Results 1 to 6 of 6

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: [Privacy Topic] Blocking your App(s) to Phone Home

  1. #1
    Smile [Privacy Topic] Blocking App(s) to "Phone Home" - Security/Privacy
    Hi guys,

    1st Topic !

    Firstly, I'd like to thanks all good things we can get from this site for nice Themes, good advises & so on...

    Secondly, I would like to share with you all concerns for everyone about how the iPhone Devs trying to collect any information when you run their Software.

    BTW,I want to clear up the purposes of my post : No way to talk about crack, patch, reversing etc...

    So, more & more devs (like in Music/Movies Market) think that their OWN security could be compromised, and they use server-based for some so-called "security" purpose & consequently, collect the more information off you they can off your iPhone.

    So from now on, it's our OWN security which is compromised. I just want point out the example of the PC/Mac Market.

    I own different Macs on which I installed freeware, donationware, license paid softwares as well (not serialized or cracked since it's against my personal rules).

    Some of them are very well-coded, no "Trojans" and very professional (from Apple's for instance).

    But => the iPhone market is completely different !

    We can see coming more & more devs (check some dicussion on some related iPhone SDK boards btw ) who want to know where and who are using their app; Do you care ? I do. My privacy first, their lack of knowledge about how to protect their software, there're good books about it & well famous High School for that.

    There are already some applications on Macos X => Glimmer Blocker , and this one :

    Little Snitch

    When you check out how many outbound connections endeavors from installed apps (on each ports, protocols, TCP/UDP whatsoever), discreetly trying to "call home": Just unbelievable. And not for updates purposes only, believe me ! In my case, these apps are straight removed from my systems.

    LS Link

    When it's been released, I even payed & supported for the dev from the begining.

    Karl (Objective Development) has confirmed to work on the iPhone OS . Technically it's OK as he confirmedit in a mail. Hope it's been released b/c I know this is the only Unix tools with GUI
    we all need to block theses crappy apps ( its my humble opinion, OK? ).

    So in a Nutshell (!) , here's my rough idea to fight it back since it's a general discussion & a bit sensitive :

    1/ I basically know what an UDID faker (sorry it's the term coming to my mind ) would have to do:

    1/ it would have to be a MobileSubstrate app with a simple gui (to enter/generate a fake udid; enable/disable the function for different apps would be best (like toggles).

    2/it would have to run in the background and intercept any call for [UIDevice currentDevice].uniqueIdentifier and reply with the fake UDID.

    3/ There is already a faker for a iPhone's serial number but I get the source code so all it would need to extend it for UDID. but my lack of deep knowledge about coding in Obj-C and lack of time, I can't do it atm.

    IMHO, A UDID faker will solve may current and future problems with web based app and it would be a real win for ALL the legit iPhone users.

    OK! I do apologize for this very long & first post !

    Of course, any inputs are welcomed or negatives/positives suggestions about this. Note that I'm not an native English speaking, so please take this into consideration this as well.

    Thanks in advance everyone

    Macfreak
    Last edited by macfr3ak; 2009-04-10 at 01:21 AM.
    MacPro Macos X 10.5.6 -Debian 5.0.0 - windoze64 ( FPS games only ) - 30" Cinema Display - iPhone 3G 16Go -ProTools HD 8 - BroadBand Asymetric ADSL 20 Meg - MacosX Developer Select

  2. #2
    What the hell are u talking about?

  3. #3

  4. #4
    Livin the iPhone Life
    Join Date
    Aug 2008
    Location
    New York
    Posts
    1,024
    Thanks
    3
    Thanked 78 Times in 63 Posts

    Interesting idea but its a SDK function that they are using. I hate this idea that apps can access your UDID and send it to any website but You yonly would be able to stop this by trapping when the program actually makes the call.

    Another solution would be find the value in the phone and at launch, null the value so it sends no value.

    First step would find out where exactly that call gets the UDID from.

    This is a jailbreak app I would consider working on becuase the UDID is important and I personally don't want it online.
    Last edited by boxxa; 2009-04-09 at 08:46 PM.

  5. The Following User Says Thank You to boxxa For This Useful Post:

    macfr3ak (2009-04-09)

  6. #5
    Thanks boxxa,

    Would you mind (if time allows it for you) either to elaborate or maybe go further on it ?

    I might be wrong, but I think a team project could help ?

    Your input about null value seems interesting btw...

    Thanks

    MF
    MacPro Macos X 10.5.6 -Debian 5.0.0 - windoze64 ( FPS games only ) - 30" Cinema Display - iPhone 3G 16Go -ProTools HD 8 - BroadBand Asymetric ADSL 20 Meg - MacosX Developer Select

  7. #6
    Livin the iPhone Life
    Join Date
    Aug 2008
    Location
    New York
    Posts
    1,024
    Thanks
    3
    Thanked 78 Times in 63 Posts

    Well everything I have researched talked about apps being able to use a legal apple API function and pull the UDID on your phone and send it anywhere they want. Apple has yet to restrict this but hte first step would be how this number plays into the ATT activation, app downloads, iphone functions, etc.

    One you can figure out that aspect, the discussion can come across as to where is it pulled from. Somehow I think it might be more elaborate than a simple value but then you can see if it can be a simple file rename or patch that can be run before running an app.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •