Apple's Ability to Deactivate Malicious App Store Apps

[MacRumors]

When Apple launched the App Store, they suggested that the use of DRM'd and signed applications could allow them to protect the iPhone from malicious applications and suggested that they could deactivate such applications remotely. Jonathan Zdziarski, author of iPhone Forensics reveals (via iPhone Atlas) the remote url that Apple is using to keep a list of the offending applications:

https://iphone-services.apple.com/clbl/unauthorizedApps

This url appears to keep a list of black listed apps which appears to contain a test application name. Zdziarski explains:

Quote:

“This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down.

“I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.”

Note that this is very different from just removing an application from the App Store. In case of this black listing, Apple could presumably deauthorize applications already installed on iPhones.

While Apple has been criticized lately for the removal of a number of App Store applications without explanation, those applications continue to work for those individuals who have already purchased the application. So far that list of prominent apps simply removed from the App Store include NetShare, BoxOffice and now I Am Rich (via Alley Insider).

We suspect Apple will reserve the use of this black list remote-deactivation for truly malicious apps, but even the unilateral removal of seemingly innocuous apps from the App Store has raised some criticism of Apple's editorial process.

Article Link

[Small White Car]

Well, a necessary evil.

As long as the use it responsibly, I have no problem with it. So far they're working at 100% "ok." I won't complain until that changes.

[eastcoastsurfer]

This is exactly the problem with a closed phone and the app store. Everyone will say it's fine until Apple turns off an app they think is useful/fun/paid for/whatever.

[whooleytoo]

It all depends on how/when they use it.

Given they don't give too much scrutiny to apps before they put them up on the store, they have to have some way of stopping them once they're out there.

p.s. I should also add: I REALLY hope this is implemented securely. Can you imagine the trouble a hacker could cause if they were able to 'spoof' the blacklist and blacklist all apps?

[iOrlando]

If apple closes an app.they should restore the cost to the user. I know...almost impossible to do..but doesnt that seem fair?

[megatronbomb]

Apple has really got to work on the App store. Their lack of communication to developers who have put a lot of time and work into apps that just disappear, the slowness of "approving" new apps, the organization of the store, etc. There's so much potential, but the execution has been bumpy.

[Bob Knob]

Quote:

Originally Posted by MacRumors

...but even the unilateral removal of seemingly innocuous apps from the App Store has raised some criticism of Apple's editorial process.

Article Link

Gee, just like every store on the planet Apple decides what it wants to have in its store. Maybe the critics should build their own phone and store. What a bunch of crybabies.

[antielectrons]

No thanks. I like my freedom, not some corporation telling me what I can do with my phone. Apple have gone too far already

[arn]

I thought they should have kept "I am Rich" in the app store. I don't think they need to start passing judgement over quality. Just make sure it doesn't crash, cause problems, or break their rules.

I suspect NetShare and BoxOffice removals were on some technicality and will return, though they need to tell developers when they pull their apps.

arn

[megatronbomb]

Quote:

Originally Posted by iOrlando

If apple closes an app.they should restore the cost to the user. I know...almost impossible to do..but doesnt that seem fair?

Yes. If a person buys an app in good faith, only to have Apple decide (based on whatever criteria) that the app should be revoked, then Apple should credit the purchaser.

Depending on the situation, I would have less of a problem with Apple not reimbursing the developer, particularly if the developer was being overtly malicious, etc.

[fastbite]

Why is I Am Rich removed?! 1.0.1 was going to include costume colors and a choice of jewels! And a Lite version for only 552 bucks was ready... Screw art i guess...

[Small White Car]

Quote:

Originally Posted by Bob Knob

Gee, just like every store on the planet Apple decides what it wants to have in its store. Maybe the critics should build their own phone and store. What a bunch of crybabies.

Really? What store do YOU shop at that has the right to come back to your house and steal what you bought from them?

