WARNING: Uninstalling Jailbreak Apps - What doesn't uninstall...

Discussion in 'iPhone' started by Cleverboy, Oct 9, 2007.

  1. Cleverboy macrumors 65816

    Cleverboy

    Joined:
    May 25, 2007
    Location:
    Pocket Universe, nth Dimensional Complex Manifold
    #1
    Mm. I was cleaning off 3rd party apps before I upgraded to 1.1.1 again and I noticed all the CRAP these programs left all over my phone. Here I thought AppTap's "Uninstall" feature would actually make it as if the application had actually been... "UNINSTALLED". :rolleyes: Go figure.

    • ToDo list uninstalled... look, all my to do data, still sitting in the folder.
    • Navizon uninstalled... cache files? Gezus.
    • MobileCast uninstalled... more cache files! Deep nested cache files.
    • weDICT/dictionaries... uninstalled... look, the dict indexes are still there!
    • SummerBoard... uninstalled... nice, Louie Mantia theme, why do I still need this?

    For anyone that installed hacks and is wondering why you are missing space you originally had on your iPhone... guess what? You've got klingons. For the record, I believe that much of this will get automatically backed up to iTunes, so that even a full restore will end up putting it back on your phone when you re-sync.

    If you're looking to get service on your phone, and you uninstall 3rd party apps, and think they've left no discernable trace, I wanted to give this wake up call to people. I would find it disturbing to leave my iPhone with Apple for repair, only to be told, "I'm sorry sir, there appears to be unauthorized modifications to the phone here. You're no longer covered under warranty, and your IMEI number has been blacklisted."

    NICE.

    Unfortunately, I'm fairly certain the last thing I'll be uninstalling is Installer.app, which will inevitably leave its own preference folder in place. Maybe if I delete its folders via SSH and THEN hit the uninstall button. Eh. Oh, well.

    UPDATE: For the record, backing out leaves you with "BSD Subsystem" with an option to "Reinstall", and "Installer" with only an option to "Install". It's amusing that a program called "Installer" can be so single minded. At least they "highly" recommend apps provide an "Uninstall" method, although it doesn't do so itself. LOL.

    ~ CB
     
  2. Speedracer04 macrumors 6502a

    Speedracer04

    Joined:
    Sep 8, 2006
    Location:
    Michigan
    #2
    ...if you want everything off why dont you just do a restore of your phone. Sync it before hand so you keep all of your settings, and the phone is only 8Gb, so even if you have it full it will only take an hour or two to resync your music....

    I dont see the big deal.
     
  3. GTiPhone macrumors regular

    Joined:
    Jul 22, 2007
    Location:
    Island Heights, NJ
    #3
    All of that without having restored.


    I cannot believe I just read that entire thing only to discover at the end that he is not talking about actually restoring the OS thru iTunes.

    What is WRONG with people. Prefs files still on the phone eh? No KIDDING. Same as any other build of OS X in exsitence.
     
  4. Cleverboy thread starter macrumors 65816

    Cleverboy

    Joined:
    May 25, 2007
    Location:
    Pocket Universe, nth Dimensional Complex Manifold
    #4
    Anyway, as I was saying, much of this gets recorded in your backup when you sync your phones. After a restore, they will reappear once you resync (see second paragraph of first post).

    ::: Takes a moment to look at Speedracer
    and GTiPhone with an annoyed expression :::

    So, I was looking through my backup directory, and I'd imagine that if you delete the associated "mdbackup" files here, they WON'T resync to your phone.

    On Windows, your back up is located here:

    C:\Documents and Settings\[USERNAME]\Application Data\Apple Computer\MobileSync\Backup\[UNIQUE INDENTIFIER]

    On Macs, they're located here:
    ~/Library/Application Support/MobileSync/Backup/

    Opening up each .mdbackup or blist document in a text editor will show you what it is the associated record was for. Obviously, an mdbackup file starting with "Library/Preferences/Apollo.plist", was for Apollo, and can probably be deleted without any ill effects on a restore/resync. As a note: I haven't DELETED these files, and attempted a restore, but logically it sounds like it would clean things up a bit more permanently.

    PRIVACY CONCERNS

    For the record, this means, that if you used an app like Apollo/IM, and do not wish a record of the IM accounts recorded anywhere after you uninstall the application, this will be of interest to you. Similarly, if you used MobileCast, and subscribed to a number of podcasts from your phone, THEN uninstalled the application, and do not want a record of those podcasts to live on in perpetuity both ON your computer AND on your phone, you will need to attempt to remove these records either via SSH or removing the sync record.

