Kamis, 07 Agustus 2008

After some snooping into the core of an iPhone 3G, a hacker has reported finding a blacklist of sorts that could allow Apple to remove malicious or unauthorized applications from iPhones.

Jonathan Zdziarski, author of the books iPhone Open Application Development and iPhone Forensics Manual, found a URL buried in Apples firmware that links to a file dubbed "unauthorizedApps" where malicious or simply bad apps might go once they disappear from the App Store.

"This suggests that the iPhone calls home once in a while to find out what applications it should turn off," Zdziarski wrote in a Web posting. "At the moment, no apps have been blacklisted, but by all appearances this had been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down."


A particular iPhone app that received huge attention was created by coder Armin Heinrich. He posted an app called "I Am Rich" to Apples App Store and tagged it with a $1,000 price tag. The app, which displays a red ruby to indicate to others that you can afford it, has not had a great response and has been described by observers as stupid.

As of Wednesday, Heinrichs app was not available for sale in the U.S., according to a pop-up message. Since then it has mysteriously disappeared, leaving users wondering if "I Am Rich" made its way to the blacklist or if Heinrich himself pulled the plug.

Other apps that have disappeared include BoxOffice (renamed to Now Playing) and NullRivers NetShare. BoxOffice gave users movie show times, movie descriptions, and images from RottenTomatoes.com, while NetShare allowed people to use a wireless device to tap into an iPhones Wi-Fi connection. NetShare broke AT&Ts service agreement for connectivity.

Developers of both apps have said they never received any communication from Apple before their apps were yanked.


While some observers say the blacklist is for user protection, others insist Apple wants complete control of what users install on iPhones and iPods.

Users may be okay with Apple pulling the plug on apps from the App Store, but should they be allowed to yank apps from peoples devices, especially after they have paid for an app? That question has not yet been answered. And if Apples devices are phoning home to check on apps, are they also keeping tabs on text messages, e-mail and phone calls?

Apple did not return calls or e-mail seeking comment. But Zdziarski wrote on his Web site that his posting had been blown out of proportion so "every wanna-be-Watergate journalist in the northern hemisphere e-mails me with conspiracy theories." He said his discovery warrants further research and questions to be posed to Apple, but at this time he doesnt know what the mechanism does or whether its active.

Mike Kent contributed to this story.


0 komentar: