Apple Addresses iOS 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services [Updated]

apple_security_iconEarlier this week, forensic expert Jonathan Zdziarski attracted attention for his disclosures of what appeared to be "backdoors" in iOS that could allow for covert data collection of users' information from their devices. While Apple issued a statement denying that anything nefarious was involved, the company has now posted a new support document (via Cabel Sasser) offering a limited description of the three services highlighted in Zdziarski's talk.

Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.

The three processes include:

- com.apple.mobile.pcapd: Diagnostic packet capture to a trusted computer, used for diagnosing app issues and enterprise VPN connection problems.

- com.apple.mobile.file_relay: Used on internal devices and can be accessed (with user permission) by AppleCare for diagnostic purposes on the user's device.

- com.apple.mobile.house_arrest: Used by iTunes for document transfer and by Xcode during app development and testing.

Security experts will undoubtedly have additional questions about just how these services work and whether there are better and more secure ways of accomplishing the tasks they handle. At the very least, however, today's disclosure demonstrates a willingness by Apple to share information about the legitimate need for these services and should help quell unsupported speculation that Apple has worked with security agencies to implement these tools to allow for covert surveillance.

Update July 23, 9:52 AM: Zdziarski has responded [Google cache] to Apple's posting of the support document, acknowledging the disclosures but arguing that Apple is downplaying the power of these services.

I give Apple credit for acknowledging these services, and at least trying to give an answer to people who want to know why these services are there – prior to this, there was no documentation about file relay whatsoever, or its 44 data services to copy off personal data. They appear to be misleading about its capabilities, however, in downplaying them, and this concerns me. I wonder if the higher ups at Apple really are aware of how much non-diagnostic personal information it copies out, wirelessly, bypassing backup encryption. All the while that Apple is downplaying it, I suspect they’ll also quietly fix many of the issues I’ve raised in future versions. At least I hope so. It would be wildly irresponsible for Apple not to address these issues, especially now that the public knows about them.

Zdziarski also emphasizes that he has never suggested Apple is involved in a conspiracy to open up these services for surveillance - only that they could be used by those seeking to access such data.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Popular Stories

iOS 18 Mock iPhone 16 Feature Gray

Revealed: iOS 18 Works With These iPhone Models

Monday June 10, 2024 3:57 am PDT by
iOS 18 will be compatible with the same iPhone models as iOS 17, according to a post on X today from a private account with a proven track record of sharing build numbers for upcoming iOS updates. iOS 18 will be compatible with the iPhone XR, and hence also the iPhone XS and iPhone XS Max models with the same A12 Bionic chip, but older iPhone models will miss out. Here is the full...
ios 18 tile summary

Apple Announces iOS 18 With New Customization Features, Redesigned Photos App, and More

Monday June 10, 2024 10:17 am PDT by
Apple today previewed iOS 18, the next major update to the operating system for the iPhone, with new customization features, a redesigned Photos app, and more. iOS 18 features new customization tools for the Home Screen. App icons now feature Dark Mode and users can tint them with a color to create a unique look. Apps can also now be placed anywhere on the Home Screen freely. The Control...
WWDC24 Live Coverage Article

WWDC 2024 Apple Event Live Keynote Coverage: iOS 18, Apple's AI Push, and More

Monday June 10, 2024 9:20 am PDT by
Apple's Worldwide Developers Conference (WWDC) starts today with the traditional keynote kicking things off at 10:00 a.m. Pacific Time. MacRumors is on hand for the event and we'll be sharing details and our thoughts throughout the day. We're expecting to see a number of software-related announcements with a focus on Apple's efforts to infuse AI throughout its operating systems and apps....
iOS 18 Siri Integrated Feature

Massive iPhone Upgrade Coming This Week But These Devices Will Miss Out

Sunday June 9, 2024 1:25 pm PDT by
Apple is planning a major AI overhaul in iOS 18, with a feature set it is referring to as "Apple Intelligence." However, these new features will not work on older iPhones, even if they do appear on the new operating system's device compatibility list. Apple's initial AI roadmap for iOS 18 is said to come in two parts: Basic AI features that will be processed on-device, and more advanced...
ios 18 button bulge

iOS 18 Adds Pop-Out Bezel Animation When Pressing iPhone Buttons

Tuesday June 11, 2024 10:40 am PDT by
iOS 18 includes a small but interesting change for the buttons on the iPhone, adding more of a visual element when changing volume, activating the Action button, or locking the screen. When you press an iPhone button in iOS 18, the display bezel bulges outward slightly. This feature is available for the volume buttons, Action button and the power button, and it will also likely be used for...
Next Gen CarPlay WWDC24 1

Apple Provides Updated Look at Next-Generation CarPlay at WWDC 2024

Monday June 10, 2024 7:11 pm PDT by
Apple today shared a few WWDC 2024 coding sessions related to its upcoming next-generation CarPlay system ahead of its launch later this year. The sessions include lots of updated next-generation CarPlay images, with one revealing new Vehicle, Media, and Climate apps in action for the first time. MacRumors previously discovered evidence of these apps in the iOS 17.4 beta. Next-generation...
iPad Air 5

New: iPadOS 18 Drops Support for These iPad Models

Monday June 10, 2024 4:16 am PDT by
iPadOS 18 will drop support for iPad models equipped with the A10X Fusion chip, according to a post on X today from a private account with a proven track record of sharing build numbers for upcoming iOS and iPadOS updates. In other words, iPadOS 18 will drop support for the 10.5-inch iPad Pro and the second-generation 12.9-inch iPad Pro. Support for the sixth-generation iPad, which uses the...

Top Rated Comments

cdmoore74 Avatar
129 months ago
How does this title sound?

Google Addresses Android 'Backdoor' Concerns by Outlining Legitimate Uses for Targeted Services

If you mood changes from positive to negative then you know your a Apple fanboy. ;)
Score: 19 Votes (Like | Disagree)
cdmoore74 Avatar
129 months ago
Call me an Apple fanboy or whatever, But I 100% trust Apple.

I know Steve Jobs cared 100% about this company. The man stopped working only when it was physically impossible for him to go to work. I heard he even was talking about the iPhone 5 a day before he died to Tim Cook.

I know I know I shouldn't compare Steve to Tim. But I also believe Tim cares just as much as Steve did about Apple. They are honest and truly care about its products.

Im lovin there transparency to prove these Apple bashers wrong!

:apple:

Never trust anything 100%. I don't even trust my wife 100% of the time. Hell, I don't trust myself 100% of the time. :D
Score: 19 Votes (Like | Disagree)
BigBeast Avatar
129 months ago
[...]these are still three security holes[...]
I don't think that means what you think it means.
Score: 15 Votes (Like | Disagree)
lewisd25 Avatar
129 months ago
Any service with the name "house_arrest" raises some red flags.
Score: 13 Votes (Like | Disagree)
MikhailT Avatar
129 months ago
Great first steps, now one more step is to allow the user to opt out on all diagnostic information. One of the problems with _Don't send info to Apple_ is that while it is disabling the sharing of information to Apple, it does not prevent those services from recording the information in the first place. That means your iOS device is still hoarding all sorts of personal information without your knowledge and consent, even though you're not sharing it with Apple. The info can be retrieved illegally and/or with legit forensic tools.

So, Apple needs to step up there and have a simple option to disable all diagnostic information, period. I don't care about legitimate users for these services, they're not required and they're storing information I don't want iOS to store in the first place that's not encrypted with my passcode.
Score: 13 Votes (Like | Disagree)
realeric Avatar
129 months ago
I believe Apple.
Score: 12 Votes (Like | Disagree)