Is The iPhone App Kill Switch Really Such A Surprise?
from the this-is-Apple-we're-talking-about dept
There was a lot of fuss last week as some folks discovered a secret “kill switch” in iPhone software that allows Apple to retroactively “kill” an app that it allowed you to “buy” (but apparently, not really buy). Steve Jobs admitted over the weekend that the kill switch exists, with this gem:
“Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull.”
Irresponsible? Really? That’s why no other platform has a similar switch? Apparently, everyone else is irresponsible. The truth is more along the lines of this being a standard Steve Jobs offering, where he wants full control over how things are done — even if it means removing apps you thought you had bought.
But the question is whether this is really a surprise or even a bad thing? While some are screaming “bloody murder” (or at least asking why people aren’t screaming that), as others point out, if this is such a big deal, don’t buy the iPhone. I agree that this isn’t very smart on the part of Apple or Jobs. It certainly opens up an opportunity for competitors to point out that they don’t maintain such a closed system, but it’s hardly the end of the world. The more Apple makes decisions like this, the more likely people will be more open to alternatives that are coming to market — and that’s exactly what should happen. There’s no “bloody murder” to scream. There’s just a chance for the competition to come up with something better that doesn’t give Steve Jobs the ability to pull a lever and make apps you thought you had bought disappear.
Filed Under: competition, control, iphone, kill switch
Companies: apple
Comments on “Is The iPhone App Kill Switch Really Such A Surprise?”
Pull it... pull it... pull it
An iPhone hacker found the switch/lever, or evidence of it, and now Jobs has confirmed its existence. I suspect it will only be a matter of time before another enterprising hacker discovers how to pull it. Whether that person will be able to pull it for competing apps on a phone, all apps on a phone, or for all apps on everyone’s phone is the compelling question. Jobs must not read Techdirt or he’d be up on the many discussions on what could happen when those kind of switches are put in place.
Re: Pull it... pull it... pull it
Sarcastically speaking, no one can defeat Apple’s code and/or jeopardize “his” security. Isn’t that true? Isn’t that why people trust Mac so much. But believe me people, a computer is a computer. I’m am of the belief that they are still computers based on programming language. Nothing can’t be hacked. For instance, we (man) have the ability to put OSX on a non-Mac capable PC. If the hackers have gotten that far this “switch” will be maliciously pulled eventually, ’tis inevitable. IMHO
Re: Pull it... pull it... pull it
A hacker discovered a way to kill off applications and have them removed. Isn’t that what Apple users would refer to as a security flaw in Wondows .LOL …I agree with what you say wait until some clever hacker figures out how to use it do make iphone users lives miserable. Ahhh the rebith of the virus…or in apples case the worm.
Re: Pull it... pull it... pull it
Make two reasonable assumptions.
1. at&t has not fully patched their network for the DNS exploit. Given their size and the bureaucracy that all the big telcos are afflicted with, this is highly probable.
2. Apple has not patched or correctly patched the iPhone for the DNS exploit. Given how long Apple took and the fact they did not fix it correctly on their OS, chances are the phones are not patched. I could not find any indications on the interwebs that they have been.
What is known at this time about the ‘lever’. The iPhone calls home to a URL that is hosted by Apple. There is no encryption or authentication required to see the response the phone would receive.
Apply DNS exploit to Apple’s ‘lever’. Specify in the black list the application that provides the phone functionality, the app(s) that allow network connectivity (Cellular and WiFi), the application that allows cellular access and if possible the apps that provide the docking function.
You have effectively bricked the iPhone with the only, again based on what is known, solution is to take it back to Apple.
I am by no means a clever hacker. This is all very simple and very visible information.
Other systems may not have such a kill-switch for apps, but they’d dearly love to have one. Look at how video game companies require all developers to be licensed before they can create games for a particular system. Look at how Micro$oft wanted to build an OS around “trusted computing” which would allow them to do exactly this kind of thing.
Re: Re:
Don’t Blackberries have the ability to be remotely wiped? I’d call that one hell of a kill switch.
Re: Re:
I don’t see the jump from “everyone wants a kill switch” to “companies want their developers to be licensed.” And you talk about Microsoft, yet Microsoft *hasn’t* done it… Apple is doing it.
Re: Re: Re:
Five words for you:
Windows Malicious Software Removal Tool
Two more:
ActiveX Kill-Bits
Both of these are included in Windows Updates and will automatically download and install/run, if you let your PC auto-update.
