Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

This project shows the kind of data a rogue iPhone application can collect.

branch: master
Octocat-spinner-32 Classes read iOS photo stream, don't show 0,0 coodinates on map
Octocat-spinner-32 EXIF added wifi bssid location lookup
Octocat-spinner-32 FMDB added wifi bssid location lookup
Octocat-spinner-32 JSON added wifi bssid location lookup
Octocat-spinner-32 OUILookupTool display wifi access points on the map
Octocat-spinner-32 Settings.bundle added TV out capabilities
Octocat-spinner-32 SpyPhone.xcodeproj updated readme
Octocat-spinner-32 AddressBook.png first version
Octocat-spinner-32 Default.png display wifi access points on the map
Octocat-spinner-32 Email.png first version
Octocat-spinner-32 Icon.png first version
Octocat-spinner-32 Keyboard.png first version
Octocat-spinner-32 Location.png first version
Octocat-spinner-32 MainWindow.xib fixed crash when clicking Photos Map button
Octocat-spinner-32 Phone.png first version
Octocat-spinner-32 Photos.png first version
Octocat-spinner-32 README.markdown Update README.markdown
Octocat-spinner-32 SPCell.xib first version
Octocat-spinner-32 SPEmailReportVC.xib display wifi access points on the map
Octocat-spinner-32 SPImageMapVC.xib display wifi access points on the map
Octocat-spinner-32 SPImageVC.xib first version
Octocat-spinner-32 SPSourceTVC.xib first version
Octocat-spinner-32 SPWebViewVC.xib first version
Octocat-spinner-32 Safari.png first version
Octocat-spinner-32 Sources.xib fixed crash when clicking Photos Map button
Octocat-spinner-32 SpyPhone-Info.plist first version
Octocat-spinner-32 SpyPhone_Prefix.pch first version
Octocat-spinner-32 Wifi.png first version
Octocat-spinner-32 YouTube.png first version
Octocat-spinner-32 data.png first version
Octocat-spinner-32 email_mask.png first version
Octocat-spinner-32 gpl-2.0.txt first version
Octocat-spinner-32 main.m fixed crash with big photo libraries
Octocat-spinner-32 report.png first version
Octocat-spinner-32 white_hat.png first version
Octocat-spinner-32 white_hat_mask.png first version
README.markdown

At BlackHat DC 2010, I presented a paper called iPhone Privacy.

In this paper, I call the following Apple claim into question:

Applications on the device are "sandboxed" so they cannot access data stored by other applications.

In addition, system files, resources, and the kernel are shielded from the user's application space.

Source: iPhone in Business - Security Overview

SpyPhone demoes it is not exactly true. It shows the kind of data a rogue application can collect in a non jailbroken iPhone.

These data do certainly interest marketers, spammers, thieves, competitors and law enforcement officials.

Something went wrong with that request. Please try again.