Apple has responded to the discovery of alleged deliberate backdoors in its iOS operating system, detailing three "diagnostic capabilities" it says are in place to help IT departments and developers troubleshoot issues.
The company's comments follow the release of research by iPhone hacker and app developer Jonathan Zdziarski, who revealed several undocumented functions in iOS which make it possible for data to be stolen or exploited by hackers or law enforcement.
Zdziarski found the functions also allowed for invisible remote start-up and monitoring, the capturing of data from a user's address book and social media, the installation of spyware and more.
In response to the claims of deliberate backdoors, Apple today listed three previously undocumented iOS services and explained how they work.
The company said each was intended as a diagnostic tool for IT departments or app developers, and allowed interoperability with iOS devices, internal testing on beta software, AppleCare support, and app development.
Each required the device to be unlocked and in a 'trust' relationship with another computer, and the data transmitted between the devices is encrypted with keys not shared with Apple, the company said.
It specifically referred to three services - "pcapd," "file_relay," and "house_arrest".
1. com.apple.mobile.pcapd
pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.
2. com.apple.mobile.file_relay
file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users' devices.
3. com.apple.mobile.house_arrest
house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.
Zdziarski documented the three listed features in his report, and said none were intended for support or engineering purposes.
Apple failed to address a number of other concerns around Zdziarski's claimed backdoors, including the bypassing of iOS backup encryption and the installation of spyware.
In a response to the allegations earlier this week, an Apple spokesperson said the diagnostic functions contained within iOS were aimed at ensuring user privacy and security while allowing IT departments and developers to troubleshoot technical issues.
"A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent," the Monday statement read.
"As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services."
