Earlier this week, forensic expert, and former jailbreak hacker, Jonathan Zdziarski, attracted attention to suspicious iOS background assets that could allow for covert data collection of users’ information from devices. They could be exploited by law enforcement agencies or hackers to steal sensitive personal data.
Apple of course denied the claim, stating that these so-called ‘backdoor services’ are actually used for troubleshooting.
“As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services,” Apple said.
Then the company published a new support document, where Apple offers a limited description of the three services— coincidentally listed in the same order as presented by Zdziarski in his slide deck. The company also provided details of how each works.
From Apple’s support document:
- com.apple.mobile.pcapdpcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.
- com.apple.mobile.file_relayfile_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices.
- com.apple.mobile.house_arresthouse_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.
Apple has already been mentioned by Edward Snowden’s PRISM leak last summer, which was followed tons of questions concerning the company’s stance on privacy.