Re: Re: Re: Re:
and neither are a kill switch?
Refunds and liability
If Jobs/Apple ever pulls that lever they darn well better be prepared to refund every last cent I put into the application they’re pulling it on. I don’t care if it’s a spyware/malware/virus/trojan laden beasty that could’ve trashed my phone I will demand to be reimbursed. On the other hand, now that I know they have that capability I will also be demanding that Apple is held liable should they fail to disable a spyware/malware/virus/trojan laden beasty that they discover.
Sorry Stevie boy, that lever’s gonna come back to haunt you. Darned if you and darned if you don’t.
Re: Refunds and liability
…I will demand to be reimbursed.
You can demand all you want while Apple just basically tells you to go pound sand.
“Sorry Stevie boy, that lever’s gonna come back to haunt you. Darned if you and darned if you don’t.“
You DO realize your EULA likes absolves any lawsuits you might have long before the fact, right?
–=-=-=-=-=—
Anyway, how long do you think it’ll be till somebody throws together a “kill-switch proof my phone” app?
Re: Kill Switch
Now if someone could do that so easily…wouldn’t that indicate that the mac OS used on the iphone isn’t very secure? Anyway I gave up with the iphone. It was cool and fun but while it lasted…but after having three replaced in 8 months …it was time to go back to my blackberry…ahhh reliability. IT JUST WORKS….now where have I heard that before.
Better than nothing...
AT&T wouldn’t be happy if iPhones brought down their network and Apple had no way to pull the plug.
Most cell phones that I have had had very limited apps available for the simple reason that the carrier wanted to sign off (and profit off) of everything that is on their network.
Sucks, but that is the way it has been. I am glad it is getting better, even if it is getting better on a trapdoor.
Re: Better than nothing...
AT&T wouldn’t be happy if iPhones brought down their network and Apple had no way to pull the plug.
The way phone cell phone networks work AT&T can ban any phone it wants to from it’s network. It doesn’t need any help from Apple or any kind of kill-switch to do that.
Apple needing the kill switch...
Since Apple has taken it upon itself to dictate what software may or may not get onto the iPhone, I think that they may actually NEED to have that kill switch! They’ve bascially set themselves up as the arbiter of what can run on iPhones, and thus effectively set themselves up as the cop of the iPhone application world. No matter what the EULA on the apps or the phone says, if they approve the app, and it does something bad, they are GOING to get sued (because they SAID the app was OK).
The kill switch at least gives them the opportunity to limit the damage by being able to remove said app pretty much everywhere, all at once (at least in theory).
In the real world, of course, the kill switch is going to be mis-appropriated either by a third-party, or it will be mis-used by Apple itself.
Really, the safest course would have been if Apple had NOT set themselves up as the arbiter of what can and can not run on the iPhone.
For me? No iPhone. Too many strings that lead to Cupertino.
> if this is such a big deal, don’t buy the iPhone. I
Sure. Just try saying that when they all have a kill switch.
There is a lot to this story that impacts on the way people view the iPhone and Apple. It should not have taken a hacker discovering this “kill switch” for them to admit to it. The very idea that a company sells a product to consumers and retains the power to destroy (or even limit) that product’s utility is something that consumers should absolutely not accept.
Now that corporations are increasingly holding the reins of power in sovereign nations, it is time to establish a set of ground rules for what sort of behavior is acceptable and what is not. We have to fight this battle on many fronts. There is the record and movie industry that tries to establish a new type of ownership for the products they sell. You can no longer do what you wish with an album, with a DVD, with a computer (see:Vista), with software, even after you have bought and paid for that product.
The fact that any consumers would accept this and actually buy an iPhone (or Vista, or a DVD, or…) is testament to the overarching power of the consumerist doctrine that is ruining the world.
Apple follows Microsoft
Actually, the Windows Mobile Smartphone platform was launched with the intent that all code running on it must be signed and that each application signature must be generated from a digital certificate that is used only once so that a Certificate Revocation List (CRL) can serve as the input to a OTA WAP system that could disable intentionally rogue or stupidly defective software that either cost user data charges, network latency, or privacy issues.
This ability in the 2002 Smartphone platform was launched in the Orange SPV and within 3 weeks there was a vulcan nerve pinch procedure posted on MoDaCo that would make the device accept unsigned code. Needless to say, most carriers from that point on had little interest in operating locked down Smartphones.
