Skip to content
This project shows the kind of data a rogue iPhone application can collect.
Objective-C C
Latest commit 7c386b1 Nov 22, 2011 @nst Update README.markdown
Failed to load latest commit information.
Classes read iOS photo stream, don't show 0,0 coodinates on map Nov 11, 2011
EXIF added wifi bssid location lookup Oct 31, 2010
FMDB added wifi bssid location lookup Oct 31, 2010
JSON added wifi bssid location lookup Oct 31, 2010
OUILookupTool display wifi access points on the map Oct 31, 2010
Settings.bundle added TV out capabilities Jan 14, 2010
SpyPhone.xcodeproj updated readme Nov 18, 2011
AddressBook.png first version Dec 2, 2009
Default.png display wifi access points on the map Oct 31, 2010
Email.png first version Dec 2, 2009
Icon.png first version Dec 2, 2009
Keyboard.png first version Dec 2, 2009
Location.png first version Dec 2, 2009
MainWindow.xib fixed crash when clicking Photos Map button Oct 18, 2011
Phone.png first version Dec 2, 2009
Photos.png first version Dec 2, 2009
README.markdown Update README.markdown Nov 22, 2011
SPCell.xib first version Dec 2, 2009
SPEmailReportVC.xib display wifi access points on the map Oct 31, 2010
SPImageMapVC.xib display wifi access points on the map Oct 31, 2010
SPImageVC.xib first version Dec 2, 2009
SPSourceTVC.xib first version Dec 2, 2009
SPWebViewVC.xib first version Dec 2, 2009
Safari.png first version Dec 2, 2009
Sources.xib fixed crash when clicking Photos Map button Oct 18, 2011
SpyPhone-Info.plist first version Dec 2, 2009
SpyPhone_Prefix.pch first version Dec 2, 2009
Wifi.png first version Dec 2, 2009
YouTube.png first version Dec 2, 2009
data.png first version Dec 2, 2009
email_mask.png first version Dec 2, 2009
gpl-2.0.txt first version Dec 2, 2009
main.m fixed crash with big photo libraries Dec 5, 2009
report.png first version Dec 2, 2009
white_hat.png first version Dec 2, 2009
white_hat_mask.png first version Dec 2, 2009

README.markdown

At BlackHat DC 2010, I presented a paper called iPhone Privacy.

In this paper, I call the following Apple claim into question:

Applications on the device are "sandboxed" so they cannot access data stored by other applications.

In addition, system files, resources, and the kernel are shielded from the user's application space.

Source: iPhone in Business - Security Overview

SpyPhone demoes it is not exactly true. It shows the kind of data a rogue application can collect in a non jailbroken iPhone.

These data do certainly interest marketers, spammers, thieves, competitors and law enforcement officials.

Something went wrong with that request. Please try again.