Feeds

Apple's secret iPhone app blacklist

Cloak-and-dagger app wipes imminent?

Secure remote control for conventional and virtual desktops

A researcher has discovered a URL buried in the iPhone hardware that appears to point to an application blacklist - potentially allowing Apple to retroactively remove applications it decides no longer fit the bill.

The URL, reported by iPhone Atlas, links to a file on apple.com called "unauthorizedApps" that seems to contain a test entry called "Malicious" and described as "Being really bad!" Such a database of blacklisted applications would only make sense if all iPhones were regularly connecting to it and comparing the list to their installed applications, though what action the handset would take if it found a match is unknown.

Jonathan Zdziarski, author of iPhone Forensics, found the URL in the firmware, so it's possible that the functionality hasn't been activated yet even if the file is live.

Apple is in a pretty unique position among mobile phone manufacturers - the way that the iPhone is tied to iTunes enables the company to make changes to the vast majority of handsets in a way more akin to Windows Update than anything previously seen on a mobile phone. Nokia can do much the same, but only the technically-literate tend to use the Nokia Update Tool, while (almost) every iPhone user is running iTunes and few of them will reject an upgrade.

So even if iPhones aren't calling home today, they surely will in the future. And once Apple deems an application to be malicious then the icon could simply vanish from the interface as though it had never been - more reminiscent of the original Mac ads than intended, surely. ®

Providing a secure and efficient Helpdesk

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.