggests that the iPhone calls home once in a while to find out what
>> > applications it should turn off. At the moment, no apps have been
>> > blacklisted, but by all appearances, this has been added to disable
>> > applications that the user has already downloaded and paid for, if Apple so
>> > chooses to shut them down.
>> >
>> > "I discovered this doing a forensic examination of an iPhone 3G. It appears
>> > to be tucked away in a configuration file deep inside CoreLocation."
>> >
>> > Posted 6 August 2008 @ 11am in News
>> >
>> > Apple has apparently included a blacklisting mechanism in iPhone OS 2.x via
>> > which the device can phone home, check for unauthorized applications, and
>> > disable them. The OS includes a URL that points to a page containing a list
>> > of unauthorized applications, specifically:
>> >
>> > https://iphone-services.apple.com/clbl/unauthorizedApps
>> >
>> > Per Jonathan Zdziarski, author of the book iPhone Open Application
>> > Development and an iPhone Forensics manual:
>> >
>> > "This suggests that the iPhone calls home once in a while to find out what
>> > applications it should turn off. At the moment, no apps have been
>> > blacklisted, but by all appearances, this has been added to disable
>> > applications that the user has already downloaded and paid for, if Apple so
>> > chooses to shut them down.
>> >
>> > "I discovered this doing a forensic examination of an iPhone 3G. It appears
>> > to be tucked away in a configuration file deep inside CoreLocation."
>> >
>> > ________________________________
>> > Archives
>>
>>
>>
>> -------------------------------------------
>>
>
>
>
> -------------------------------------------
>



-------------------------------------------