iPhone Application Key Leaked

HighWizard writes with word from Engadget that the iPhone SDK Key has been leaked early. "We're not exactly sure how this all went down, but we trust Erica Sadun over at TUAW when she says that it appears that the iPhone's SDK key — which will probably be required by all 'official' third-party apps — has been leaked. Two different sites currently have the key posted, but it's all just for show until next month, when the SDK hits for real — and the code is undoubtedly changed."

Bummer :-(

[Whiney Mac Fanboy (963289)]

If you find something like this, you sit on it until after release. Now, Apple will probably update the release version of the SDK with a tighter authorisation system.

Regardless, it's fruitless for Apple to try & stop free third party apps. If enough people are interested, there will always be someone able & willing to crack Apple's DRM.

Oh, and here's a special message for any Apple Fanboi's in the house [188458a6d1...d43774.com]. (not my site)

Re:Bummer :-(

[SpeedyDX (1014595)]

Regardless, it's fruitless for Apple to try & stop free third party apps.

Yeah, the core of the problem is locking-in the SDK in the first place. They should adopt a less rotten attitude and just open it up for any developer to contribute free apps to the platform.

OK, I'm done. Ready to take the karma beating.

Re:Bummer :-(

[fangorious (1024903)]

can you try to pear down the puns?

Re:Bummer :-(

[DeepZenPill (585656)]

They're only sewing the seeds of their own destruction by introducing more restrictions to developers.

Re:Bummer :-(

[marimbaman (194066)]

sowing.

*sigh*

Re:Bummer :-(

[webmaster404 (1148909)]

Exactly, just look at game consoles. Just a few days ago they managed to find a way to run homebrew code on the Wii without a modchip. All DRM is quickly broken if there is enough interest. I still don't get why they do it, if I get a computer, I should be able to run whatever program I want on it, change the OS, overclock it ETC.

Re:Bummer :-(

[Jeff DeMaagd (2015)]

Game consoles aren't sold as general purpose computers. The hardware is purely a means to an end, what they're really trying to sell is the games. With the Wii, they're still hard enough to get in many places, I don't think they want to sell them to people that aren't going to be buying the games. With the other two consoles, they're sold at a loss with the intent that it will be made up for in licence fees, so it's not necessarily in their best interest to let you do just anything with them.

Re:Bummer :-(

[amorsen (7485)]

It has everything to do with protecting the phone network which *IS* their responsibility to repair when trashed. Users be damned when it comes to breaking the phone but break the network, we can't have that!

It is quite difficult to break the phone network with a phone, especially when you can't mess with the actual GSM/EDGE chip but only the one running programs. If that's the excuse to lock the phone, it's a seriously bad one.

Re:Bummer :-(

[SYFer (617415)]

What, you're not overclocking your watch? Luser.

You can actually see the hour hand moving on mine. Sure, I've singed my wrist a few times, but nothing a few heat sinks and thermal putty couldn't fix. 12:40 AM West Coast? Ha. I've got 2:15.

Re:Bummer :-(

[TubeSteak (669689)]

Now, Apple will probably update the release version of the SDK with a tighter authorisation system.

What makes you think that crackers got the key from the SDK's "authorization system" and not from an Apple insider?

Re:Bummer :-(

[Admiral Ag (829695)]

Forgive me if I misunderstand you, but where does it say that Apple is not going to allow free app downloads?

I can see why they would want an authorization system, because they have already expressed their worries about iPhone malware. Moreover, Apple was going to have to distribute the apps anyway, because most people use iTunes to manage their iPhones. The hackers among us will find a way around it, but the idea seems to be to protect ordinary users, not frustrate the uber leet among us (of which I am not one).

I'd be surprised if there weren't free downloads anyway along with the pay stuff. It may well be in the interest of some developers to offer free apps that complement their pay offerings or web services. The kind of small widgets that people will make are free anyway (and Dashboard widgets tend to be free). Podcasts are free, so it's not like iTunes doesn't already offer free content. Hell, they offer free DRMed songs every week.

In any case, even if the apps do start off on a pay basis, I'm guessing that pressure from developers will lead to free apps being offered.

Re:Bummer :-(

[Mr2001 (90979)]

Apple could easily take the route of S60v3, and allow the conscientious user to disable the security requirement.

They could, but is there any reason to believe they will? Has Apple ever passed up an opportunity to take advantage of platform lock-in?

