or Connect
AppleInsider › Forums › Mobile › iPhone › Researcher discovers targeted iPhone app "kill switch"
New Posts  All Forums:Forum Nav:

Researcher discovers targeted iPhone app "kill switch"

post #1 of 34
Thread Starter 
A mobile development author has discovered a mechanism in Apple's iPhone software that would allow the company to blacklist and remotely deactivate installed apps that have been purchased and installed by users.

The kill switch would offer Apple a more targeted weapon to snuff out offending apps than its existing capacity to revoke a developer's signing certificate, an action that could ultimately be used to shut down every application being distributed by a developer. The more accurate aim of the new system may leave the company less hesitant to use it in rooting out apps it finds undesirable.Â*

Jonathan Zdziarksi's iPhone Open Application Development indicates that the CoreLocation framework in the iPhone 2.0 (as well as the updated iPod touch firmware) points to a secure website that appears to contain at least placeholder code for a list of "unauthorized" apps.Â*

While it's unclear as to whether or not the operating system consults this site often or at all, its existence hints to Zdziarski the possibility of a kill switch that would give Apple final say over an app's ability to run, effectively putting all of the handheld devices under watch as long as they have an Internet connection.

"This suggests that the iPhone calls home once in a while to find out what applications it should turn off," he says. "At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down."Â*

The finding expands upon Apple's previously recognized capability to revoke developer's certificates in order to prevent execution of their apps, a power also held by other platforms that have the capacity for mandatory certificate signing, including the Symbian OS 9.1 or greater in use by Nokia as well as RIM's BlackBerry OS.Â*

As part of the security architecture for its mobile WiFi platform, as outlined by Apple chief Steve Jobs in October of last year, the iPhone SDK requires that each app that is made available through the App Store be signed by a security certificate, issued by Apple and unique to the developer.Â*The iPhone refuses to run unsigned apps unless its security system has been defeated by jailbreaking.

The most obvious purpose of requiring that all iPhone apps be signed is that it allows Apple to selectively approve developers and the apps that are distributed through the Apps Store. However, as the iPhone's certificate signing authority, Apple has always had the option of retroactively revoking certificates at any stage and rendering programs unusable. In order for this to happen, the iPhone would only need to consult Apple's servers to gain an updated list of revoked certificates. Once a developer's certificate was revoked, none of their signed apps would run, just as is the case with unsigned apps.

That type of control over third party apps has stirred controversy on other platforms before, as it demands full and complete trust in the company managing the certificate authority to behave fairly and in the interests of users. Apple, RIM, and others could theoretically abuse their control to revoke rights for competitors' apps, or to punish developers for arbitrary reasons.Â*Microsoft's Palladium project, which hoped to convert the PC into a similarly secured platform, failed because the industry as a whole did not trust Microsoft to exercise the vast power it would gain over the entire PC hardware market.

Apple has described its certificate signing program as a means of securing iPhones and iPods against viruses, spyware, malware, and material determined to be indecent. However, since the Apps Store opened nearly a month ago, the company has also pulled a few apps from the store, such as Nullrivers' NetShare, either without stating any reason or because those apps were found in violation of Apple's policies. In the case of NetShare, it appears Apple removed the app from the store in order to appease AT&T, which does not support Internet sharing tethering on the iPhone data plan.

While Apple has pulled apps from the store, it has not yet revoked any known developer's certificate, a move that would kill all their apps and could potentially prevent them from running on mobile devices after their purchase and installation. Certificate revocation would likely only be used by Apple in an emergency case, where signed apps in the wild were found to be malicious after the fact.

However, Zdziarski's findings suggest that Apple could use a more targeted blacklist site as a kill switch to disable specific apps. This mechanism could similarly be used to stop malicious malware, disabling viral apps before they have an opportunity to spread out of control.Â*It could also be used by Apple to give IT managers the ability to remotely disable apps from their employees' phones. Apple has already outlined plans for delivering custom corporate app deployment through a local version of the iTunes App Store. Being able to both remotely install and remove apps from mobile devices would be a highly desirable feature for IT managers in high security environments.

