Published Blacklist Blocks Core Location Only?

[MacRumors]

DaringFireball.net clarifies that the published blacklist url likely only blocks malicious apps from accessing the iPhone's Core Location functions. Core Location allows applications to detect the user's location through GPS and Wi-Fi triangulation.

An informed source at Apple confirmed to me that the “clbl” in the URL stands for “Core Location Blacklist”, and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location — an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines.

This being said, this doesn't change the fact that Apple has suggested they can disable Applications remotely:

Since each iPhone program will be digitally signed by its creator, this gives Apple the ability to “turn off the spigot,” as Steve Jobs put it, and revoke programs that don’t meet its standards.

Article Link

 

[JML42691]

This will make all the people that were complaining about the disabling of apps somewhat happy, hopefully. But to be honest, Apple still should be able to disable any apps that are malicious, I wouldn't want any app that will invade my privacy on my phone or iPod.

 

[FuuFuu]

or they could just not let people instantly purchase an item by pressing "buy now" button.

 

[rockinrocker]

i don't see how this changes anything.

they can still disable whatever apps they choose....

 

[plumbingandtech]

This will make all the people that were complaining about the disabling of apps somewhat happy, hopefully. But to be honest, Apple still should be able to disable any apps that are malicious, I wouldn't want any app that will invade my privacy on my phone or iPod.

Nope. Back to a lack of MMS and video recording for them. For you see, if you build a machine that turns water into wine, unless it has MMS, it is bull puckey.

 

[Hattig]

Makes sense, one of the core concepts of digital signatures is the concept of revocation.

Revoke an app - you can disable it if the other end checks for revocation.

But to disable bits of functionality? That'd require some sort of hack like this list of files thing that Apple have implemented.

 

[xUKHCx]

Apple still should be able to disable any apps that are malicious, I wouldn't want any app that will invade my privacy on my phone or iPod.

You mean an application such as one that can see what applications you have on your phone and the ability for it to disable them

 

[patricksan]

or they could just not let people instantly purchase an item by pressing "buy now" button.

They could create a good separation between what is free and what you buy. I think that would be a nice behavior. Ok, I know that it is not so beautiful, but would improve it.

 

[Fotek2001]

i don't see how this changes anything.

they can still disable whatever apps they choose....

No, this theoretically means they can disable CoreLocation in any apps they choose. There's a big difference!

 

[exscape]

No, this theoretically means they can disable CoreLocation in any apps they choose. There's a big difference!

Well, if this is true, and Steve Jobs isn't lying, they can do both.

 

[notjustjay]

See what happens when you get all worked up over something without having all the facts?

 

[socamx]

or they could just not let people instantly purchase an item by pressing "buy now" button.

What part of "buy now" is that hard to understand? ...Is this seriously an issue? If so I lose even more hope in humanity. I really hope this is a joke that people have issues with a button that says "buy now." This is how iTunes has always worked for music and I don't recall anyone ever complaining.

If people are that paranoid, just enable the shopping cart feature then you can just add stuff, and if one is an accident you can remove it before purchasing everything.

*rolls eyes*

 

[Booga]

Remote Kill vs. Update-And-Kill

I think a key point is whether Apple is checking for certificate validity against an external site or just against a local copy. If the latter, the only means Apple has to disable an app is to release a point-release of the operating system.

Incidentally, there seem to be a lot of folks who are assuming that once they buy an iPhone app, that it will work for them forever. There have always been incompatibility in major operating system updates, and I assume iPhone Snow Leopard is going to break some apps. Some of which the developer may no longer be maintaining. It happens-- people need to start thinking about the iPhone as just another computer.

 

[Small White Car]

No, this theoretically means they can disable CoreLocation in any apps they choose. There's a big difference!

But Apple admitted that they can kill any app they want.

This doesn't DISPROVE yesterday's news, it's just saying that this is a SECOND feature that's not related to killing apps.

They're both true, it's just that someone got confused and thought this clue was part of the app-killing feature when it really wasn't.

 

[bazaarsoft]

Core Location Disable

I suspect this is really just the place where the iPhone stores app names for apps that YOU don't want core location to try to geolocate. You know that little dialog that pops up sometimes saying something like "Do you want this application to use location services?" I believe it asks only once, right? So if you say "No", where does it store that? Probably this file...

 

[PinkyMacGodess]

Well...

Well, gosh. Sounds like they let the cat out of the bag, so to speak.

All you need is a 'malicious program' that can set it's identity to a known good program and there is no stopping it. Right?

Could the new iphone be the next biggest virus target since Windows?

 

[bazaarsoft]

I was just using name as an example. It's probably something more to do with the certificate that the app was signed with so "spoofing" would be much more difficult. In fact, I can't find any reference to the actual contents of the file.

 

[PinkyMacGodess]

True and true.

I think a key point is whether Apple is checking for certificate validity against an external site or just against a local copy. If the latter, the only means Apple has to disable an app is to release a point-release of the operating system.

Incidentally, there seem to be a lot of folks who are assuming that once they buy an iPhone app, that it will work for them forever. There have always been incompatibility in major operating system updates, and I assume iPhone Snow Leopard is going to break some apps. Some of which the developer may no longer be maintaining. It happens-- people need to start thinking about the iPhone as just another computer.

For a device that has internet capability to not rely on the internet for some 'janitor' functions is nuts. Well, and it makes the idea of traveling with a locked iphone that much more distasteful.

We the people need a court case that invalidates the whole idea of 'locking' cell phones to one provider or at least leave people the ability to 'unlock' at will and for no or low cost. The idea that the 'commitment free' iphone is still locked to AT&T should be contested. 'No commitment' *should* mean 'no commitment', not 'no contract'. To pay AT&T their ransom AND still be tied to their service sounds like a very strong commitment to me...

 

[theBB]

All you need is a 'malicious program' that can set it's identity to a known good program and there is no stopping it. Right?

Could the new iphone be the next biggest virus target since Windows?

I believe that is where the digital certificate comes into play. I presume it is hard to fool the certificate.

 

[ert3]

Wirelessly posted (iPhone 8gb: Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_0_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5B108 Safari/525.20)

that is a scary thing to think about. Spyware actually spying on your location.

 

[maehara]

What part of "buy now" is that hard to understand? ...Is this seriously an issue?

Quite easy to hit it accidentally on the iPhone touch screen, which could lead to disaster if you've got 1-Click switched on. That's okay for 99c songs, not so okay for $999.99 gimmicky apps. Personally, I think the App Store should only allow 1-Click in iTunes, and not on the handset. Although if you choose to leave 1-Click enabled, that's the user's lookout, and not Apple's.

Now, how did we get here from Core Location blocking??

 

[alphaod]

The question is why would they approve the malicious apps in the first place? Or does Apple actually just approve everything and wait til complaints from users, so all the buyers can get screwed?

Quite easy to hit it accidentally on the iPhone touch screen, which could lead to disaster if you've got 1-Click switched on. That's okay for 99c songs, not so okay for $999.99 gimmicky apps. Personally, I think the App Store should only allow 1-Click in iTunes, and not on the handset. Although if you choose to leave 1-Click enabled, that's the user's lookout, and not Apple's.

If you're afraid of accidental buying, turn off the App Store [and iTunes WiFi Store].

 

[twoodcc]

well, this is better than turning off the app completely

 

[theBB]

The question is why would they approve the malicious apps in the first place?

Why are erasers still being sold? Why don't people just stop making mistakes instead?

 

[happydude]

You mean an application such as one that can see what applications you have on your phone and the ability for it to disable them

yup, was thinking the same thing.

i do think it is still too big brother for me. not a fan, but *sigh* what can we do?