Apple refers to iOS back doors as 'diagnostic capabilities'

Apple refers to iOS back doors as 'diagnostic capabilities'

Summary: A knowledge base article was posted to address concerns about packet sniffers discovered running on every iOS device.

TOPICS: Apple, iOS, iPhone, iPad, Security
Apple refers to iOS back doors as 'diagnostic capabilities' - Jason O'Grady
(Photo: Jonathan Zdziarski)

Yesterday I wrote about Forensic Scientist Jonathan Zdziarski's presentation at HOPE/X where he demonstrated "a number of undocumented high-value forensic services running on every iOS device" and "suspicious design omissions in iOS that make collection easier." 

Apple today addressed some of his concerns with a new knowledgebase article called iOS: About diagnostic capabilities. In it Apple refers to the services identified by Zdziarski (including "pcapd," "file_relay," and "house_arrest") as "diagnostic capabilities to help enterprise IT departments, developers, and AppleCare troubleshoot issues."

The Apple kb article notes that the services require the iOS device to be unlocked and in trusting relationship with another computer. It also notes that data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple.

The document justifies three of the services as follows:


pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at


file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users' devices.


house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.

In his "theories" slides about why Apple may have included these services in iOS, Zdziarski concludes that they're not for Genius Bar or Apple support:

Zdziarski Theory: Backdoors aren't for Genius Bar or Apple support - Jason O'Grady
(Slide: Jonathan Zdziarski)

...nor are they for Engineering/Debugging:

Zdziarski Theory: iOS backdoors not for Engineering / Debugging - Jason O'Grady
(Slide: Jonathan Zdziarski)

Zdziarski's HOPE/X presentation also provides a number of "design suggestions" that Apple should include in the next version of iOS:

Jonathan Zdziarski's Design Suggestions to secure user privacy in iOS - Jason O'Grady
(Slide: Jonathan Zdziarski)

Jonathan Zdziarski has yet to respond to Apple's response.

Further reading:

Topics: Apple, iOS, iPhone, iPad, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Not Sure Apple will like this article

    New Security Application will fix the "feature"

    • IOs is intrisically INSECURE

      So, those that use it, use it at their own risk.

      Apple may try to disguise their actions. Though open gates like these eventually cause problems for all.
      • That's actually not Jonathan Zdziarski's claim

        He noted at the start of his presentation that iOS was MORE secure than the other platforms.... with the backdoor services as his "...but!" moment.
        • Ok..huh?

          Can you provide a reliable link as to where he said that?
          • You do know that's not going to be hard for me to do, right?


            It is right in his presentation. See the slide "centralized control."
        • It is definitely the case

          Of the tech industry salivating over anything apple and jumping on it before they understood it. It's evident in this article - now that apple have stated what they use the services for, the author pushes all responsibility for the article away, basically just compiling quotes and no opinion apart from the headline.

          The reality is it makes sense - both are true: iOS is a relatively secure operating system (there are no truly secure general purpose operating systems) but these services, like any connection or port are an elevated risk.

          It's not a case of 'Apple - boo!' Or 'but my apple wouldn't do this' it's just reasoned debate. Apple have confirmed that they have these diagnostic services - there is no harm in that, actually when I went to the Genius Bar with battery life (who hasn't) they used to run diagnostics from a computer, but now do so over a network to an ipad, and it's a pretty standard part of an appointment. So the diagnostic tools aren't really a secret - how did you think they got all that data.

          It's not that these services exist that's noteworthy - heck imagine a breakdown of what data my htc one is sending to google would look like! - it's about security. The original researcher found that these services have elevated access. Whilst not a problem in itself it is up to apple to confirm that these pose no risk - that local or remote code executed on a non jailbroken device will not compromise these services.

          The real revelation is that it is non encrypted data communication. Now in the example the apple article gives this is not a problem - a tethered, unlocked device has already given up all security blocks to its data before you run it. The real question here is:

          In the example of the ipad diagnostics, or the remote diagnostics they do when you contact their telephone support, do they also communicate that data in plain text? If so it is wide open to man in the middle attacks. Worse still this could actually be done in an apple store if they are sending plain text user data over their public wi-fi.
        • Too bad it's not true anyway

          iOS is not the most secure phone platform. In fact, it's horribly insecure when compared to its competition (Android, Windows Phone). Rather than make baseless claims, look at historical vulnerabilities and ease of hackability. Hacking competitions (e.g. Pwn-to-Own) are a good place to look.
          • Take your own advice

            Android is horribly insecure when compared to its competition. Have you looked at the statistics of how many viruses and malware examples there are for Android vs IOS?

