Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
This project shows the kind of data a rogue iPhone application can collect.
Objective-C C
branch: master
Failed to load latest commit information.
Classes read iOS photo stream, don't show 0,0 coodinates on map
EXIF added wifi bssid location lookup
FMDB added wifi bssid location lookup
JSON added wifi bssid location lookup
OUILookupTool display wifi access points on the map
Settings.bundle added TV out capabilities
SpyPhone.xcodeproj updated readme
AddressBook.png first version
Default.png display wifi access points on the map
Email.png first version
Icon.png first version
Keyboard.png first version
Location.png first version
MainWindow.xib fixed crash when clicking Photos Map button
Phone.png first version
Photos.png first version
README.markdown Update README.markdown
SPCell.xib first version
SPEmailReportVC.xib display wifi access points on the map
SPImageMapVC.xib display wifi access points on the map
SPImageVC.xib first version
SPSourceTVC.xib first version
SPWebViewVC.xib first version
Safari.png first version
Sources.xib fixed crash when clicking Photos Map button
SpyPhone-Info.plist first version
SpyPhone_Prefix.pch first version
Wifi.png first version
YouTube.png first version
data.png first version
email_mask.png first version
gpl-2.0.txt first version
main.m fixed crash with big photo libraries
report.png first version
white_hat.png first version
white_hat_mask.png first version

README.markdown

At BlackHat DC 2010, I presented a paper called iPhone Privacy.

In this paper, I call the following Apple claim into question:

Applications on the device are "sandboxed" so they cannot access data stored by other applications.

In addition, system files, resources, and the kernel are shielded from the user's application space.

Source: iPhone in Business - Security Overview

SpyPhone demoes it is not exactly true. It shows the kind of data a rogue application can collect in a non jailbroken iPhone.

These data do certainly interest marketers, spammers, thieves, competitors and law enforcement officials.

Something went wrong with that request. Please try again.