I think this plan is a good security precaution for Apple and approve of its existence. But saying it's "just like every other store" is a bit strange. I know of NO other store like that!

[pacohaas]

So first apple would have to approve an app, then add it to their own malicious app list because they approved something they shouldn't have? I guess it's good that they left themselves a backout plan...

[chas0001]

I would be pretty annoyed if I purchased an application and Apple decided to disable it. Especially as they never give a reason for anything they do (unless pressurized).

Still waiting for the 'I am Poor' application though.

[arn]

Quote:

Originally Posted by Bob Knob

Gee, just like every store on the planet Apple decides what it wants to have in its store. Maybe the critics should build their own phone and store. What a bunch of crybabies.

Apple needs to communicate with their developers. It's mutual relationship.

If Apple wants developers to create quality apps for the iPhone, they need to work with the developers. It's not comforting that Apple cut off your business's entire income with no warning and no explanation.

Note: there are two issues. Deactivating malicious apps is fine, and I don't think anyone would disagree with it. Removing Apps from App Store is "ok" too, but they just need to tell devs why so they can remedy it.

arn

[markrich]

I would hope that Apple would contact those who bought the app to let them know why it no longer worked but this is sensible. Better to keep the nasty apps out which could hurt the phone or worse still spread and hurt others.

One would hope, however, that if the app approval system is working this shouldn't be necessary and would be only for the most severe problems.

[Loge]

Quote:

Originally Posted by iOrlando

If apple closes an app.they should restore the cost to the user. I know...almost impossible to do..but doesnt that seem fair?

Apple knows each account's purchase history so it should be easy to do, for anyone who still has an active iTunes account.

[Kwill]

This is a good thing. Should Apple discover that something is harming iPhones or sapping network performance, it should be disabled remotely.

[WoFat]

Someone needs to port Little Snitch to the phone.

[FreeState]

Quote:

Originally Posted by Small White Car

Really? What store do YOU shop at that has the right to come back to your house and steal what you bought from them?

I think this plan is a good security precaution for Apple and approve of its existence. But saying it's "just like every other store" is a bit strange. I know of NO other store like that!

Software is not handled the same way as physical goods. You do not own the software you buy in the App store.

http://www.apple.com/legal/itunes/ap.../us/terms.html

4. LICENSE OF PRODUCTS. The software products made available through the Service (the “Products”) are licensed, not sold, to you.

[Manatee]

Quote:

Originally Posted by arn

I thought they should have kept "I am Rich" in the app store. I don't think they need to start passing judgement over quality. Just make sure it doesn't crash, cause problems, or break their rules.

arn

I was looking forward to reports from people with "one-click purchase" activated, who accidentally bought it.

[numbsafari]

Quote:

Originally Posted by antielectrons

No thanks. I like my freedom, not some corporation telling me what I can do with my phone. Apple have gone too far already

Then don't buy one.

Problem solved!

[sd452]

Protect my iPhone from bad software. That's the point!

[JML42691]

I am glad that Apple has this ability to deactivate apps that could cause harm to a user's iPhone or iPod, but I hope that they limit it to harmful apps only, not apps like BoxOffice or NetShare. They should not deactivate an app like NetShare even if a cell carrier requests it.

But Apple needs to work on their communications with application developers, when an app has been removed for this long like NetShare or BoxOffice, the developer needs to be told why, this is just unacceptable on Apple's part.

[Small White Car]

Quote:

Originally Posted by FreeState

Software is not handled the same way as physical goods. You do not own the software you buy in the App store.

http://www.apple.com/legal/itunes/ap.../us/terms.html

4. LICENSE OF PRODUCTS. The software products made available through the Service (the “Products”) are licensed, not sold, to you.

I'm a little confused why you're telling me this.

If you're making a point I'm afraid it's passed right over my head because this looks exactly like the point I was making. But I'm assuming you were trying to make a different point than I did, so I just have to admit that I don't understand.