The iPhone is Bad at Keeping Secrets

    December 5th, 2009 Posted by: - posted under:Articles

    newton-virus-objectsqToday an article from TaranFx has been making the rounds talking about a new open source application called SpyPhone that highlights all of the “information vulnerabilities” within the current iPhone SDK. You can check out the article here:

    Everyone has probably heard of the problems some users with jailbroken iPhone have been experiencing. Without the boundaries in place from the SDK many users phones have been held by malicious applications taking advantage of the default root password. This application, unlike the others we have heard about, uses only public portions of the API to get all the info it displays. The app displays:

    1. Email Accounts
    2. Wi-Fi Networks
    3. Phone Usage Info and History
    4. Location Information
    5. Safari Searches
    6. YouTube Searches, History and Bookmarks
    7. Photos
    8. Address Book Data
    9. Keyboard Cache

    While this is a lengthy list I think it is important not to take the easy road of yelling about security, privacy or whatever else and instead really look at how the app gets all this stuff. SpyPhone’s source can be downloaded at it’s and you can see for yourself how all the magic happens. With a quick look at the source the secret to this application is discovered. The iPhone contains many folders like your Macintosh Computer. Many of these folders are familiar sounding…”Applications”, “Library”, “Root”. If you have the SDK installed on your computer you can look at these folders as the iPhone simulator uses them as well. They are located at

    ~/Library/Application Support/iPhone Simulator/User

    This is where the iPhone keeps all of your data. Going back to SpyPhone’s code, the secret is taking advantage of these folders and the files the contain. If you go a little further into your iPhone Simulator folders you will find:

    ~/Library/Application Support/iPhone Simulator/User/Library/Preferences/

    In here there are tons of com.apple.SOMETHING.plist files. These files most of the surprising data that SpyPhone is able to grab. Some of it is facilitated by other parts of the SDK (Address Book Access, Photos), but the minor personal information can be found here. He grabs the info using code such as:

    NSString *path = @"/Library/Preferences/SystemConfiguration/com.apple.wifi.plist";
     
    NSDictionary *dict = [NSDictionary dictionaryWithContentsOfFile:path];
     
    if(!dict) return;
     
    NSArray *a = [dict valueForKey:@"List of known networks"];
     
    if(!a) return;

    This line for instance would create an array with all the known networks for the phone the application is being run on. While this is a little concerning I don’t think this is anything to make a big stink out of. First off I know for a fact Apple gladly rejects applications sniffing around in here. One positive note of having Apple as an overlord is that they really do know every detail about the SDK, and are able to stop applications that abuse the SDK before they get on the store.

    But this application brings up the larger issue of the mysterious App Store Approval process. It is incredible that admission to the worlds fastest growing software marketplace is such a mystery. All the code to grab the “sensitive” information that SpyPhone can occur with the user having no knowledge, and while I am sure that Apple has ways of testing these apps and monitoring their access to these PLISTS, I could easily imagine having an application that has that ability but does not execute the ability till I know it is in the app store.

    For instance, if I had a small XML Doc online specifying whether to run the method to grab all the users information and had it set to NO for the approval process and upon getting submitted changed the XML to say YES. I could begin collecting info on all the users who launch my app and the approvers in the App Store would never have seen it. So although I think Apple has a very good handle on how to root out malware, I’m sure there could be many ways to get around it. So I come to my final question, would you rather not have apps be able to use any of this info? No photos, no addresses, no wi-fi examination applications, limited in app mail. Lots of the functions that makes the iPhone awesome are wrapped up in these “security holes”. So what do you guys think? Should Apple close off access to at least the system PLISTS or is this making mountains over mole hills?