    Also, it would appear that VNsea, the mobile VNC application stores your VNC passwords in clear text in your plist. So, if you thought you'd try out VNsea, and then uninstalled it without FIRST specifically deleting each of the user accounts you added... you've now created a security problem if your VNC server is exposed to the Internet. Also, worth noting... using a VNC client that treats your passwords so cavalierly might not be a good idea in the first place.

    If you believe that restoring your iPhone will magically wash away any records of these things, you're living under a delusion that it may be important for you to correct.

    ~ CB
     
  5. Cleverboy thread starter macrumors 65816

    Cleverboy

    Joined:
    May 25, 2007
    Location:
    Pocket Universe, nth Dimensional Complex Manifold
    #5
    Yeah... I just noticed that MobileChat for iPhone stores passwords in clear text too in its associated plist. Niiiiice.

    So, a note to all the folks out there. If you know any friends using MobileChat, let them know that they might have well saved a TEXT file to their computer with all their passwords in it. Even if they uninstall MobileChat, restore their phone, and upgrade to firmware 1.1.1, the file will continue to reside on both their phone AND their personal computer by means of the iPhone backup system.

    This is why restoring your phone forces you to re-enter your e-mail passwords. Apple doesn't store your password information in a way that can be easily retrieved, and therefore forces you to re-enter it after restoring your settings. Jailbreak applications have not risen to that level of security yet.

    Word to the wise.

    ~ CB
     
  6. mcdj macrumors G3

    mcdj

    Joined:
    Jul 10, 2007
    Location:
    NYC
    #6
    I can confirm this. I was having problems with SSH and wanted to start from scratch. I restored to 1.02, then restored from my last sync and reinstalled all the stuff I had previously. Summerboard "magically" knew what theme I wanted to use and to skip the last row of icons. Plist obviously backed up during last sync.
     
  7. Telp macrumors 68040

    Telp

    Joined:
    Feb 6, 2007
    #7
    How do you know what back up belongs to what?
     
  8. Cleverboy thread starter macrumors 65816

    Cleverboy

    Joined:
    May 25, 2007
    Location:
    Pocket Universe, nth Dimensional Complex Manifold
    #8
    You can drop them into a text editor like TextMate and read what it says it belongs to between the gibberish, or you can even use the "Property List Editor" to view them properly (just expand the root node by clicking the arrow).

    The "Property List Editor" comes with the developer tools when you install them from your OS CD.

    You can find the Property List Editor
    in THIS directory when you have them installed:
    /Developer/Applications/Utilities

    When you have Property List Editor running, you can actually drag and drop groups of these files onto the icon in your dock (or presumeably directly onto the application to launch it). Don't drop the lot however, because due to the naming convention, you'll probably lose track of which name is which when you go to delete them.

    Yeah, at first I didn't mind this effect, because it also happened to me when I restore my phone months ago... I just thought nothing of it at the time, and it saved me the effort of re-inputting things, but #1. It's annoying to think my usernames/passwords/other material is actually sitting around on both my harddrive and iPhone, regardless of whether I have the apps installed. This is probably most relevant because many of the apps don't take much effort to properly encrypt sensitive information. Other information is just a little annoying to see.

    My impression is you need to DELETE these from your last back up, and separately from the iPhone itself (over SSH), in order to fully remove the plists from the system/sync. Moreover, if your concerned about usernames/passwords/etc with apps like MobileChat, VNsea, or others... you may wish to manually REMOVE all your data using the application itself (like in MobileChat, manually delete all your accounts) before uninstalling the program. Otherwise, the plist will be orphaned with all your information still in it.

    ~ CB
     
  9. Cleverboy thread starter macrumors 65816

    Cleverboy

    Joined:
    May 25, 2007
    Location:
    Pocket Universe, nth Dimensional Complex Manifold
    #9
    Warning

    Just thought I'd throw this out there as well.

    Imagine you've installed App Tap, and you've installed the MobileChat app or Apollo. You're browsing a new website you ran across, and suddenly, Safari crashes. You think nothing of it, but you notice your iPhone starts acting very slow, and becoming somewhat unstable. About a week later, you begin getting emails from friends, asking you about e-mails you allegedly sent to them from your e-mail account (on AOL or perhaps MSN), asking them to download some file were allegedly sending. Worst, you start getting signs that someone has begun posting to different forums under you name.

    I can't stress this enough. Currently there is a TIFF exploit for Mobile Safari in the wild, and hackers have successfully created scenarios where they can execute code on the iPhone. Both MobileChat and Apollo store your username and password as CLEAR TEXT in their plists. It would be EXTREMELY SIMPLE for any script kiddie to create iPhone pages that retrieve all your usernames and passwords for your instant messaging accounts. This means AOL, MSN, ICQ, etc.

    Don't believe me...? Here is Apollo's plist:
    How about MobileChat? Well here it is:
    Even if you've UNINSTALLED MobileChat or Apollo, these files remain on your iPhone, and unless you deleted the account information before you uninstalled, your account information will remain available for any hacker to find.

