No Answers From Apple On iPhone 'Kill Switch'
Apple hasn't commented on the discovery by a hacker that the iPhone can download a list of "unauthorized" applications and disable them.
A hacker who discovered a mechanism on the iPhone that downloads a list of unauthorized applications from Apple has challenged speculation that the technology is an application "kill switch."
Jonathan Zdziarski, author of the books iPhone Forensics and iPhone Open Application Development, said on his blog that there's no evidence to support the conspiracy theories that traveled throughout the blogging community as a result of his discovery.
More Personal Tech Insights
- The Best Mobile Apps are Connected
- Thriving in a Multi-Platform World: Integrating Mobile Device Management into Your Overall Security Strategy
White PapersMore >>
"We do not know just how active this mechanism is," Zdziarski said. "It might vaporize applications. It might simply prevent them from using the GPS [global positioning system]. For all we know, it could trigger world war three, or it could cause some computer somewhere to spit out recipes for buttermilk pancakes."
Apple was unavailable for comment.
Zdziarski discovered in the iPhone a cache that can hold a list of unauthorized applications and a URL to a page on Apple's servers. The URL is apparently used to download a new list from time to time.
"That's all we know -- nothing more," Zdziarski said. "And just to clarify, it only downloads a list of applications -- it doesn't 'tell Apple' what apps you are running -- get your facts straight."
Zdziarski later said in an update that he was able to feed his own list into an iPhone and effectively kill applications that tried to use the GPS.
"It looks like that's all it's set to do right now, but I may just not have found the 'vaporize' switch," the developer said.
If the mechanism is to kill malicious applications, Zdziarski questioned whether it was a good idea to stop at the GPS, since the application would still have access to the mobile network to transmit data.
"Either there is some mechanism that can be activated to kill the app entirely, or this isn't really designed to kill 'malicious' applications, as advertised, but rather applications that interfere with Apple's business model," Zdziarski said. "Either way, the idea that Apple can choose what functionality my applications should have frightens me."
In an update posted Friday, Zdziarski offered a way to disable the functionality using the Pwnage Tool, open source software that enables the iPhone to be used on wireless carriers other than AT&T, the exclusive mobile phone provider in the United States.
While Apple has yet to deactivate any iPhone applications remotely, the company has been criticized for removing applications from the App Store, launched this summer, without explanation. One such application was Nullriver's NetShare, which makes it possible for iPhone customers to use their high-speed Internet connections to provide Web access to a PC.