Saturday, August 9, 2008

iPhone expert Jonathan Zdziarski recently discovered what he thought was a remote killswitch for iPhone apps: a blacklist located at https://iphone-services.apple.com/clbl/unauthorizedApps. He thought it could be used "to disable applications that the user has already downloaded and paid for." However, Daring Fireball's John Gruber found out from a source that the list only serves to prevent malicious apps from accessing location information.

In order to test the blacklist out, I set up a DNS server on my Mac that pointed iphone-services.apple.com to my own web server. I then added the unauthorizedApps file in the clbl directory of my server. I switched the iPhone to use the DNS server on my Mac when on my WiFi network, and then tested the blacklist URL in Safari. It worked, so I tried modifying the file to block the Maps app from getting location info:

{
"Date Generated" = "2008-08-10 00:24:27 Etc/GMT";
"BlackListedApps" = {
"com.apple.Maps" = {
"Description" = "Being really bad!";
"App Name" = "Apple Google Maps";
"Date Revoked" = "2004-02-01 08:00:00 Etc/GMT";
};
};
}


When I opened the Maps app and told it to find my location, it gave me the following error message:


Otherwise, it worked normally. Once I removed the Maps app from the blacklist, it could find my location once again.

0 comments:

Post a Comment