The rumor mill regarding iPhone 3.0 is starting to spin up more and more lately, so it seems like a good time for me to start complaining and fearmongering in regards to this update. This is entirely based on rumormill nonfacts, so take everything with a grain of salt.

There are several new features that will be available in the latest version of the phone that are not necessarily bad things, in fact they are all pretty good ideas, but might actually end up causing some problems down the road.

From the info I've been able to gather from reading forums and refusing to enter into an NDA on the topic, the first thing I ran across was descriptions of the in-app purchasing. This is a feature developers and old dead-tree media have been begging for. A way to monetize upgrades or content. The only caveat with this, is that all executable code must be already present in an app when sent for review to the app store. This makes sense from the approval process point of view, but not the point of view of anyone who has made shareware on a PC since 1981. According to the documentation regarding how to keep this safe, the only things I've come across is to store the unlocked features as properties in a plist file. If you're a developer, and know a better place to store it, don't use this method! A plist file should never be considered a safe place to store information.

The only way this could be condsidered safe for the developer is if the iPhone isn't jailbroken. Assuming a jailbreak is possible in 3.0, which is likely, ssh into the phone, run plutil and vi and all of a sudden:

<superfeature_enabled>true</superfeature_enabled>

What is this? 1994? This also affects Apple's revenue (that 30% per txn tax they have going on) so I'm surprised there isn't more of a focus on this.

But, let's say straight up pwnage tool level jailbreaking isn't possible. Big "if' here, but this is all conjecture anyways. The backups are still stored on the host computer, with those same plists.

So you have that aspect going on, but the next major feature is the p2p broadcasting. This enables all sorts of fun from playing hot-or-not in the bar you're in to playing games at the bar you're in with other people who like to go out just to play games defeating the purpose of going out in the first place. (I spend far too much of my time in bars I guess) The other thing it allows for is the next Metasploit pet project of iPhonePwnSuitcase (I'm sure HD will have a better name for it) that pings out looking for 3rd Party App X listening, firing off an exploit for that obscure app and then escalating privileges on the device. But, if you're nice, I'm sure the attacker will also upgrade all of your apps for you.

So what now? Who is responsible when a 3rd party yet approved iPhone app has a vuln? The obvious answer would be the vendor who produced it. Will that force Apple to start kill-switching apps more frequently? Can an app be un-killswitched? Otherwise wait the 9 days or so for the approval team to get around to looking at the app for the five minutes it takes to hit the magic 8ball approval button?

The first thing to come to my head is to have a check for submissions to say "Security Update", but that would be abused by pretty much everyone in the app store. The Product Security guys do a pretty good job (I've seen complaints on the net, but as someone who has to handle about 100 open cases from ZDI at any given time, they're easily in my top 3 favorite vendors to deal with), but their hands would be tied on issues like this due to the structure of the corporation as a whole.

I'm not hating. I like Apple. I like my iPhone and I like Xcode and the available documentation. There just needs to be someone overseeing the documents with security in mind. Someone who doesn't mind being hated by the rest of the people writing documentation. If developers learn bad habits early, say in an NDA'd beta period, they keep those bad habits. Look at how long it took for people to start documenting SQL injections, which are still rampant.

I'm interested to see what comes of this over the next few months.