Feeds

Apple's secret iPhone app blacklist

Cloak-and-dagger app wipes imminent?

Internet Security Threat Report 2014

A researcher has discovered a URL buried in the iPhone hardware that appears to point to an application blacklist - potentially allowing Apple to retroactively remove applications it decides no longer fit the bill.

The URL, reported by iPhone Atlas, links to a file on apple.com called "unauthorizedApps" that seems to contain a test entry called "Malicious" and described as "Being really bad!" Such a database of blacklisted applications would only make sense if all iPhones were regularly connecting to it and comparing the list to their installed applications, though what action the handset would take if it found a match is unknown.

Jonathan Zdziarski, author of iPhone Forensics, found the URL in the firmware, so it's possible that the functionality hasn't been activated yet even if the file is live.

Apple is in a pretty unique position among mobile phone manufacturers - the way that the iPhone is tied to iTunes enables the company to make changes to the vast majority of handsets in a way more akin to Windows Update than anything previously seen on a mobile phone. Nokia can do much the same, but only the technically-literate tend to use the Nokia Update Tool, while (almost) every iPhone user is running iTunes and few of them will reject an upgrade.

So even if iPhones aren't calling home today, they surely will in the future. And once Apple deems an application to be malicious then the icon could simply vanish from the interface as though it had never been - more reminiscent of the original Mac ads than intended, surely. ®

Intelligent flash storage arrays

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
Ofcom tackles complaint over Premier League footie TV rights
Virgin Media: UK fans pay the most for the fewest matches
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.