    I'm hoping that the programmers of these applications might consider releasing a NEW version immediately that encrypts this information, adding at least a layer of security to users and past users who are otherwise very very exposed right now. Honestly, I feel like I understand hackers who break into a company's computer just to make folks wake up. It's appalling.

    ALSO, I hope Apple fixes the TIFF exploit problem very soon as well. I'm sure people will HATE this because it will ruin the new jailbreak method (the one that doesn't involve downgrading your phone), but BOY is this an increasingly scarey prospect (more so than the WIFI exploit).

    ~ CB
     
  10. Sobe macrumors 68000

    Sobe

    Joined:
    Jul 6, 2007
    Location:
    Wash DC suburbs
    #10
    For those of us who aren't fluent in this stuff, could you perhaps explain the variable risk between a stock 1.1.1 phone and one that is using MobileChat or Apollo?
     
  11. Cleverboy thread starter macrumors 65816

    Cleverboy

    Joined:
    May 25, 2007
    Location:
    Pocket Universe, nth Dimensional Complex Manifold
    #11
    Stock 1.1.1 iPhone - TIFF Exploit. Could potentially expose any data/send stored in the Notes application, SMS text history, plist data, and the rest of the phone. Could allow a hacker to install a "watcher" application that reports back any communications you make. Email account information from the iPhone Mail app does NOT appear exposed as clear text.

    1.0.2/1.1.1 iPhone with 3rd Party applications Mobile Chat or Apollo - TIFF Exploit (same risks as above), plist data now includes username and passwords for AOL, MSN, and other services you may have entered (IMPORTANT NOTE: these usernames/passwords not only allow IMs to be used, but gives access to the other email and wallet related services run by AOL/MSN etc).

    ~ CB
     
  12. Cleverboy thread starter macrumors 65816

    Cleverboy

    Joined:
    May 25, 2007
    Location:
    Pocket Universe, nth Dimensional Complex Manifold
    #12
    BTW, I'm also going to recommend that people using AppTap with MobileChat/Apollo on their iPhones DO NOT lend their iPhone liberally (to a co-worker possibly) or leave it unattended in a house with people you might not be able to trust without password-locking it.

    If the person has 3 minutes with it, all they need to do is download SendFile using AppTap's Installer (if you haven't downloaded SendFile yourself), and send themselves your Apollo and/or MobileChat IM accounts information. If you hadn't installed SendFile, they can simply uninstall it, and then delete records of the Sent Files from your Mail.app.

    Alternatively, they may be able to simply download Mobile TextEdit and navigate to your plists, open them, and copy your passwords to a piece of paper.

    It's interesting how a teenager could easily feign the desire to play TTR or your NES.app, and the moment you turn your back, could mischievously send themselves all your passwords. It may sound far-fetched until it happens to you. Unfortunately, if they have access to the computer you sync to, it also applies to that as well (in that case, sending the file elsewhere would only require web browser access).

    Even if, in the end, it only amounts to snooping, its still not a good position to be in, without being aware of it. Many many years ago I had my AOL account password stolen by a malicious script that got onto my computer. Later, I even talked to the person who had logged into my account and used my buddy list as his personal jukebox of mischief. Sometimes they do it to just feel smarter than everyone else (like in my case). If that's all, count yourself lucky.

    ~ CB
     
  13. Cleverboy thread starter macrumors 65816

    Cleverboy

    Joined:
    May 25, 2007
    Location:
    Pocket Universe, nth Dimensional Complex Manifold
    #13
    FYI, I've also sent messages about this to both MobileChat and Apollo's development contacts. Hopefully they can do something about it on the "soonish" side. With apps like 1passwd using Blowfish encryption on the iPhone, I'm not sure why encrypting this information was ever overlooked (except for the expedience of adding more features, more chat clients, thereby ironically increasing the nature of the exposure).

    Also, this problem applies to anyone who gets their AppTap/MC/Apollo enabled iPhone lost or stolen as well.

    ~ CB
     
  14. skierdb526 macrumors regular

    Joined:
    Sep 13, 2007
    #14
    im going to do a restore and upgrade to 1.1.1.. .does this mean i need to go through and get rid of all these junk files? or should they be gone due to the restore?
     
  15. Cleverboy thread starter macrumors 65816

    Cleverboy

    Joined:
    May 25, 2007
    Location:
    Pocket Universe, nth Dimensional Complex Manifold
    #15
    If you want to make sure the files are gone, the following procedure SHOULD work:

    1. Go onto your computer's MobileSync directory, and DELETE all non-Apple plist files (open them up in a text editor if you need to, they should be obvious)
    2. RESTORE your iPhone
    3. UPGRADE to 1.1.1.
    4. Allow your iPhone to re-sync

    The first two steps are interchangeable, as long as you DELETE these files from your host machine before you re-sync, and as long as you RESTORE before you UPGRADE. I also believe each iPhone backup has its own folder, so make sure you check ALL the folders in your mobile sync directory.