And as a truly responsible geek, you really should go out and look at the pre-existing signed application schemes before you continue this nonsensical panic. Even if you only look at the ones I've referenced here today (Nokia's S60v3+ and Sony Ericsson's UIQ3.x)

Well, let's add Qualcomm's BREW to that list as an example of why the "panic" is appropriate.

Ask any of the tens of millions of customers affected by BREW in the US about the last time they installed a free app on their phone, and if you're lucky, they'll describe a trial version of a game that disabled itself after 15 minutes. If not, they'll just laugh at the absurd concept of putting software on their phone without paying a monthly subscription or a hefty up-front charge.

18 84 58 A6 D1 50 34 DF E3 86 F2 3B 61 D4 37 74

[by Anonymous Coward]

     

but it's all just for show until next month....

[clambake (37702)]

... when the SDK hits for real -- and the code is undoubtedly changed. ... and re-leaked.

Meh

[MrCopilot (871878)]

I wish I cared, I tried extra hard but still nothing.

If I want a phone I can modify I should buy a phone that allows it.

Is the iPhone sleek and sexy? Of course, but so are a host of supermodels that I would not want to get into a 2 hour conversation with let alone a 2 yr relationship.

I feel the same way about the iPhone, I'd like to play with one for a little while, but thats about it.

Re:Meh

[Anakron (899671)]

host of supermodels ... 2 hour conversation

eh? You're doing it wrong!

Re:Meh

[BitZtream (692029)]

I call bullshit. Its not like your going to get better conversation in the 2 hours to 2 years you're going to spend playing WoW instead.

Slashdot - rumours for nerds

[enoz (1181117)]

We're not exactly sure how this all went down, but we trust Erica Sadun over at TUAW when she says that it appears that the iPhone's SDK key -- which will probably be required by all 'official' third-party apps -- has been leaked.

Next month, when the SDK comes out, apparently this key may or may not work. Fantastic!

Here's another SDK key that was apparently discovered on a blog so is probably true:
47 6F 47 65 74 41 46 69 72 73 74 69 4C 69 66 65

"It's true, a blog confirms it!"

Symmetric key used to protect iPhone?!

[Myria (562655)]

The purported key is only 16 bytes. There is no current public-key algorithm capable of maintaining security at a 128-bit key size. If that's a legitimate key, it's definitely a symmetric key. Symmetric cryptography has the obvious problem that the device necessarily must have the key inside of it somewhere, meaning that a reverse engineer could find it.

If Apple used a symmetric key to protect against unauthorized software, it would imply incompetence with cryptography. I highly doubt this is true. It's more likely that it's not.

Re:Symmetric key used to protect iPhone?!

[BitZtream (692029)]

Its far more likely that its simply an md5 fingerprint or something silly. One of the blogs listed in the summary is for a guy who loves stringing people along in an extremely retarded way. Definately some attention issues. Either way, I'm not aware of any public/private key systems that would be considered very secure with a 128 bit key since you need a considerably larger key size with public/private key systems because large your limited to using prime numbers and stuff like that. While I'm not sure of the exact time involved, but since 1024bit certificates are considered 'weak' now days, I doubt cracking a 128 bit private key would be extremely difficult, especially with the possiblity of using distributed computing over the internet. Its either a hash or a symetrical encryption key used to obsfucate something to have the hax0rs waste some time, or a horrible implementation. You pick

Re:Does It Really Matter?

[fangorious (1024903)]

Since you asked, I've seen plenty. Including two people I work with (a Java developer and an InstallShield developer), one unlocked for Tmobile. Seen a few at grocery stores and hockey rinks. Also know of at least one person at Harmonix who has one. I want one myself (but I'm waiting for the final word on first telecom immunity and second the current lawsuits against AT&T and friends). I like the interface. Everyone I know who has played with one agrees that it has the best interface. I've tried to use other similar features on nokia, samsung, and motorola phones, and even manage to convince myself of their adequacy. Until I pick up an iphone and realize the sad truth that for the market segment it targets, nothing else I've tried out comes close to the iphone.

The iPhone is the best phone I've ever owned.

[LKM (227954)]

(Sorry, this is going to be a somewhat lengthy rant which isn't directed solely at parent, but at other posts asking about what people see in the iPhone)

I live in Switzerland, where the phone isn't even officially sold. I own an iPhone, I know six other people who own iPhones, and I've seen three people whom I don't know with iPhones on the street. So yeah, tons of people own iPhones, and they use them.

