iPhone includes app 'kill switch,' Jobs admits

"Kill switch" can remotely disable potentially malicious applications downloaded to any iPhone.

Apple's CEO Steve Jobs Monday confirmed that the company has a "kill switch" it can flip to remotely disable potentially malicious applications that have been downloaded to any iPhone.

In a story published Monday morning by the Wall Street Journal (subscription required), Jobs acknowledged that Apple could cripple applications previously downloaded to iPhone and iPod touch devices.

The so-called "kill switch" is necessary, Jobs argued, as a last-ditch option if a malicious application slipped through Apple's checks and made it onto the App Store. "Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull," Jobs told the newspaper.

Apple controls which applications appear on its App Store.

Discussion of the switch started last week when Jonathan Zdziarski, a security researcher and author of a pair of books about iPhone development, said he had found a line in the phone's operating system that pointed to a URL. The link, said Zdziarski, led to a page that appeared to be an embryonic blacklist.

The URL, which points to an Apple server, currently contains only placeholder data.

Later, Zdziarski updated his site with more information. "With a little DNS spoofing, I fed my own list into the iPhone and effectively killed (by name) applications that attempt to use the GPS. It looks like that's all it's set to do right now, but I may just not have found the 'vaporize' switch," he said last Thursday.

"Either it is an anti-malware solution, and [the iPhone] has a switch somewhere to vaporize any app, or it's not an anti-malware solution and is really designed to kill applications that interfere with Apple's business model, such as unsanctioned traffic navigation software," he added.

Monday, after the Wall Street Journal story appeared, Zdziarski speculated that the URL he'd uncovered might only feed the actual "kill switch," hidden elsewhere in the OS. "Unless, for some reason, they decided to build two separate mechanisms into the iPhone to do this, of which the other one is invisible, this one likely feeds a 'master' kill switch. Perhaps there is a special setting in the configuration file which can vaporize the app all together," he said.

"It speaks poorly to the device," argued Andrew Storms, director of security operations at nCircle Network Security Inc. "You should never have been in that situation to begin with, and again brings up the question, 'Is the iPhone really an enterprise device?"

A kill switch should be included in the iPhone's administrative tools, not set by Apple through a URL, Storms said. IT staff can, for instance, remotely disable applications on a company-managed Research In Motion Ltd. BlackBerry.

"But from a consumer perspective, this is probably welcome," added Storms, though he wondered, as have many others, why Apple shouldn't be expected to sniff out malicious intent before it grants approval to an application and adds it to the App Store.

"On the other hand, how did the 'I Am Rich' app get through?" Storms asked, referring to an application that appeared briefly on the App Store last week before Apple yanked the US$999 program. I Am Rich, which was reportedly purchased by a handful of users, had no function other than to display a ruby-like icon on the home screen of the iPhone.

Also Monday, Jobs said that the App Store had sold an average of US$1 million worth of software a day in its first 30 days of operation. If sales keep to that pace, Apple would rake in more than US$360 million in new revenue over a year, 30 percent of which it would keep for operating the online market. The remaining 70 percent would be distributed to software authors.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?