    ~ CB
     
  16. skierdb526 macrumors regular

    Joined:
    Sep 13, 2007
    #16
    THANKS!
     
  17. Vegeta-san macrumors 6502

    Joined:
    Aug 4, 2006
    #17
    Hey Cleverboy...Thanks for the informative post man. I would have never known this to be a possibility until you called it out (although I would have suspected something when my "Installer.app" free space was so much less than 110mb).

    Anyway, so I just upgraded from a hacked 1.0.2 iPhone to 1.1.1 by first restoring, and then letting the restore process also handle the subsequent upgrade to 1.1.1. Afterwards, I jailbroke it using the 1 touch jailbreak and looked around the file system using iFuntastic. I looked in the "Applications" folder and elsewhere, but couldn't find any mention of 3rd party apps that I had on there before...Even though I restored from a backup of my phone after upgrading...So....Where is this stuff supposed to be man? Where can I check in iFuntastic's file browser to confirm whether gibberish has been left on my iPhone after the update...


    Once again, thanks alot for the info.
     
  18. Cleverboy thread starter macrumors 65816

    Cleverboy

    Joined:
    May 25, 2007
    Location:
    Pocket Universe, nth Dimensional Complex Manifold
    #18
    No problem, nice to know it matters for someone. If you can see the "root" directory, and get into "/Library/" and "/Library/Preferences/", that's where these areas would be. From my understanding, the preferences sync and get backed up. My only problem with the files left in "/Library/" is that they should have been erased when I uninstalled the corresponding application. If you TRULY restored, I'd like to doubt these files would come back, but I haven't done much testing on that. If you ONLY upgraded (which comes across like a restore, as it removes your apps from the Springboard), I'd imagine these data files would still be hanging around (Summberboard left an entire theme in place, while MobileCast leaves any podcasts you downloaded).

    ~ CB
     
  19. Vegeta-san macrumors 6502

    Joined:
    Aug 4, 2006
    #19
    Hey man...So yea, I looked in the Preferences folder and nothings in there, except for an "com.apple.audio.DeviceSetting" plist file. So I think it's good. Anyway, the one time I've had to send my iPhone into Apple, I synced it (for one final backup) and then restored it without restoring from a backup afterwards. This left the phone in a "Please connect to iTunes to Activate" state. Apple had no problem working with it and never asked me to send it back in with my info synced to it or anything. That would be insane as it would have so much personal data. So, as much as I understand you initial post, I think the worry is null if someone is sending in an iPhone for repair, as long as they take the proper precautions. But, if someone were to take thier malfunctioning phone into an Apple Store, then yes, the precautions you stated in this thread are well advised as one wouldn't restore thier phone before doing that....Anyway man, thanks for the info! later
     
  20. pacohaas macrumors 6502a

    Joined:
    Jan 24, 2006
    #20
    Where are the cache files located? I don't think com.mexens.Navizon.Account is the only thing it leaves behind, right?
     
  21. Stonie24 macrumors newbie

    Joined:
    Oct 29, 2007
    Location:
    Over There
    #21
    So u still have the ability to uninstall apps meaning the phone still boots up, wouldn't it be logical to just do a restore then not resync and take the precious in for service? Am I wrong in thinking a restore just wipes everything off? Kinda like reinstalling an OS? :confused:
     
  22. pacohaas macrumors 6502a

    Joined:
    Jan 24, 2006
    #22
    ah, but what if the reason you need service is because you can't get it to connect to your computer? I've seen that happen to several iPods in the past, they continue to play music just fine, but won't show up in iTunes at all to restore. In that case, you'd want to uninstall everything via the phone, returning it to as close to virgin state as possible. Plus it's just bad practice for an uninstaller to leave behind files without at least giving you the option to remove them.
     
  23. cdavi060 macrumors regular

    Joined:
    Oct 3, 2007
    #23
    can't you just restore your phone and instead of restorng from a backup just start over as it was a new phone and let it re get your contacts and etc from the contacts program rather than the backup ?
     
  24. pacohaas macrumors 6502a

    Joined:
    Jan 24, 2006
    #24
    Not if the phone needs Apple service because it won't connect to a computer.
     
  25. rablat macrumors 6502a

    rablat

    Joined:
    Oct 8, 2007
    Location:
    Classified NSA intel
    #25
    Why wouldn't it be able to connect if you restore as new phone not from backup?
     

Share This Page