iPhone World

There are a few services available now for tracking your phone. As far as I know, all of them can be disabled by a would be thief rather easily. I have found a method that will give no indication whatsoever that your phone is being tracked. Additionally, there is only one way to launch the app to change the settings or disable it, and for the common thief is not likely to happen.

The idea just came to me when I was backing up my Cydia applications and saw the FieldTest.app folder. If you aren’t aware, there is a special number you can dial on the phone that will open the field test application. To check it out, dial *3001#12345#*. When you hit call, the field test app opens. So I thought it could probably be replaced with something else, and that’s exactly what I’ve done.

I should note that only jailbroken phones will be able to use this method. You will need to have SSH installed, and I would recommend plist editor as it allows you to edit XML and binary plist files, both of which you will likely encounter.

Ok so the first step is to ftp to your phone. First go to /Applications. This will take you to the real location of the apps (Native and Cydia). Find and delete the FieldTest.app folder. Note that you will need to use root as the mobile account will not be able to remove it. (If you still want to have the fieldtest app available, change it’s identifier and remove the lines used further down to hide the icon)

Next you will find the folder for the app you wish to hide. If it is a native app or something installed with Cydia, you should look in /Applications. For AppStore apps, instead go to /private/var/mobile/Applications. You will see folders named something like 1B8A526F-88B8-4447-8EAD-E7F9575E07E6. You will have to look at each one until you find the app you are looking for. As an example let’s just use Navizon. You will find the folder containing Navizon.app and then enter that folder.

Copy the Info.plist file to your computer and open it in plist editor. Find the line that says

<key>CFBundleIdentifier</key>

and change the next line to say

<string>com.apple.fieldtest</string>

This will cause Navizon to be identified as the field test app. Next, go to the end of the file and right above </dict>, add the following

<key>SBAppTags</key>
<array>
    <string>hidden</string>
</array>

This will prevent the icon from showing up on the springboard. All that is left is to respring.

Now, when you dial *3001#12345#*, Navizon will open.

One thing I should note is that Navizon in particular will show an icon on the status bar when it is running in the background. To get around that, simply delete or rename the TopBar.png file in the Navizon.app folder.

This method can be applied unchanged to any app you like.

A few days ago I posted about Tapulous and the potential to have your associated Facebook / Twitter accounts hacked. There is another potential problem here. Let’s say you sell your phone. The UDID has not changed, so whoever you sell it to, if they install an app that you used that identifies you only by UDID, you’ve just given them access to your “account”. Now, it is possible to change the UDID (jailbroken users only), but it appears Apple may use this for verifying warranty coverage so if you change the UDID of a phone still under warranty and then sell it, the buyer may not be able to use the warranty. Likewise, it may be possible to change the UDID of a phone that is no longer under warranty, to one that is in order to have it serviced.

What I would recommend, is if you are going to sell your phone, email the contact for any apps you use that store settings on a server but don’t require a login, and ask them to remove your UDID from their system, or change it to your new one.

To see your UDID, just hold shift and click the serial number in iTunes.

What does this have to do with Push? Not much. In fact Push notifications are not sent based on UDID. They are sent based on a device token that is generated.

There is an issue that has cropped up that some people have stopped receiving push notifications. Apple has confirmed that in certain cases, your token can change when you sync with iTunes. When this happens, you will no longer receive any Push notifications. Their solution is to simply launch any apps that use Push and they will update the token.

Has anyone run into this? Has opening the app once resolved it for you?