Monthly Archives: August, 2008

Conditioned to expect the worst, aren’t we?

Today’s iPhone panic comes from iPhone Forensics author Jonathan Zdziarski. While picking apart the iPhone 2.0 firmware, he discovered the following URL: https://iphone-services.apple.com/clbl/unauthorizedApps. The purpose of this link is pretty apparent on sight. Unfortunately, it’s also wide open for conjecture.

Here’s Zdziarski’s take, with a little added emphasis:

This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down.

I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.

Zdziarski starts out reasonably enough, but it doesn’t take long for him to start extrapolating what Apple will do with the blacklist. Which led some reasonably smart people to assume that this was an Apple-controlled kill switch.

Let’s take a look at the facts in evidence:

  1. The Apple iPhone OS has an embedded URL that points to a list of unauthorized applications.
  2. There is no fact 2.

So far, we have no idea what the iPhone firmware will do when it finds an installed application on the blacklist. Maybe the Chicken Littles are right, and Apple will unilaterally delete the app, with or without warning. Maybe the app will only be disabled. Maybe the user will be asked if they’d like the app to be disabled.

The assumption that the iPhone “calls home” is questionable, too. App Store has an Updates tab that “calls home” to check for new versions of installed apps, so it’s possible that the blacklist is fetched at that time as well.

A little disclosure on Apple’s part would go a long way here. Then again, with all of the chaos surrounding the simultaneous iPhone 3G/iPhone OS 2.0/App Store/Mobile Me launch, Apple has plenty of correspondence to catch up on. (Ask the developers of NetShare and Box Office.)

Advertisements

Where the Pirates stand in Pittsburgh’s grand scheme