Apple has so far not exercised any of its revocation powers. Despite having removed apps from sale in the store, the company has yet to disable any apps that have been installed by users. A test item on the unauthorized apps listÂ*Zdziarski discovered is described as "malicious," suggesting that the Cupertino-based company behind the list is at least currently interested more in stamping out threats to its customers than it is policing the software on users' phones.
post #2 of 34
The application I Am Rich was pulled today also.
post #3 of 34
Quote:
Originally Posted by low747pfe View Post

The application I Am Rich was pulled today also.

... thank God.

Trash like that was just going to drag the App Store down to an all-time low.

And this news isn't anything to worry about, as best I can imagine. Apple hasn't abused it, if this is indeed what it does (we don't know), and if it is what it does, it would be nice to know they have the ability to immediately solve a serious problem caused by an app from the App Store, rather than having to wait to address it with an update.
The true measure of a man is how he treats someone that can do him absolutely no good.
  Samuel Johnson
Reply
The true measure of a man is how he treats someone that can do him absolutely no good.
  Samuel Johnson
Reply
post #4 of 34
Where did my and 'foo_bar's posts go? (and the front page news story)

---

Quote:
The finding ultimately confirms the existence of the complete app signing system promised by Apple chief Steve Jobs in October of last year and implemented with early versions of the iPhone SDK for outside developers.

I don't really see any indication this has anything to do with code signing? There's no signatures on that web page. I'm not sure why this is considered to confirm "the existence" of the app signing system - we've seen it in the iPhone SDK since the beginning...

It looks like they're using standard hierarchical naming pattern (i.e. com.mal.icious) which I'd guess is unique to each app.

As foo_bar said, what you're saying makes no sense and is plain incorrect! This has nothing at all to do with code signing.
post #5 of 34
The first thing that popped in my head, was that tethering app, that is on/off again on the App Store.

Now, say Apple kills a paid for app, will they also refund the purchase price to the consumer? I would think it would be unfair for Apple to let apps slip through their security system, yet still keep people's money, should a problem arise.
post #6 of 34
Wow, comments are disappearing left and right here.
post #7 of 34
Apparently, a large number of these comments have been blacklisted.
post #8 of 34
...provided it's used with discretion -- I'd rather put some limited trust in Apple, than trust that every developer on the App Store has my best interests at heart, or won't make some security mistake. OTOH, one might argue that someone might exploit the kill switch so I suppose it's a double-edged sword.

On the subject of Netshare -- yeah, I'd rather it be on the App Store, but really, what did we expect -- we all know how carriers have behaved in the past. Hopefully the app shows up through Installer.app or something at some point. I do feel for the developer and the loss of potential revenue though.
post #9 of 34
Quote:
Originally Posted by low747pfe View Post

The application I Am Rich was pulled today also.

I hadn't heard of it, Gizmodo does have a story on it. That's just a twisted stupid program.

I don't know if anyone has mentioned the 22 tip calculators in the app store. I most of them are a waste of an icon, though there is one that's a basically mini-reference that covers international tipping customs, not that I expect to need that any time soon.
post #10 of 34
My first thought is is it legal? Do they have the right to tell me I can't have an app on my phone? If I legally bought it and installed it on my phone, what right do they have? I am not leasing the phone from them.

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply
post #11 of 34
Null.
Þ & þ are called "Thorn" & þey represent þe sound you've associated "th" wiþ since þe 13þ or 14þ century. I'm bringing it back.
<(=_=)> (>=_=)> <(=_=<) ^(=_=^) (^=_=)^ ^(=_=)^ +(=_=)+
Reply
Þ & þ are called "Thorn" & þey represent þe sound you've associated "th" wiþ since þe 13þ or 14þ century. I'm bringing it back.
<(=_=)> (>=_=)> <(=_=<) ^(=_=^) (^=_=)^ ^(=_=)^ +(=_=)+
Reply
post #12 of 34
Quote:
Originally Posted by techno View Post

My first thought is is it legal? Do they have the right to tell me I can't have an app on my phone? If I legally bought it and installed it on my phone, what right do they have? I am not leasing the phone from them.

Did you check the terms of service that you previously agreed to? Did you perhaps agree that Apple can change the terms of service without notice?
post #13 of 34
Quote:
Originally Posted by Foo2 View Post

Did you check the terms of service that you previously agreed to? Did you perhaps agree that Apple can change the terms of service without notice?

