It seems the iPhone software hides a mechanism that could allow the company to remotely deactivate rogue applications, a security researcher said.
Jonathan Zdziarksi’s iPhone Open Application Development indicates that the CoreLocation framework in the iPhone 2.0 (as well as the updated iPod touch firmware) points to a secure website that appears to contain placeholder code for a list of “unauthorized” apps.
“This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down.
“I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.”
However, since the iPhone SDK requires that each app that is made available through the App Store be signed by a security certificate (issued by Apple and unique to each developer), Apple could also disable apps by revoking a developer’s security certificate.
No applications appear to have been blacklisted at this point.