Those of us closer to the Microsoft Smartphone enjoy watching history repeat itself with the younger generation.
BAD BAD STEVE
This is horrible thing that Apple, no Steve Jobs has done this to his iPhone buying customers. I am sure now that TechDirt has enlightened the world that Apple’s iPhone sales will fall to next to nothing. That will teach them.
Or maybe the sales won’t fall. Maybe those outside of The geek circles really don’t care. Until the kill switch impacts them, why worry about it?
Something tells me Apple engineering knows the kill switch has the potential of being misused (do you really think those guys aren’t as smart as the average techdirt reader?) I have to believe these guys have contingency plans.
Re: BAD BAD STEVE
>Something tells me Apple engineering knows the kill switch has the potential of being misused (do you really think those guys aren’t as smart as the average techdirt reader?) I have to believe these guys have contingency plans.
Do you really think the programmers at Microsoft aren’t as smart as the average techdirt reader? How many thousands of errors and bad decisions went into the various incarnations of Windows?
Do you really think that developers are never overuled by marketing, accounting, legal, and management who have orders of magnitude less technical grasp of the problems and implications than they do?
Contingency plans? Why, there’s no danger – security by obscurity protects them doesn’t it? Think that MOST companies don’t believe in this despite DAILY examples that it doesn’t work?
It can actually be used in a very smart manner for Apple…For example if four morons accidently baught a $999 app that did nothing, and complained and wanted a refund, this switch could be used to block the app from being used, and give a refund, if apple so desired.
Re: Re:
But you don’t need a kill switch to offer a refund. And if you need a way to verify the app is gone before issuing the refund, that action should be initiated by the user, not the manufacturer.
An iPhone hacker found the switch/lever, or evidence of it, and now Jobs has confirmed its existence. I suspect it will only be a matter of time before another enterprising hacker discovers how to pull it.
Yep, good point.
nope
>You DO realize your EULA likes absolves any lawsuits you might have long before the fact, right?
You DO realize that EULAs haven’t faced any significant tests in court, right? Or that contracts won’t necessarily get you out of gross negligence claims, right?
Re: nope
and dont forget a EULA is not a contract, its not even close to fitting the definition of a contract . . .
Reason 4892 not to buy an iphone. Handjobs may think he is the only one with access to that switch, for now. Would a hacker call this a target rich environment?
Just don't buy one?
How does the advice to just not buy an iPhone help those who already have one and were not informed of this before they bought one. If I bought a Dell and then later learned that Dell had snuck in the ability to delete my programs without my permission I would have every right to demand and get a full refund. Not disclosing a deliberate mechanism designed to do harm to the user is fraud.
“That’s why no other platform has a similar switch?”
Good thing you added a question mark there, because a better statement would be that no other platform has a similar switch… AS FAR AS YOU KNOW. I’d say that the odds are good that Symbian and Windows Mobile (or any other plaform that accepts third party applications) has similar safeguards.
Of course now, thanks to all of the publicity, hackers know about it, and will attempt to develop work arounds. Thanks guys.
Re: Re:
Do have something to back that up or are you just making stuff up?
Oh, and I notice how you’re trying to spin this as a “safeguard”. Try being a little less of a tool.
Re: Re:
“Of course now, thanks to all of the publicity, hackers know about it, and will attempt to develop work arounds. Thanks guys.”
Yeah sticking your head in the sand leads to much better security. Shhhh everyone be quite so no one will ever realise you can exploit a buffer overflow in unmanaged code . . .
Not worried
All you need to do is add
127.0.0.1 iphone-services.apple.com
to your /etc/hosts file.
Remember, it is a FreeBSD-based machine. 🙂
Re: Not worried
All you need to do is add
127.0.0.1 iphone-services.apple.com
to your /etc/hosts file.
Do you have any idea how easy it would be for Apple to get around that?
Big Brother
Big Brother will be watching us! Exciting day to be in mobile technology with this story and Google Android rumors.
http://kreuzer33.wordpress.com/2008/08/13/steve-jobs-confirms-iphone-kill-switch/
To everyone bitching about how this smacks of big brother, please defend the fact that Firefox contains a similar kill switch to disable rogue extensions…
recriminations; the hidey hole of the obtuse
Who cares what firefox does. (Which can be overridden by the user btw)
This issue is Apple’s desire to “have it’s cake and eat it too”. The kill switch just demonstrates the lack of openness of Apple and provides yet another unnecessary failure point/attack vector, while simultaneously providing end users no benefit what so ever.
