Become a MacRumors Supporter for $25/year with no ads, private forums, and more!
  • Did you order new AirTags? We've opened a dedicated AirTags forum.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,410
14,113
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png

DaringFireball.net clarifies that the published blacklist url likely only blocks malicious apps from accessing the iPhone's Core Location functions. Core Location allows applications to detect the user's location through GPS and Wi-Fi triangulation.
An informed source at Apple confirmed to me that the “clbl” in the URL stands for “Core Location Blacklist”, and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location — an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines.
This being said, this doesn't change the fact that Apple has suggested they can disable Applications remotely:
Since each iPhone program will be digitally signed by its creator, this gives Apple the ability to “turn off the spigot,” as Steve Jobs put it, and revoke programs that don’t meet its standards.




Article Link
 

JML42691

macrumors 68020
Oct 24, 2007
2,082
2
This will make all the people that were complaining about the disabling of apps somewhat happy, hopefully. But to be honest, Apple still should be able to disable any apps that are malicious, I wouldn't want any app that will invade my privacy on my phone or iPod.
 
Comment

FuuFuu

macrumors regular
Jul 8, 2008
226
0
Roselle
or they could just not let people instantly purchase an item by pressing "buy now" button.
 
Comment

rockinrocker

macrumors 65816
Aug 21, 2006
1,320
0
i don't see how this changes anything.

they can still disable whatever apps they choose....
 
Comment

plumbingandtech

macrumors 68000
Jun 20, 2007
1,993
1
This will make all the people that were complaining about the disabling of apps somewhat happy, hopefully. But to be honest, Apple still should be able to disable any apps that are malicious, I wouldn't want any app that will invade my privacy on my phone or iPod.

Nope. Back to a lack of MMS and video recording for them. For you see, if you build a machine that turns water into wine, unless it has MMS, it is bull puckey.
 
Comment

Hattig

macrumors 65816
Jan 3, 2003
1,448
84
London, UK
Makes sense, one of the core concepts of digital signatures is the concept of revocation.

Revoke an app - you can disable it if the other end checks for revocation.

But to disable bits of functionality? That'd require some sort of hack like this list of files thing that Apple have implemented.
 
Comment

xUKHCx

Administrator emeritus
Jan 15, 2006
12,583
7
The Kop
Apple still should be able to disable any apps that are malicious, I wouldn't want any app that will invade my privacy on my phone or iPod.

You mean an application such as one that can see what applications you have on your phone and the ability for it to disable them ;)
 
Comment

socamx

macrumors 6502
Oct 7, 2004
346
4
or they could just not let people instantly purchase an item by pressing "buy now" button.

What part of "buy now" is that hard to understand? ...Is this seriously an issue? If so I lose even more hope in humanity. I really hope this is a joke that people have issues with a button that says "buy now." This is how iTunes has always worked for music and I don't recall anyone ever complaining.

If people are that paranoid, just enable the shopping cart feature then you can just add stuff, and if one is an accident you can remove it before purchasing everything.

*rolls eyes*
 
Comment

Booga

macrumors regular
Aug 8, 2002
122
0
Remote Kill vs. Update-And-Kill

I think a key point is whether Apple is checking for certificate validity against an external site or just against a local copy. If the latter, the only means Apple has to disable an app is to release a point-release of the operating system.

Incidentally, there seem to be a lot of folks who are assuming that once they buy an iPhone app, that it will work for them forever. There have always been incompatibility in major operating system updates, and I assume iPhone Snow Leopard is going to break some apps. Some of which the developer may no longer be maintaining. It happens-- people need to start thinking about the iPhone as just another computer.
 
Comment

Small White Car

macrumors G4
Aug 29, 2006
10,929
1,239
Washington DC
No, this theoretically means they can disable CoreLocation in any apps they choose. There's a big difference!

But Apple admitted that they can kill any app they want.

This doesn't DISPROVE yesterday's news, it's just saying that this is a SECOND feature that's not related to killing apps.

