Based on news reports about Steve Jobs statement that Apple does have a way to remotely remove/disable software on users' iPhones, there were a good number of blog posts diving into the issue. Several posts seemed to view this as a way for Apple to remotely disable your entire phone... but let's look at what was actually said:
But the real controversy started when Jonathan Zdziarski, author of the books iPhone Open Application Development and iPhone Forensics Manual, discovered a URL buried in Apple's firmware. That URL links to a file dubbed "unauthorizedApps" where malicious or simply bad apps might go once they disappear from the App Store.So essentially they are providing the application equivalent of a "Certificate Revocation List" (CRL) used in SSL (a point I was glad to see made by one commenter on a post). If somehow an application gets through Apple's vetting process and is found to do "bad actions", Apple has a way to tell iPhone's they should disable that application.
This very much makes sense to me... Apple needs to protect the trust users have in their AppStore. If something goes wrong, they do need a way to have rogue apps get shut down. A CRL-type of mechanism makes logical sense to me. I do agree with the article, though, that it would have been nice if Apple had disclosed this capability a bit more in advance.
I do understand the concerns various bloggers raised, though, about the centralization of control / power in Apple's hands. It is, however, their platform and so if you want to deploy your application on their platform you have to go along with whatever rules they may put in place. As a security guy, I have other questions, such as:
- How is access to that list of unauthorized applications protected?
- Who has the power to add applications to that list?
- Could an attacker fake the site (via DNS poisoning or something) and shut down iPhone apps within an area?
- How often does the iPhone "phone home" to check this list? On some regular interval like daily? Or only on power-ups?
The existence of a CRL-like mechanism is a double-edged sword. The company can use it to protect the network/platform... but attackers could also use it to shut down apps. The question to me is not whether or not such a list should exist... but how well is access to that list protected. Those would be some interesting questions to have answered....