Home Apple Confirms iOS Backdoors, But Calls Them “Diagnostic Capabilities”

Apple Confirms iOS Backdoors, But Calls Them “Diagnostic Capabilities”

Apple acknowledged that its iOS operating system for iPhones and iPads contains several previously undisclosed “diagnostic capabilities”—services that an iOS forensics expert recently described as “backdoors” that could allow broad access to a user’s personal data on those devices under certain circumstances.

See also: Those “Backdoors” In Apple’s iOS—What You Need To Know

The issue involves problematic iOS services identified several months ago by Jonathan Zdziarski, the forensics expert who is also a one-time iOS jailbreaker and the author of several books on iPhone development. Zdziarski gave a presentation on his findings last weekend and published the slide deck to his talk, which drew wider attention to his findings. (See our FAQ about Zdziarski’s backdoor findings here.)

Through The Backdoor

The three backdoors Zdziarski highlighted in his talk are present in 600 million iPhones and iPads, and are capable of accessing a great deal of personal information and then dumping it off the phone to a “trusted” device, such as the desktop computers many iPhone users plug their devices into. The backdoors can only be accessed via such trusted devices, limiting the danger of exploit—although that trust mechanism itself could also be spoofed by a determined attacker.

Until last night, Apple had apparently never described these iOS services publicly. Zdziarski reported the services do not notify users when they begin accessing personal data; do not require the consent of users if they access personal data; and cannot be turned off by users.

In a support document released Tuesday night, Apple described the three backdoors as “diagnostic capabilities to help enterprise IT departments, developers, and AppleCare troubleshoot issues” and offered a few details about each:

1. com.apple.mobile.pcapd

pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.

2. com.apple.mobile.file_relay

file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices.

3. com.apple.mobile.house_arrest

house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.

Apple’s support document acknowledges that a third party can access these services wirelessly via Wi-Fi from a trusted device, as Zdziarski had previously reported. It neither confirms nor denies Zdziarski’s finding that these three services operate without the knowledge or explicit consent of the user.

Apple also claims a much more limited role for the file_relay service than Zdziarski found, saying it is used only for “limited copying  of diagnostic data from a device.” Zdziarski, by contrast, reported that file_relay has access to 44 data sources within an iPhone, including highly personal information as call records, SMS text messages, voicemail, GPS logs and more. Such personal information has little in common with diagnostic data in most cases.

In a blog post reply, Zdziarski criticized Apple for being “completely misleading” in some of its descriptions and for failing to address his other concerns such as user consent and notification. But he also acknowledged that Apple will probably begin fixing those issues behind the scenes:

All the while that Apple is downplaying it, I suspect they’ll also quietly fix many of the issues I’ve raised in future versions. At least I hope so. It would be wildly irresponsible for Apple not to address these issues, especially now that the public knows about them.

(Zdziarski’s blog is having server problems; here’s a cached version of his reply to Apple should you need it.)

I’ve asked Apple for further clarification, and will update if and when I hear back from the company.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.