Jobs confirms iPhone application 'kill switch'
Last week's news that Apple had incorporated some form of application blacklist into the iPhone 3G certainly got people talking. While the purpose of said blacklist wasn't apparent, there was still quite a bit of argument over whether or not an application blacklist was a method that Apple should be employing.
Now we've got confirmation from Steve Jobs himself that a "kill switch" mechanism does exist on the iPhone. Speaking to the Wall Street Journal, Steve had this to say:
Mr. Jobs confirmed such a capability exists, but argued that Apple needs it in case it inadvertently allows a malicious program--one that stole users' personal data, for example--to be distributed to iPhones through the App Store. "Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull," he says.
Note that this does not necessarily mean that the Core Location blacklist discovered by Jonathan Zdziarski is the "lever" that Jobs refers to; there could very well be a separate mechanism elsewhere in the iPhone's software.
While such a function might very well be necessary to prevent malicious applications, it also may raise potential dangers from other malicious vectors if it isn't well-secured. Zdziarski was able to convince his iPhone's Core Location blacklist to terminate applications; it's likely others would be able to figure out the same methods.
There's also the exact question of what the definition of "malicious" entails. For example, could NetShare be considered malicious because it violates AT&T's terms of service? I'm guessing that's a can of worms that Apple doesn't want to open, but the issue will be raised sooner or later.
» posted by ITworld staff
Macworld.com
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
mobile phone apps
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