Why would anyone read the terms of service when it's just so much better to bitch about rights and Apple's abuse of such than to acknowledge what you already agreed to.
"you will know the truth, and the truth will
set you free."
Reply
"you will know the truth, and the truth will
set you free."
Reply
post #14 of 34
Quote:
Originally Posted by mark2005 View Post

Why would anyone read the terms of service when it's just so much better to bitch about rights and Apple's abuse of such than to acknowledge what you already agreed to.

I think what everyone is seeing is Apple showing it's true colors here.

It's obviously not about putting out a superior product anymore.

2.0 - Buggy and unstable as is 2.01

Mobile Me - Advertised as True Push and can't deliver

20x More countries this month - Cha Ching for Steve

3g Coverage in the USA - AT&T poor coverage, they went to Verizon first & they cover most of the USA.

App Store - Give me a break, if an app like "I am Rich" can make the list for $999.99 and is 1 screen. Hello... Wake up Apple, you look Stupid for even allowing this to pass your rigourous QC check to make the store with the other 237 tip calculators.

GPS - Why put it on the phone if you are going to make someone pay for Turn by Turn directions.

Voice Dialing - On the cheapest phones and a safety hazard without it.

I could go on but I'm upset I paid for a plastic piece of crap that is going to crack with lousy coverage and voice quality.

I'm amazed this phone is even considered in the category of "Smart Phones". Because out of the Box it's really DUMB!

One last note. Give us fricking Video and not QuickTime and YouTube. Flash, Windows Media, Real Networks.

It's a joke I have a full browser and can't view 50% of the web pages because they aren't built like Apple wants.

Get rid of the Square and give the phone some video viewing capability and I'm not talking Video Conferencing, I'm talking viewing web pages. I'm tired of looking at that dumb square that says "I can't play your video becuase I'm not smart enough".
post #15 of 34
Aha! The true "iPhone Killer" has been discovered!

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #16 of 34
Quote:
Originally Posted by Slewis View Post

If you bought and paid for malware that Apple didn't realize was Malware until later, would you still want it or would you want this kill switch?

That's an either-or fallacy. The phone could just as easily inform you that Apple thinks one of your apps is malware or compromised, suspend the app, but allow you to remove the suspension yourself. That's what they would do if their primary concern was the customer's wellbeing.
post #17 of 34
I tried changing changing one of my apps in XCode to have the com.mal.icious identifier and Malicious app name but the iPhone simulator didn't do anything. I don't have a real iPhone to try it on.
post #18 of 34
RE: "Apple, RIM, and others could theoretically abuse their control to revoke rights for competitors' apps, or to punish developers for arbitrary reasons."

==========
We are all together on ONE network when we use a mobile phone. No longer can we just disconnect from the internet at home or at work to isolate our computer or, in this case, our mobile phone.

Should we trust Apple to do the right thing or should we trust EVERY user, worldwide, on the mobile network?

How do we prevent all the potential terrorists, pranksters, and unknowing, unskilled users from screwing things up?

Obviously, we can focus on Apple, and, since Apple is working for itself and the greater good, I would prefer Apple to have this control.
post #19 of 34
and how can we trust everyone else in the country to do the right thing?
we should get rid of elections and congress and get us a dictator he will work in the best interest of the common good.

That was just a really poor argument, and a dangerous one...
we can't trust everyone so take freedoms away from everyone so I can feel a little more secure(weather or not you actually are more secure is debatable)
post #20 of 34
LOL, the things Apple fans allow Apple to get away with. I just bought my GF a iPhone for her birthday, and I have no plans on getting her to return it, but this is still a bullshit practice, if it's true.
post #21 of 34
Wow, this thread is a real crap-fest isn't it?

- We have nasty nit-pickers posting under assumed names about writing mistakes and then posting three more times about how their posts have been removed (hint, this is almost entirely irrelevant to the thrust of the article.)

- We have the usual collection of selfish fools, whose first thoughts concern whether Apple is going to pay them for this (perceived) slight. (again, extreme irrelevance)

- We have paranoid conspiracy nuts who believe that evidence of a list of possible bad apps on a managed portable device is so "unusual" that it must be evidence of a giant conspiracy. (this kind of thinking denies the facts completely and isn't worth considering in terms of relevance)

In short, a complete mis-representation of what's actually going on (and not much is actually going on here at all), and uniformly negative, with the exception of those willing to just trust Apple because they are "good."

Or something.

.
In Windows, a window can be a document, it can be an application, or it can be a window that contains other documents or applications. Theres just no consistency. Its just a big grab bag of monkey...
Reply
In Windows, a window can be a document, it can be an application, or it can be a window that contains other documents or applications. Theres just no consistency. Its just a big grab bag of monkey...
Reply
post #22 of 34
Quote:
Originally Posted by Virgil-TB2 View Post

- We have nasty nit-pickers posting under assumed names about writing mistakes and then posting three more times about how their posts have been removed (hint, this is almost entirely irrelevant to the thrust of the article.)

If AI is going to present themselves to be journalists and they don't live up to basic language standards, I don't see the problem exposing that.

Aren't you posting under an assumed name too? Your handle looks like something I might have read in a sci-fi novel, not something related to a real name.

Quote:
Originally Posted by Virgil-TB2 View Post

- We have the usual collection of selfish fools, whose first thoughts concern whether Apple is going to pay them for this (perceived) slight. (again, extreme irrelevance)

I don't think you understand their angle at all. I do think it's quite relevant and not necessarily selfish, regardless of your declaration. I don't have any problem with Apple disabling apps that turn out to be malicious. But if that it is paid software that they disable, then Apple should refund the money paid for those apps. They are, after all, apps that Apple supposedly prescreened and sold to the user as safe. It would be selfish of Apple if Apple kept that money after nuking the app.
post #23 of 34
Is this another Daniel Eran Dilger alias? Why is he posting this article on RoughlyDrafted as if he wrote it, like he does the Prince McLean pieces.
post #24 of 34
Quote:
Originally Posted by techno View Post

My first thought is is it legal? Do they have the right to tell me I can't have an app on my phone? If I legally bought it and installed it on my phone, what right do they have? I am not leasing the phone from them.

This is the uncomfortable question. I suspect that licensing agreements, the ones that we tend not to read, cover this. As for the paid apps that might get pulled, caveat emptor would likely be the argument.

This is where difficult choices must be made, I suppose: as much as I love Apple, I'd have to vote with my dollars if I don't agree with the way they're handling something, no matter how sexy the product. :-P. For those who have the iPhone, I do agree that if Apple lets someone qualify for the apps store and later reconsiders, they should offer credits or something as compensation to consumers. If you buy outside the apps store (is that possible? I don't have an iPhone yet), then I suspect they'd argue that you're on your own re: refunds.
post #25 of 34
Quote:
Originally Posted by guinness View Post

The first thing that popped in my head, was that tethering app, that is on/off again on the App Store.

Now, say Apple kills a paid for app, will they also refund the purchase price to the consumer?

If they didn't then they'd likely face a slew of lawsuits from people who find the application suddenly deleted. I personally will consider filing a small claims suit against Apple if they remotely delete/disable the NetShare app that I legally purchased and they charged me for.
post #26 of 34
Quote:
Originally Posted by BlackSummerNight View Post

LOL, the things Apple fans allow Apple to get away with. I just bought my GF a iPhone for her birthday, and I have no plans on getting her to return it, but this is still a bullshit practice, if it's true.

In all fairness, they haven't remotely nuked any app store apps yet. They do have access to that tool, but I can imagine that other phone platforms have a similar feature too, and the same goes for game platforms that offer online app stores. So far, I haven't heard of it being abused yet.
post #27 of 34
I'm sorry but didn't Steve Jobs (or one of the others) allude to this during the iPhone 2.0 presentation? He mentioned something about being able to "deactivate" malicious applications remotely.
Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.
Reply
Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.
Reply
post #28 of 34
Quote:
Originally Posted by BlackSummerNight View Post

LOL, the things Apple fans allow Apple to get away with. I just bought my GF a iPhone for her birthday, and I have no plans on getting her to return it, but this is still a bullshit practice, if it's true.