Personally, the iPhone is the best cell phone I've ever owned. It's also the cheapest cell phone I've ever owned. I use my cell phone as an organizer. I use the calendar extensively, I write and receive a lot of SMS messages. I generally use smartphones. I've owned a P800, a Treo 650, and a P990i. These phones suck compared to the iPhone.

For example, the P990i supports wifi - in theory. Actually using wifi means that you have to add each network you want to use to your list of networks (which involves going through a lengthy wizard where you tell the damn phone what specific setup the wifi network uses). This generally means that you have to create a second list of networks, because otherwise, you have wifi and umts in the same list, which means you never know whether the phone is actually using umts instead. So you create two lists, add wifi networks to the second list, tell the phone (or application, because sometimes that works on the application level and sometimes on the phone level) that you want to use the second list with the wifi network, then you connect to the network, and finally you can use the damn wifi network. After my P990i crashed half a year after I bought it and deleted all settings, I never bothered to go through this again. I simply avoided using wifi.

On the iPhone, you open Safari. If it can find a wifi network you've already used, it'll use that. If not, it'll give you a list of networks it can see. You pick one. If it's protected, it asks for the password. It connects. And that's all there is to it.

And don't get me started on how fucking abysimal the user interface on the P990i is. It's slow, with tons of crappy animations which add nothing to the UI other than preventing you from getting to where you want to be. The web browser on that thing is the worst piece of shit I've ever used. It's practically useless. Entering an appointment into the calendar actually takes around 20 taps with the stylus. In fact, it is so complicated that they added a second way of entering appointments using a shortcut menu entry, which takes a few taps less, but sometimes crashes or simply does not work at all. Oh, and when the phone crashes, it restarts and tels you that it had to restart in order to improve functionality. The phone crashes, and then it insults your intelligence, too.

The Treo was better - at least the UI was not designed by blind monkey on acid. Unfortunately, it had other issues, such as the fact that there is pretty much no multitasking. For example, if you open a site in the browser (which is better than the one in the P990i, but still sucks), get an SMS, write an answer to the SMS and go back to the browser, the state is lost and you start fresh.

I heard Windows Mobile was slightly better, but the last time I used it (admittedly a few years ago), it seemed to me the user interface was basically akin to using Windows 95 on a really really small screen.

In comparison to every other phone I've ever used, the iPhone is a breath of fresh air. It works the way you expect, it's damn fast, the browser is actually so usable that I often simply use the iPhone instead of going to my computer. The screen is beautiful and large, which makes it possible to watch movies during train rides. It synchronizes perfectly well with all computers I own, and when I start listening to a podcast on the iPhone, my iPod picks up where I stopped listening, and I can restart exactly where I was when I go jogging.

Everything about the iPhone is well thought out, and for once, I actaully like using my cell phone.

So screw the "emo demographic". People use the iPhone because it's quite simply one of the best - possibly the best - cell phones available, despite the fact that you can't install applications without jailbreaking it first.

Re:Does It Really Matter?

[by Anonymous Coward]

... which is ironic knowing the vendor lock-in Apple does.

Yeah, total lock-in. I just wish that, when the time comes that I start to feel the lock-in, it would be possible to install Windows XP, or Vista, or one of those many x86 Linux distros on my MacBook. Oh wait, I can install any one of those. I could even run all of them at the same time along with Mac OS X and run any application I feel like.

Dang Apple and their lock-in.

Re:Let me guess

[Swampash (1131503)]

No, it's

up up down down left right left right sel start

Re:why all the effort?

[lymond01 (314120)]

the iphone is a locked down piece of crap.

If anything locked down is a piece of crap then I guess you're right. But if you're saying it's locked down and is a piece of crap on its own, I think I disagree. Me and probably 95% of the people who have ever touched one.

Opinions aside, I wonder if Apple was so against opening it up because they wanted to reserve the right to change the APIs to fit any updates they planned in the future. With control of the few installed apps, they can make core changes to the OS to extend the abilities of the iPhone, then rewrite the parts of the apps to fit with the new core. If they let anyone make apps, they'd either break them everytime the core changed (see the last 3 updates for examples) or they'd have to stabilize the core (which is probably what they've done now that they're releasing an SDK).

I wonder if this is just prep for iPhone 2...let people go crazy with the first iPhone, and save the lockdown for the greater iPhone 2 soon to arrive.

"Dude...3G is cool and all, but you can't even customize your apps on iPhone2. Check out this gnarly rdesktop client I've made..."