I wonder if the kill switch has a kill switch…so if some rogue program learns how to invoke the kill switch, the kill switch can be killed.
Rediculous
I laugh more and more at how draconian and retarted the iPhone is and the sheeple who buy it. More to come on the “you will do what they permit” front… just you wait.
Re: Rediculous
Retarted? Really? YDMF
My concern isn’t with Apple creating a blacklist of rouge apps but flipping it to a whitelist. They could potentially limit your device to applications they approve. I don’t like the idea of any corporation retaining control over the use of hardware I purchased.
You've been Steved!
1) Apple is a corporation. Corporations exist for the profit of themselves. If a consumer happens to benefit – the consumer got lucky.
2) Steve has a history of ‘positive’ interactions with customers. Apple ][ forever, ‘the newton is an important part of our product line (said 3 days after the cancellation at an education trade show by Apple staffers), Any machine sold by Apple today will run OS X (the 20tha Annv. Mac sold then did not)
So just keep thinking Apple is special, somehow better than, say Microsoft.
I’ll be waiting for you to come to your senses – over here. With Open Source based software.
Apple has always been . . .
The “secretive”, “closed” player in the technology business. The genius of Apple is they have managed to stay so scarily sercretive and sneaky operation, while simultaneously painting themselves as some “free spirited”, “for the people” company. The genius of Apple as many have said before, has nothing to do with technology and everything to do with marketing.
From a Mac Owner
The Apple geeks don’t care what Jobs does. Apple is seen as infallible.
If Microsoft were to pull a stunt like this, people would be smashing their phones in the streets, but it’s Apple, so it’s OK.
Re: From a Mac Owner
If Microsoft had done this, there would be congressional hearings being announced already.
Re: From a Mac Owner
Thing is that Microsoft doesn’t make it’s own phone gear complete with obsessive secrecy, Apple does.
This isn’t to say that the Windows mobile platform is free of such things or that it even works particuarly well just that no one has stumbled across a kill switch yet. I’d be shocked if there wasn’t one, though.
Still the iPhone is all about bling and how much people will pay for it.
ttfn
John
Simplistic Advice
> if this is such a big deal, don’t buy the iPhone.
Seems like a rather simplistic approach to the problem. After all, what if you’re one of the millions of people who has ALREADY bought an iPhone with no knowledge that Apple built in the ability to turn your stuff off at its whim.
The company is justifying this with an all-too-typical “for your own good” argument, claiming that if an app were to slip through that turned out to be malicious, there needs to be a remedy. Well, my calendars, contacts, personal info and data are all just as vulnerable on my desktop Mac as they are on my phone. Does Apple think it has the right to remotely control my home computer without my consent also? Would anyone stand for that for even a minute?
It’s ironic that the company that made its name with an ad highlighting the perils of “1984” is rapidly turning into Bog Brother right before our eyes.
Re: Simplistic Advice
Isn’t it funny how companies try to portray themselves as being the opposite of what they really are? Even funnier are the people who swallow it.
I remember being in college when the original Macintosh computer was announced. The Apple reps came to campus trying to convince students to pre-purchase them and had a question and answer session with a lecture hall full of us. One of the questions asked of the reps was if the Macintosh would be an open platform the way the IBM PC was and the reps assured us all that it would be completely open in every way. That turned out to just be another great big lie from Apple and convinced me to stay away from their products. Yet, some people continue to believe anything Apple tells them.
buncha kno nothin's bitchin and moanin
guaron-tee you the FBI/NSA and MS have got backdoors in XP and Vista. I’ve got FOURTEEN PAGES of apps on my iPhone and haven’t spent a DIME on them. 30% are CRAP, but who cares, they were free and doesn’t cost me 20 seconds to delete them.
While you’re waiting around for Android, and thinking you have a really cool crackberry, the iPhone ROCKS and your penis is just plain tiny.
I am a 25 year tech support guy, and I appreciate the fact that Apple designed a way to kill an app that a developer has hidden a trojan, or delayed payload in. I WANT them to respond.
To those who are bitchin and moanin about suing them if they kill an app you pay for… do ya really think (are you that stoopid?) that Apple’s gonna kill a legitimate app?
