Last week's news that Apple had incorporated some form of application blacklist into the iPhone 3G certainly got people talking. While the purpose of said blacklist wasn't apparent, there was still quite a bit of argument over whether or not an application blacklist was a method that Apple should be employing.

Now we've got confirmation from Steve Jobs himself that a "kill switch" mechanism does exist on the iPhone. Speaking to the Wall Street Journal, Steve had this to say:
Mr. Jobs confirmed such a capability exists, but argued that Apple needs it in case it inadvertently allows a malicious program--one that stole users' personal data, for example--to be distributed to iPhones through the App Store. "Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull," he says.

Note that this does not necessarily mean that the Core Location blacklist discovered by Jonathan Zdziarski is the "lever" that Jobs refers to; there could very well be a separate mechanism elsewhere in the iPhone's software.

While such a function might very well be necessary to prevent malicious applications, it also may raise potential dangers from other malicious vectors if it isn't well-secured. Zdziarski was able to convince his iPhone's Core Location blacklist to terminate applications; it's likely others would be able to figure out the same methods.

There's also the exact question of what the definition of "malicious" entails. For example, could NetShare be considered malicious because it violates AT&T's terms of service? I'm guessing that's a can of worms that Apple doesn't want to open, but the issue will be raised sooner or later.

» posted by ITworld staff

Macworld.com

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine