iPhone ‘kill switch’ really exists to protect GPS access from unauthorized apps

“Yesterday I linked to a story about the discovery by Jonathan Zdziarski of a remote blacklist Apple is maintaining, supposedly, according to Zdziarski, to remotely disable rogue iPhone apps previously distributed through the App Store,” John Gruber writes for Daring Fireball.

“But the story seems fishy… there may well be some sort of kill switch that Apple can deploy to remotely disable an app that’s already installed. But this list is not it,” Gruber writes. “Apple has no reason to hide such a configuration in a sneaky place. If it’s ‘tucked away in a configuration file deep inside’ the Core Location framework, doesn’t it seem more likely that this list has something to do with, say, Core Location? Even the URL of the file in question hints at this: https://iphone-services.apple.com/clbl/unauthorizedApps.”

Gruber reports, “An informed source at Apple confirmed to me that the ‘clbl’ in the URL stands for ‘Core Location Blacklist,’ and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location — an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines.”

Full article here.

Obviously, nobody would want apps out there that can access GPS that might be intended to harass, stalk, or otherwise violate people’s privacy and other legal rights. It’s good that Apple had the foresight to create a way to prevent unauthorized access to Core Location.

21 Comments

  1. I do not understand why people dont understand that the blacklist is for gps only. How would you like it if an app gave your personal information to the developer. That would be the worst kind of spyware thier. It checkts the website whenever an application asks for location for the first time. Here is proof. Take an ipod touch. Restore it. Then open up maps. Load up the map for where you are at. Then exit it and disconect from the internet. Now go into maps again have it locate. Allow the program maps to access your location. it will never find it. However if the first time you use location in maps you are connected it will work . Then when your disconected and move somewhere else it will be able to locate you without connecting to the internet.

  2. “Obviously, nobody would want apps out there that can access GPS that might be intended to harass, stalk, or otherwise violate people’s privacy and other legal rights.”

    Nobody?

  3. Damn! Well there goes my idea for “Stalker” – an iPhone app that lets you stalk your ex-girlfriend or any random chick you met at the bar last week. Her iPhone would “call home” to yours every 2 minutes and would provide you with her exact location – kinda like Twitter on blow.

    You: “Hey, small world meeting you randomly like this again.”
    Her: “Get lost, freak!”

    Ahhhhh……love!

  4. Cubert,

    “You: “Hey, small world meeting you randomly like this again.”
    Her: “Get lost, freak!”

    Married guys have those kind of interactions all the time just laying in bed. At least I do. Ahhhhh…..crap!

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.