Apple posts support document detailing iOS “backdoor” allegations

Posted by:
Date: Wednesday, July 23rd, 2014, 16:26
Category: iOS, News, security, Software

ios-7-logo

The timing’s a bit strange, but Apple seems to be trying to explain what its assortment of “backdoor” services are doing on its iOS devices only days after forensic scientist Jonathan Zdziarski disclosed the services during a speech at a hacker convention.

Per AppleInsider, a recently published support document on Apple’s web site.

In what appears to be a response to allegations of installing “backdoor” services with the intent to harvest data from iOS devices, Apple on Tuesday posted to its website an explanation of three diagnostics capabilities built in to the mobile OS.


As listed in the support document, Apple goes over three iOS services, explaining how they work and why they exist, possibly in an attempt to address accusations that it installs backdoor services in cahoots with government agencies looking to surveil device owners.

The services detailed were mentioned by forensic scientist and iOS hacker Jonathan Zdziarski in a recent talk at the HOPE/X conference in New York. Zdziarski highlighted certain suspicious iOS background assets that appeared to serve no diagnostics purposes, but could potentially be exploited by law enforcement agencies or malicious hackers to steal sensitive personal data from iOS devices.

The support document addresses three of Zdziarski’s mentioned services as follows:

com.apple.mobile.pcapd:
pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.

com.apple.mobile.file_relay:
file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices.

com.apple.mobile.house_arrest:
house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.

In addition, Apple points readers in the direction of documents explaining data syncing and the “Trust this computer” iOS feature that protects against data extraction from an unknown Mac or PC.

While the document answers for three services questioned by Zdziarski, the hacker brought up many more, including those with the potential to seemingly bypass iOS backup encryption to serve up data from a user’s address book, capture pictures from social media feeds, install spyware using available enterprise tools and more.

For its part, Apple responded to the allegations in a statement issued on Monday, saying diagnostic functions in iOS are designed to thwart any compromise of user privacy and security.

The company added that users must first unlock their device and agree to trust a connected computer before transferring over diagnostics data, a point reiterated in today’s support document.

Stay tuned for additional details as they become available.

Recent Posts