If you don’t like Apple’s (quality) control, go play with your knoppix or mandriva to your heart’s content. But quit wastin’ MY time with your inane drivel. Go give your employer their money’s worth instead of spending your day trollin tech forums.
Re: buncha kno nothin's bitchin and moanin
“While you’re waiting around for Android, and thinking you have a really cool crackberry, the iPhone ROCKS and your penis is just plain tiny.”
Spoken like a true iBling sportin iPhone owner . . . LMAO
ScrewU is the only one here that makes sense.
Seems like most people on here are just windblows zombies looking for more BS to complain about Apple. Bill’s little group of worshipers.
How many of you were told that Windows phones home to verify that you didn’t borrow it before you bought it? Who knows what else it does?
“Apple’s genius is in marketing”? You guys wouldn’t have squat if it wasn’t for Apple’s genius. Windows began as a poorly implemented version of the Mac OS. Every good feature that is added to Windows is a poorly implemented vesion of a feature that Apple came up with. Billy has never come up with an original though in his life. He stole DOS and he’s been stealing ever since.
I’m on my 2nd iphone by choice. My original battered and abused iPhone still works. So anybody who went through 3 iPhones in 8 months is an idiot.
“There’s no encryption or verification”? I didn’t see that part. Could you please post a link?
You guys think you’re gonna hack Apple’s server and take our iphones down? Let’s see it.
Yes, Really
Irresponsible? Really? That’s why no other platform has a similar switch? Apparently, everyone else is irresponsible.
The spam smothering your inbox, the need for more and more sophisticated filters, and the rampant virus, trojan and malware industry is painfully obvious evidence, that, yes indeedy, everyone else is irresponsible. And the blame is squarely on Microsoft’s shoulders as well as the malware creators Microsoft has enabled with it’s criminal disregard for security.
Re: Yes, Really
My BSD and Linux systems don’t have kill switches. Just how does the spam in your mailbox prove that I’m “irresponsible”? Maybe you need to learn to take some personal responsibility instead of trying to blame your problems on me.
Re: Yes, Really
“The spam smothering your inbox, the need for more and more sophisticated filters, and the rampant virus, trojan and malware industry is painfully obvious evidence, that, yes indeedy, everyone else is irresponsible. And the blame is squarely on Microsoft’s shoulders as well as the malware creators Microsoft has enabled with it’s criminal disregard for security.”
Maybe you want Microsoft or Apple to “play daddy” and protect you from the “mean ole world”, but not all of us do. I also dare to say that MOST of us, dont want things like this “snuck” into our devices without any disclosure.
If Apple wanted to market a “more secure” product, they could have done that and given the consumers the knowlege they need to make an informed choice. Apple instead chose to keep this wonderful security feature . . . secret?
Both of these are included in Windows Updates and will automatically download and install/run, if you let your PC auto-update.
Control Panel, Administrative Services, Services – Stop and disable Automatic Updates.
That is no longer a possibility.
See – you mentioned the key part of that; “if you let your PC auto-update” the significant difference is that in all these cases used to ‘justify’ Apple’s position on this – the user has ultimate control.
That’s not the case with the iPwnU – errr iPhone 🙂
You MS losers only see what you want to
When MS told you guys about the improved security in Vista he didn’t tell you that the security was to protect his rich buddies from you. Can’t watch or listen to what you want to on the computer that you paid for? Did they tell you about this?
http://www.pcworld.com/article/135814/vista_prevents_users_from_playing_highdef_content.html
You can’t decide what security software you can run on the computer that you own? Microsoft has decided that they will decide what security software you can use on your computer. Did they tell you about this?
https://forums.symantec.com/syment/blog/article?message.uid=305835
You guys all say that you don’t have a kill switch. How many of you are familiar with and understand every bit of code that Windows installs on your computers? There could be all kinds of BS that Billy-Boy has stashed among the millions of lines of code? Not to mention that they can put stuff in there that you can’t see. MS has some really good engineers. You don’t think that they could hide something that takes a long time to find? It’s a lot easier with the compact OS on the iPhone.
Besides, I read an article (I’ll have to track it down) that said that Steve Jobs publicly “alluded” to the existance of the kill switch. long before it came out. I believe it was in March but I can’t say for sure.
You guys go ahead and continue in LaLa land believing that MS isn’t pulling anything behind your backs or hiding anything from you. We’ll see where that goes.