iPhone's so-called bad-app kill-switch: teacup-storm?

It's IT Blogwatch: in which we delve into the murky depths of the iPhone application blacklist -- can Steve Jobs remotely disable your apps? Not to mention Paris Hilton responding to McCain...

Brennon Slattery blogs:

Apple wields ultimate control over applications running on your iPhone. If it doesn't like an app it flips a "kill switch" that zaps an unpalatable iTunes App off your iPhone in a heart beat. At least that's the buzz.
...
Issues surrounding Apple's supposed Orwellian-control over your iPhone have been popping up as iTunes applications have surfaced, disappeared, and resurfaced in recent weeks. The iPhone "Kill Switch" is a separate matter. It is theorized to be a mechanism that can be updated remotely (no syncing required) by Apple and can disable any application running on an iPhone at any time.
...
The so-called "kill switch" remains more mystery than anything else ... Nevertheless iPhone developers are beginning to say "hey, wait a minute" as they ponder developing software under the influence of Apple's apparent fickle whims ... amidst thorny relations between Apple and app developers. more

Chris Foresman adds:

Allegedly, Apple would be able to keep a blacklist of certain apps that are not allowed on (or that the company has revoked from) the App Store, and therefore be able to kill the apps remotely on customers' iPhones once a certificate has been revoked. Naturally, this has caused some hand-wringing and tinfoil-hat-shaping among iPhone customers who don't want to sacrifice that level of control of their devices to Apple.
...
Jonathan Zdziarski ... originally discovered some unusual bits of data while performing a forensic examination of an iPhone 3G. In the crevices of his iPhone 3G, he found a ... reference to ... what appears to be an application blacklist. The file, located on an Apple server ... clearly lists what would be an array called "BlackListedApps," and includes fields for the app name, reason, and date of blacklisting.
...
Perhaps unsurprisingly, Apple did not respond to request for comment. more

Jonathan Zdziarski is la boca del caballo:

So I post one little comment to a geek blog site about an "unauthorized apps" list downloaded by the iPhone, and every wanna-be-watergate journalist in the northern hemisphere emails me with conspiracy theories. Allow me to set the record straight.

The locationd cache on the iPhone, located in /var/root/Library/Caches/locationd/, contains (among other things), a cache of unauthorized applications and a URL to a page on Apple's servers where it is apparently downloaded from time to time. That's all we know - nothing more ... [But] with a little DNS spoofing, I've managed to feed my own list into the iPhone and effectively kill any application that attempts to use the GPS, including Google Maps. It looks like tasers are only set to 'stun' right now, but that may just be because I haven't found the knob to vaporize the app. If you have a known list of malicious software, it would certainly be irresponsible to let it run, but just not use the GPS, so I am betting that there is either an "on switch" somewhere to do this, or that future versions of iPhoneOS might extend its functionality.
...
Either way, the idea that Apple can choose what functionality my applications should have frightens me. more

Cory Bohon has his sources:

These speculations are based on a URL found on Apple's site with references for a blacklisting mechanism: https://iphone-services.apple.com/clbl/unauthorizedApps
...
While this may sound like a privacy violation, our sources tell us that Apple has put this tool into place as a security measure to shut down rogue apps if needed, and it could simply be a proof of concept that hasn't yet been implemented for actual takedowns. We're not convinced that this is new, considering that the only entry in the unauthorizedApps list is dated "2004" and is clearly a test entry. more

Kevin C. Tofel inserts tongue into cheek:

It's here! It's here! The feature that nobody wants on the iPhone is here! I'm talking about Apple's ability to determine if you have any apps you shouldn't have on your iPhone followed by their (not your) removal of said application
...
The colossal fail here is isn't with the application blacklisting mechanism in my opinion. Isn't Apple the gatekeeper for the apps in the App Store? That's where app control should be: at the source, not at the end point. Then again, I'm not sure that having my phone silently calling Cupertino behind my back is highly desirable either. more

Good morning, John Murrell:

These days, the line between legitimate concern and paranoia is a fuzzy and mobile boundary, so it’s not surprising to find reactions across that entire range at the discovery of an interesting bit of code buried in the iPhone ... The absence of any actual information has done nothing to curb the speculation ... But unless the tight-lipped company chooses to enlighten us, speculation is all we have.
...
Given Apple’s penchant for control, you might want to start thinking of your iPhone screen as a sort of shared desktop with a powerful and fussy sysadmin. more

And finally...

• Paris Hilton Responds to McCain Ad

Buffer overflow:

• Ben Worthen: Now It's Phisher Against Phisher
• SearchEngineWatch: Microsoft Webmaster Tools Update
• Bruce Schneier: Memo to Next President: How to Get Cyber Security Right
• Emergent Chaos: Black Hat (Live) Blog: Keynote
• Craig Borysowich: Conceptual Architecture Models (deliverable)
• Stacey Higginbotham: Wireless Results Scorecard
• David Marshall: VMware scripting is getting easier with VI Toolkit SAVE

Other Computerworld bloggers:

• Michael R. Farnum: No "Tibet" in MSFT Online Services
• Mike Elgan: Finally: A better Notepad than Notepad
• Todd R. Weiss: Need to discover some open source enterprise apps for your business? You should have been at LinuxWorld
• Preston Gralla: Big lies about Windows performance boosters
• John Brandon: Is the Internet microsizing me?
• John Brandon: Street View: the "privy" in privacy
• Mark Hall: Monitoring online services: What's your CloudStatus?
• John Brandon: More Olympics sites to bookmark
• John Brandon: Site-of-the-Day: National Geographic Summer Games
• John Brandon: New Facebook look and feel
• Douglas Schweitzer: Containing spam
• Shark Tank: That would explain it
• Shark Bait: Floundering User = ME

Like this stuff? Subscribe to the RSS feed.

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 21 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.

Previously in IT Blogwatch:

• There's more to DNS flaws than we thought
• TJX perps' huge wardriving conspiracy theory
• Lenovo's new netbook: all and sundry salivate