            Thanks for the laugh.
          • nope.. not a fair comparision

            just as easy to write malware for apple than for android.. what you are comparing is the closed wall garden where apple decide what you can use your phone for or with, and android allowing you to use it like a general purpose PC. If you actually have to install malware yourself as you do with both platforms, then apple only protect you from your own stupidity by only allowing you to install staff they want you to have. Google don't want to limit what you can do, so they assume you will actually read what the apps permissions are and make an educated decision.. and also that you will not use dodgy markets. If you use android as Google intended it, there is no malware issue at all. If you are too stupid or arrogant, then yes, you can get malware. (ditto with iOS)

            you could also say stupid people get more malware because they will install any damn thing and then winge later.. since neither Android or Apple have had standard phones get infected just by being on the network somewhere.. neither have been susceptible to traditional malware like worms or viruses that self replicate and self propagate, so windows would be the most insecure OS as it has a very long history of getting infected just by being online, though it's much much better now than in the 96-2006 period. (nimda, codered, Ie6 etc)
  • All hackers caught in the future will repeat this claim

    We were just collecting diagnostic information... :-)
    • Like sexual predators might claim

      they were only doing a "public health survey." And just as believable!
  • Not a problem

    What Forensic Scientist Jonathan Zdziarski failed to note in his slides were that, while the data provided is in a raw format, Apple provide the necessary tools to both Store 'geniuses' and Enterprise IT people so that this raw data can be unwrapped where needed for analysis. It is useful to people like me and can ONLY be accessed if you have set up permissions. It is less a risk than if the user had not set a password or left it unlocked. What are some people making a big fuss about nothing for?
  • i don't care if you...

    ...are an Apple apologist or an Apple hater... I couldn't care less. The fact remains whether it is BB, Android, Apple, Tizen, whatever...

    If it is made, it can be broken. When iOS7 was launched it patched 80 security issues with ios6. It also had a critical SSL vulnerability... That really surprised me...iOS7. 1 fixed an additional 41 security issues...

    So to those that love Apple? It is not as secure as one those that hate Apple? Don't throw rocks at glass houses when you live in one. Every OS has its strengths and weaknesses. Just enjoy your preferred OS and grow up.
    Cory Ducey
  • Surprised? Why?

    So, who exactly is surprised at Crapple's supine attitude towards NSA and other government spookery? (I'm not betting that MicroSloth or GooGoo are any better.) They're all big corporations in a basically fascist world economic order, and know on which side their bread is buttered.

    E.g., governments have guns, in most countries, their (potential) private customers mostly do not*. If you're the CEO of one of these companies, dependent on government approval to be able to do any business, and the nice "MIBs" show up and ask you to install trapdoors in your OS and by the way, don't tell ANYBODY, are you going to refuse?

    * The major exceptions being the US, Israel, and Switzerland.
    rocket ride
    • And even in those countries,

      the guns available to private citizens, including corporate "citizens" so called, are nowhere near enough to counter the armada that the military, or today even some local police departments, are able to amass.

      One possible exception: the company that MAKES the tanks and missiles has inventory which, if the company management so ordered, be fired on their military customers. Or they may have put back doors in the controls of the weapons they have already sold, so that they can remotely disable those weapons. But this is extremely far fetched, and unless a weapons company CEO is serious about TAKING OVER HIS COUNTRY, it would be bad for business to use weapons not yet sold to the government to resist arrest by that government.
    • Us?

      Ok Israel & maybe Switzerland, but us? I think not.
  • House arrest?

    Sounds exactly like what LEOs would use to make a case so they could arrest you for copyright infringement.

    In fact, it sounds like exactly what the FBI would love for every phone to have so they could look over your shoulder to see what you haver on your phone which could help them build a case against you for anything illegal.
  • Article: "the services require the iOS device to be unlocked"

    Is unlocking the same in this context as it is with a SIM card for a carrier?

    "iPhone: About unlocking"

    "and in trusting relationship with another computer"

    And if one purchases an unlocked iPhone or gets their carrier to unlock their iPhone, does this mean that these services can be used by miscreants against the user? Perhaps by also attacking a Mac or Windows PC ...

    P.S. Note that some Windows banking malware variants such as Zeus and SpyEye target both Windows PCs and Android devices.
    Rabid Howler Monkey
    • No

      No, it means waking the phone (pressing Power or Home) and, if required, entering your Touch ID or Passcode.
      Logan M
      • Thx

        This means that all iOS devices are potentially vulnerable to surveillance (and, possibly, attacks) via the built-in diagnostics capabilities from a suitably compromised Mac or Windows PC if a user trusts the Mac or PC for their iOS device.
        Rabid Howler Monkey