They're both true, it's just that someone got confused and thought this clue was part of the app-killing feature when it really wasn't.
 
Comment

bazaarsoft

macrumors newbie
Apr 7, 2005
26
12
Core Location Disable

I suspect this is really just the place where the iPhone stores app names for apps that YOU don't want core location to try to geolocate. You know that little dialog that pops up sometimes saying something like "Do you want this application to use location services?" I believe it asks only once, right? So if you say "No", where does it store that? Probably this file...
 
Comment

PinkyMacGodess

macrumors 603
Mar 7, 2007
5,942
2,641
Midwest America.
Well...

Well, gosh. Sounds like they let the cat out of the bag, so to speak.

All you need is a 'malicious program' that can set it's identity to a known good program and there is no stopping it. Right?

Could the new iphone be the next biggest virus target since Windows?
 
Comment

bazaarsoft

macrumors newbie
Apr 7, 2005
26
12
I was just using name as an example. It's probably something more to do with the certificate that the app was signed with so "spoofing" would be much more difficult. In fact, I can't find any reference to the actual contents of the file.
 
Comment

PinkyMacGodess

macrumors 603
Mar 7, 2007
5,942
2,641
Midwest America.
True and true.

I think a key point is whether Apple is checking for certificate validity against an external site or just against a local copy. If the latter, the only means Apple has to disable an app is to release a point-release of the operating system.

Incidentally, there seem to be a lot of folks who are assuming that once they buy an iPhone app, that it will work for them forever. There have always been incompatibility in major operating system updates, and I assume iPhone Snow Leopard is going to break some apps. Some of which the developer may no longer be maintaining. It happens-- people need to start thinking about the iPhone as just another computer.

For a device that has internet capability to not rely on the internet for some 'janitor' functions is nuts. Well, and it makes the idea of traveling with a locked iphone that much more distasteful.

We the people need a court case that invalidates the whole idea of 'locking' cell phones to one provider or at least leave people the ability to 'unlock' at will and for no or low cost. The idea that the 'commitment free' iphone is still locked to AT&T should be contested. 'No commitment' *should* mean 'no commitment', not 'no contract'. To pay AT&T their ransom AND still be tied to their service sounds like a very strong commitment to me...
 
Comment

theBB

macrumors 68020
Jan 3, 2006
2,453
3
All you need is a 'malicious program' that can set it's identity to a known good program and there is no stopping it. Right?

Could the new iphone be the next biggest virus target since Windows?
I believe that is where the digital certificate comes into play. I presume it is hard to fool the certificate.
 
Comment

ert3

macrumors 6502a
Dec 10, 2007
802
0
Wirelessly posted (iPhone 8gb: Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_0_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5B108 Safari/525.20)

that is a scary thing to think about. Spyware actually spying on your location.
 
Comment

maehara

macrumors regular
Jan 2, 2003
149
7
Northern Ireland
What part of "buy now" is that hard to understand? ...Is this seriously an issue?
Quite easy to hit it accidentally on the iPhone touch screen, which could lead to disaster if you've got 1-Click switched on. That's okay for 99c songs, not so okay for $999.99 gimmicky apps. Personally, I think the App Store should only allow 1-Click in iTunes, and not on the handset. Although if you choose to leave 1-Click enabled, that's the user's lookout, and not Apple's.

Now, how did we get here from Core Location blocking?? :)
 
Comment

alphaod

Contributor
Feb 9, 2008
22,179
1,234
NYC
The question is why would they approve the malicious apps in the first place? Or does Apple actually just approve everything and wait til complaints from users, so all the buyers can get screwed?

Quite easy to hit it accidentally on the iPhone touch screen, which could lead to disaster if you've got 1-Click switched on. That's okay for 99c songs, not so okay for $999.99 gimmicky apps. Personally, I think the App Store should only allow 1-Click in iTunes, and not on the handset. Although if you choose to leave 1-Click enabled, that's the user's lookout, and not Apple's.

If you're afraid of accidental buying, turn off the App Store [and iTunes WiFi Store].
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.