Apple's Phony Consumer Protection

Users wide open to privacy attacks.

Get It Try It

CUPERTINO (Radsoft) — Apple may boast a lot about their heartfelt concern for user safety, and Tim Cook might like to profile himself in that vein, but when it comes to protecting the safety/integrity of their computer users, the Cupertino company must come up next to last with Microsoft, scandalously far behind their Unix cousins.

.DocumentRevisions-V100

The 'hidden' directory .DocumentRevisions-V100, placed at the top of their filesystem hierarchy, is but one example. And there are myriad further examples.

Dealing with a system and way of thinking where openness and impartiality are supreme, Apple established a new norm, with a focus on secrecy and dissembling.

The twists and turns and legerdemain they used to fight off closer inspection of their 'cheat' in supporting Unix hard links is of course legendary today. Their root directory is a small kennel of weird dotted files.

% ls -d1 .*
.DocumentRevisions-V100
.HFS+ Private Directory Data?
.OSInstallerMessages
.PKInstallSandboxManager
.PKInstallSandboxManager-SystemSoftware
.Spotlight-V100
.file
.fseventsd
.vol

[That question mark ('?') at the end of the filename '.HFS+ Private Directory Data' above, in case you're wondering, is the unprintable escape character 'carriage return' ('\r') which is deliberately used to thwart inspection by computer science. Apple find it rather embarrassing when outsiders keep coming upon their dirty secrets.]

But what's in .DocumentRevisions-V100? Good question. For it seems to contain a sort of history of everything you've downloaded and processed on your local machine. The reason and rhyme aren't known and aren't even interesting. What is interesting is that they're a tangible privacy threat.

SQLITE

There are many interesting - and potentially compromising - files in the .DocumentRevisions-V100 hive. One such file is a SQLITE file which seems to function a bit as a 'rolling history' of filesystem activity.

This file can grow and grow and grow to extreme proportions. It doesn't seem to ever be pruned. It just keeps on growing.

Here's a bit of a taste. Note that file paths, save their extensions, can be redacted in this representation. They're exposed and preserved in their entirety by Apple.

0000000000000036 h0SQLite format 3
0000000000000730 CREATE TABLE state (v)
00000000000140ec 2bplist00
00000000000140fe X$versionX$objectsY$archiverT$top
00000000000141ab NSKeyedArchiver
00000000000141bd Troot
00000000000151b9 XXXXXXXXXXXXXX.jpg
00000000000151d1 XXXXXXXXXXXXXX.jpg
0000000000017230 XXXXXXXXXXXXXX.jpg
0000000000018225 XXXXXXXXXXXXXX.jpg
000000000001f1c5 C5DF7061-E2A9-4049-9F7D-7FE072653304.jpg
000000000001f245 D-7FE072653304.jpg
000000000001f26f 9AA45B58-7F73-4DB3-ACB8-2DB3D1ABE6C1.jpg
000000000001f2ef 8-2DB3D1ABE6C1.jpg
000000000002027a PerUID/501/1/com.apple.documentVersions/C5DF7061-E2A9-4049-9F7D-7FE072653304.jpg
00000000000202d0 PerUID/501/1/com.apple.documentVersions/9AA45B58-7F73-4DB3-ACB8-2DB3D1ABE6C1.jpg
00000000000242f5 C5DF7061-E2A9-4049-9F7D-7FE072653304.jpg
000000000002433e 9AA45B58-7F73-4DB3-ACB8-2DB3D1ABE6C1.jpg
0000000000026398 XXXXXXXXXXXXXX.jpg
000000000002738d XXXXXXXXXXXXXX.jpg
000000000002a2f9 8bplist00
00000000000415bf XXXXXXXXXXXXXX.jpeg
00000000000415dd XXXXXXXXXXXXXX.jpeg
000000000004364a XXXXXXXXXXXXXX.jpeg
0000000000044632 XXXXXXXXXXXXXX.jpeg
000000000005376f XXXXXXXXXXXXXX.jpeg
000000000005378d XXXXXXXXXXXXXX.jpeg
00000000000557fa XXXXXXXXXXXXXX.jpeg
00000000000567e2 XXXXXXXXXXXXXX.jpeg
0000000000059761 8bplist00
00000000000a6f45 XXXXXXXXXXXXXX.png
00000000000a6f7b XXXXXXXXXXXXXX.png
00000000000a6f86 XXXXXXXXXXXXXX.png
00000000000a8fc2 XXXXXXXXXXXXXX.png
00000000000a8fd4 XXXXXXXXXXXXXX.png
00000000000a9fb3 ~/Desktop/XXXXXXXXXXXXXX.png
00000000000a9fd8 ~/Desktop/XXXXXXXXXXXXXX.png
00000000000acf29 8bplist00

Apple consumers concerned about their rights and privacy should inspect .DocumentRevisions-V100 and purge the files therein on a regular basis.

The Rixstep Take

This is nothing new. Apple bet the farm on coopting independent software distribution and never cared about system or user security.

Conscientious Unix professionals should immediately begin planning their migration away from Apple.

See Also
Radsoft Security: Apple's Phony Consumer Protection

About Rixstep

Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.

Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.

All Content and Software Copyright © Rixstep. All Rights Reserved.