Apple's Ability to Deactivate Malicious App Store Apps
When Apple launched the App Store, they suggested that the use of DRM'd and signed applications could allow them to protect the iPhone from malicious applications and suggested that they could deactivate such applications remotely. Jonathan Zdziarski, author of iPhone Forensics, reveals (via iPhone Atlas) the remote url that Apple is using to keep a list of the offending applications:
This url appears to keep a list of black listed apps which appears to contain a test application name. Zdziarski explains:
This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down.
I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.
Note that this is very different from just removing an application from the App Store. In case of this black listing, Apple could presumably deauthorize applications already installed on every iPhone.
While Apple has been criticized lately for the removal of a number of App Store applications without explanation, those applications continue to work for those individuals who have already purchased the application. So far that list of prominent apps simply removed from the App Store include NetShare, BoxOffice and now I Am Rich (via Alley Insider).
We suspect Apple will reserve the use of this black list remote-deactivation for truly malicious apps, but even the unilateral removal of seemingly innocuous apps from the App Store has raised some criticism of Apple's editorial process.