Apple tech note illuminates purported 'backdoor' services
Just a couple days after a security researcher alleged that iOS contained “backdoor” access to user information, Apple has posted a knowledge base article explaining many of the systems that were under scrutiny.
In the article, iOS: About diagnostic capabilities, Apple calls out three services: a packet capture tool called “pcapd,” one called “file_relay,” and a third dubbed “house_arrest.” According to Apple, all three of these technologies are used “to help enterprise IT departments, developers, and AppleCare troubleshoot issues.” The company also emphasized that users must unlock their devices and connect them (via a cable or iTunes Wi-Fi Sync) to a trusted computer for the information to be retrieved; and even then, data transferred between the two is encrypted, and the keys are not shared with Apple.
Only a brief overview is provided for each of the three tools. Pcapd is intended for diagnostic packet capture—that is, network troubleshooting—and determining problems with third-party apps and enterprise VPN connections. Further information is available in documentation on packet traces in Apple’s iOS Developer Library.
File_relay, which security researcher Jonathan Zdziarski called the “biggest forensic trove of intelligence” on iOS devices, is, according to Apple, intended for “limited copying of diagnostic data from a device.” The company also says it’s separate data from backups that user makes, can’t access everything on the device, and respects third-party encryption. It’s specifically used by Apple engineering on internal devices and, in some cases, by AppleCare, for diagnostic purposes.
Finally, house_arrest is the tool underlying iTunes File Sharing, letting you copy documents to and from third-party apps that support it. Xcode also uses the service to transfer test data for apps in development.
While Apple’s tech document may not allay all concerns about these tools—specifically that they, in some cases, seem to have a broader access than is really necessary for certain diagnostics—the fact that Apple unabashedly posted a tech document describing them does take a certain amount of air out of the argument that any of these are “secret backdoors” intended for snooping on users.
More to the point, Cupertino appears to be continuing to uphold the transparency that it’s touted around privacy issues. That’s the attitude we’ve come to expect from Apple, and it’s good to see the company live up to that.
Update at 12:10 p.m. ET: Zdziarski has responded to Apple’s disclosure, though he continues to argue that the breadth of these tools are wider than perhaps is intended.