JonathanZdziarski
Latest
Apple's latest hire proves privacy is more important than ever
If you've followed iOS security news over the years, there's a distinct chance you've heard of Jonathan Zdziarski. He isn't always flawless, but he has a knack for both finding Apple device exploits (he even worked on early jailbreaks) and conducting forensics. And Apple has heard of him too, apparently. Zdziarski has confirmed that he's joining Apple, taking up a position inside the company's Security Engineering and Architecture team. Just what he'll do when he's there isn't apparent, but he describes this as a "matter of conscience" move where he'll defend privacy with a like-minded team.
Your iPhone probably isn't calling home, just might not want you up in its Core Location
It appears we can all breathe a big sigh of relief when it comes to our iPhone apps. According to John Gruber (Daring Fireball), that suspicious looking URL discovered in firmware 2.x which appeared to be set to deactivate applications may be something slightly more innocuous. According to Gruber -- via "an informed source at Apple" -- the "clbl" in the aforementioned URL stands for "Core Location Blacklist" and is actually used to stipulate that specific pieces of software don't have access to... you guessed it... Core Location. Gruber argues that this makes sense, as the API is covered by fairly strict rules in Apple's SDK. So it looks like (at a glance) this was much ado about nothing -- thanks to a little misinterpretation by Jonathan Zdziarski -- though we are considering getting hot under the collar that Apple reserves the right to deny Core Location access. How dare they?[Thanks, Paul]
iPhone hacker says the device 'calls home' to Apple, allows apps to be remotely disabled
According to iPhone Atlas and iPhone hacker-extraordinaire Jonathan Zdziarski, Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. Apparently, the new 2.x firmware contains a URL which points to a page containing a list of "unauthorized" apps -- a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. In Jonathan's words: "This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation." Now honestly, we don't expect the folks in Cupertino to suddenly start turning off apps that you've paid for and downloaded, but if Apple is indeed monitoring iPhones or touches (even passively) for applications it doesn't want or like, it signals a problem deeper than a company simply wanting to sign-off on software for the device. Even on platforms like Symbian -- which calls for apps to be signed and traceable -- the suggestion that a process of the OS would actively monitor, report on, and possibly deactivate your device's software is unreasonable, and clearly presents an issue that the company will have to deal with sooner or later. Oh, and Apple -- we're not going to buy the "for your security" angle, so don't even bother.[Via Mac Rumors] Read - iPhone can phone home and kill apps?Read - Apple's URL with "unauthorized applications" string