They haven't gotten away with anything. This is just a mechanism put in place to protect users from malicious applications that get through the screening process. Please tell me what is wrong with that? Wouldn't you rather have Apple disable the application immediately to keep it from continuing on with whatever it is doing, or would you rather wait for an email telling you that this particular app has been snooping your LAN and passing the information on.

This is not any different then keeping a list of phishing sites, malware, or trojans, etc. There's always a possibility of any security feature being abused. Until it is though, there shouldn't be anything to be concerned about.
Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.
Reply
Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.
Reply
post #29 of 34
Quote:
nasty nit-pickers posting under assumed names about writing mistakes and then posting three more times about how their posts have been removed

If a publication with journalistic pretensions posts material that's both poorly written and factually inaccurate, betraying its author's lack of technical knowledge in the domain the publication ostensibly reports, it should expect to be called on it. In this case, the comments discussing the errors were removed without notice or explanation, and the article was silently updated, removing the erroneous references to code signing.

Using your readers as unpaid editors is a sign that your own editorial staff/process are sorely lacking. Doing so while silently deleting the evidence: not classy. It's AI's sandbox, so they can do what they want, but if they want to be treated like the professionals they play at being, there need to be a clearly stated editorial policy and forum policy about stuff like this.
post #30 of 34
Personally, I think that this is Apple's version of Border Control for access to the iPhone Universe.

As I believe that governance is part of the equation, I say hurrah!

In fact, I just posted on this aspect of the topic:

iPhone Universe: Network Borders, Kill Switches and The Core Location
http://thenetworkgarden.blogs.com/we...-universe.html

Check it out if interested.

Cheers,

Mark
post #31 of 34
Not a lawyer, but is this not textbook theft:

I buy something from party A, the ISV, and party B, Apple kills it, apperantly giving no refund or even explanation...that is criminal theft.

This would be no different than buying something from the store, and someone from the trucking company that delivered it to the store walks into your home and takes it.

This sounds too shady for any huge company to risk
You can't quantify how much I don't care -- Bob Kevoian of the Bob and Tom Show.
Reply
You can't quantify how much I don't care -- Bob Kevoian of the Bob and Tom Show.
Reply
post #32 of 34
Jon Gruber weighs in. As he points out:

-- Jobs was up front that Apple would be able to kill misbehaving apps remotely; Apple has no reason to try to hide this.
--The mystery file is in the Core Location framework
--Gruber says a source at Apple confirms that "CLBL", which is in the call home URL, stands for "Core Location Black List."

He concludes, reasonably I think, that this is for forbidding apps to access core location services, and not killing apps remotely.

Of course, everyone can remain outraged, if they wish, because Apple flat out told us that one of the up-sides of signed apps, from their perspective, is that they can kill apps remotely.

But that wasn't all super seekret eval and shit.
They spoke of the sayings and doings of their commander, the grand duke, and told stories of his kindness and irascibility.
Reply
They spoke of the sayings and doings of their commander, the grand duke, and told stories of his kindness and irascibility.
Reply
post #33 of 34
Quote:
Originally Posted by mjtomlin View Post

They haven't gotten away with anything. This is just a mechanism put in place to protect users from malicious applications that get through the screening process. Please tell me what is wrong with that? Wouldn't you rather have Apple disable the application immediately to keep it from continuing on with whatever it is doing, or would you rather wait for an email telling you that this particular app has been snooping your LAN and passing the information on.

That's the same either-or fallacy Slewis committed earlier on this thread. Read my reply to that.
Quote:
This is not any different then keeping a list of phishing sites, malware, or trojans, etc. There's always a possibility of any security feature being abused. Until it is though, there shouldn't be anything to be concerned about.

Err, no. It's a cause for immediate concern when a security measure is deliberately built in such a fashion that it can be abused, when it could just as easily be built without that possibility.
post #34 of 34
If this was any other OS or any other handset manufacturer, people in this forum would be "outraged" and talk about how Apple would never do something like this. Apple doesn't have this in OS X (I hope) I have no clue why there should be something like this on my phone. If you purchase a malicious program, that is your own fault - just like it is on your computer.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Researcher discovers targeted iPhone app "kill switch"