The Great App Blacklist Debate
Jonathan Zdziarski has found what he believes to be a "call home" URL that the blogsphere has been reporting could/will be used to tell iPhone's (and related Mobile OS X devices) to revoke the certificate of an application, blacklisting -- effectively killing -- it even if it has already been bought and paid for by the end user.
Huhbuwhathe#$%? Zdziarkski explains what he found during a forensic analysis of an iPhone 3G, specifically CoreLocation.
Read about that, the replies, and the whole sordid after the jump!
[https://iphone-services.apple.com/clbl/unauthorizedApps] suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down.
Gruber rightly points out that this is more likely a way to block applications from using CoreLocation (i.e. from knowing where you are via GPS tracking), rather than to disable them entirely. Location Services come bundled with all manner of privacy concerns and therefore SDK limitations.
However, the discussion about total revocation is certainly understandable, as it's been widely known since the SDK launch that Apple would be using signing certificates in order to hold developers responsible for their code and to lock down their system against, for example, the malware threats that exist on desktop environments.
Many people -- developers and end users included -- have an intense, almost visceral reaction to this amount of power and control, especially when it feels so intrusive and appears not only to be unchecked by any independent and accountable source, but when the very terms and conditions of its deployment remain -- in typical Apple fashion -- completely opaque to everyone outside the gates of Cupertino.
Apple will kill a virus. Great. But would they secretly kill a iPod-competing music app? A carrier frowned-upon NetShare?
With NetShare as a current example, Apple has removed it from the App Store, but people who have already bought it can (and presumably will) still use it. What if Apple had iPhone's "phone home" and remotely disable NetShare because it violates their carrier partners' anti-tethering policies?
Certainly, Apple built the platform and the store, just like with game consoles/appliances like the Wii or PS3, they are perfectly within their rights to sell -- or not sell -- any application they wish. In the real world, for example, a t-shirt store can choose to stock -- or not stock -- any t-shirt they like. And if, for example, it was later found that a particular t-shirt manufacturer had put toxic substances in the material, the t-shirt store could announce some kind of recall. But what if the t-shirt store could come find you, wherever you are, and snatch the t-shirt back even while you were still wearing it? Maybe that would be a good thing, since the t-shirt was toxic. They would be protecting their customers.
Likewise, if the iPhone becomes as beset by the spyware, viruses, trojans, bots, sniffers, etc. that earlier versions of Windows have suffered, what with carrying all our personal information and -- in the case of the iPhone 3G -- knowing not only who we are but where we are thanks to the built-in GPS, well -- Apple being able to revoke a rogue application would benefit users.
But, going back to the t-shirt analogy, what if the store came and repossessed your t-shirt just because they didn't like the logo anymore, or the color was now being used by a competitor? Or what if they snatched your t-shirt back without even giving you any reason at all?
And here we return to the almost cliched security vs. liberty vs. convenience debate. The tighter the platform is locked down, the less freedom users have to use it as they wish, but perhaps most interestingly, many users won't know or even care as long as they aren't inconvenienced by either security or freedom. Make it more annoying (i.e. Vista's UAC, which is a security boon for that platform), and users will gripe. Make it harder to set up (i.e. source-code you build yourself, any way you like) and users will stay away from it. Apple's implementation is so particularly frightening because they are masters of making security invisible and setup almost instinctive. With this types of convenience, users really might not know and really not care.
Until they're told about it, that is.
See, that's the thing. When Microsoft pushed undisclosed changes down for Windows Update, there was an uproar, as there was to a lesser extent when they forcibly removed their own Java VM after a rights dispute with Sun. When Apple obscured Safari into the Software Update for the Windows version of iTunes, the blogsphere erupted, as some did as well when they added a MobileMe pane to Control Panel. When MSN and Yahoo! Music, and MLB, and Google Video, announced their intentions to change or shut down their DRM authentication servers -- abandoning users who legally bought and paid for music -- protests were loud enough to get the mega-corps offering replacements, extensions, and even refunds. Further evidence? Real Media. Who? Exactly.
And that's the ultimate check and balance. Any company -- Apple included -- enjoys only a finite amount of consumer and media goodwill and confidence. Abuse up to 100% of it at your peril. Abuse 101% of it at your detriment. Terminal detriment.
Not sure? The MobileMe debacle got Apple to blog. Apple. Consumer outcry got Rogers in Canada to release something approaching fair and reasonable data rates. The above mentioned dirty deeds were discovered, discussed, and in many cases, derailed through the combination of media scrutiny and public outrage.
Apple has every right to legally control their platform, and even remove it from the market entirely if they choose. And the media and consumers have every right to protest it, demand change, and as a final resort, vote with our wallets and not give them our money if their products and policies don't measure up to our standards.
So, am I worried about the blacklist? Not yet. I'll give Apple the benefit of the doubt. I'll believe -- for now -- that they'd only use it to revoke malware that somehow became "zero day" in the "wild" through the App Store. But I reserve the right to jump all up and down on them if they abuse that trust. And in the end, not even Steve Jobs will ever be able to revoke my ability to throw my iPhone into the river if it ever comes to that.