This article was published on July 23, 2014

Apple releases information about iOS in response to claims of a ‘backdoor’ for data collection


Apple releases information about iOS in response to claims of a ‘backdoor’ for data collection

Apple has published new information about the diagnostic capabilities of iOS, in what appears to be a response to suggestions that it includes a ‘backdoor’ that could enable governments and other third-parties to access user data.

The controversy arose after security consultant Jonathan Zdziarski documented a vulnerability that could leave usage data on iOS device exposed. Rebutting subsequent reports that linked the vulnerability with government data collection, Apple told iMore that it has “has never worked with any government agency from any country to create a backdoor in any of our products or services.”

In addition to detailing the capabilities of three diagnostic features in its new document, the company says:

Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.

The second sentence is important, since Zdziarski claimed that data on an iOS device could be at risk if it is paired with a desktop device which subsequently falls into the hands of a third-party.

Following his initial findings, Zdziarski has been in contact with Apple. Citing the company’s response to his claims, he said that he “doesn’t buy for a minute that these services are intended solely for diagnostics.” That’s to say that he found the type of data available to the diagnostics services to be “of an extreme personal nature,” which seemed out of place given the focus.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Apple’s new disclosure represents a further step towards transparency and openness, and gives a more detailed breakdown of diagnostic capabilities, and background services in iOS.

1. com.apple.mobile.pcapd

pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.

2. com.apple.mobile.file_relay

file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices.

3. com.apple.mobile.house_arrest

house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.

We reached out to Apple for comment, and will update this post if we hear back from the company.

Headline image via Justin Sullivan / AFP / Getty Images 

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with