"Yesterday I linked to a story about the discovery by Jonathan Zdziarski of a remote blacklist Apple is maintaining, supposedly, according to Zdziarski, to remotely disable rogue iPhone apps previously distributed through the App Store," John Gruber writes for Daring Fireball.
"But the story seems fishy... there may well be some sort of kill switch that Apple can deploy to remotely disable an app that’s already installed. But this list is not it," Gruber writes. "Apple has no reason to hide such a configuration in a sneaky place. If it’s 'tucked away in a configuration file deep inside' the Core Location framework, doesn’t it seem more likely that this list has something to do with, say, Core Location? Even the URL of the file in question hints at this: https://iphone-services.apple.com/clbl/unauthorizedApps."
Gruber reports, "An informed source at Apple confirmed to me that the 'clbl' in the URL stands for 'Core Location Blacklist,' and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location — an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines."
Link