Apple Can Disable iPhone Apps Remotely?



I saw an article on Engadget indicating that Apple may have the ability to remotely disable iPhone applications.  I saw a similar article on MacRumors a couple of days ago.

We have done some development for mobile devices in the past – specifically with Windows Mobile.  One of the big issues we saw with organizations trying to deploy Windows Mobile applications is that they were caught in a “dead zone” between the software platform provider (Microsoft), the device maker (Samsung, HTC, etc) and the network provider (T-Mobile, AT&T, etc).  Whenever anything went wrong everyone could just point at other providers in the chain and act like nothing was their fault.

One of the interesting things about Apple iPhone is that these three components are all provided the same way for everyone (in the US at least).  Apple provides the software and hardware, and AT&T provides the network.  That is good for application developers because it makes it more reasonable to expect that your applications are going to work the same wherever you deploy them.  Same hardware.  Same software platform.  Same network.

However another issue we had developing enterprise Windows Mobile applications was that the enterprise management tools were still developing – it was tricky to automatically provision and de-provision devices, applications, settings, etc.  It looks like iPhone applications can be automatically de-provisioned – the only problem is that Apple is the organization pulling the strings rather than an enterprise’s IT department.

To paraphrase and somewhat mangle the words of Bruce Schneier: “When people say ‘security’ what they really mean is ‘control.'”

Contact us for more information about building security in to your iPhone applications.

dan _at_

About Dan Cornell

Dan Cornell has over fifteen years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader. Dan has speaks at such international conferences as RSA, ROOTs in Norway and OWASP AppSec EU.

Leave a reply