Feeds

Apple's secret iPhone app blacklist

Cloak-and-dagger app wipes imminent?

Designing a Defense for Mobile Applications

A researcher has discovered a URL buried in the iPhone hardware that appears to point to an application blacklist - potentially allowing Apple to retroactively remove applications it decides no longer fit the bill.

The URL, reported by iPhone Atlas, links to a file on apple.com called "unauthorizedApps" that seems to contain a test entry called "Malicious" and described as "Being really bad!" Such a database of blacklisted applications would only make sense if all iPhones were regularly connecting to it and comparing the list to their installed applications, though what action the handset would take if it found a match is unknown.

Jonathan Zdziarski, author of iPhone Forensics, found the URL in the firmware, so it's possible that the functionality hasn't been activated yet even if the file is live.

Apple is in a pretty unique position among mobile phone manufacturers - the way that the iPhone is tied to iTunes enables the company to make changes to the vast majority of handsets in a way more akin to Windows Update than anything previously seen on a mobile phone. Nokia can do much the same, but only the technically-literate tend to use the Nokia Update Tool, while (almost) every iPhone user is running iTunes and few of them will reject an upgrade.

So even if iPhones aren't calling home today, they surely will in the future. And once Apple deems an application to be malicious then the icon could simply vanish from the interface as though it had never been - more reminiscent of the original Mac ads than intended, surely. ®

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Bring back error correction, say Danish 'net boffins
We don't need no steenkin' TCP/IP retransmission and the congestion it causes
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
What FTC lawsuit? T-Mobile US touts 10GB, $100 family-of-4 plan
Folks 'could use that money for more important things' says CEO Legere
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.