Apple Responds to ‘Backdoor’ Allegations in iOS Diagnostics Support Document


Apple has released a new support document which details iOS diagnostics capabilities, in what appears to be a response to claims by security researcher Jonathan Zdziarski that the company is aware of ‘backdoors’ in iOS.

The following three services are outlined by Apple in the same order they appeared in Zdiarski’s HOPE/X presentation slides, seemingly a sign the support document is a response to the allegations:


pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at


file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices.


house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.

You can see a preview of the slides Apple is referring to in its support document below:

Screenshot 2014 07 22 21 40 44

Screenshot 2014 07 22 21 40 52

Screenshot 2014 07 22 21 41 11

Apple already released a statement declaring “As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services.”



  • rting

    So does that mean a hacker can exploit these backdoors?

  • Jezzah

    In theory yes.

    That’s also one of the biggest problems with how the NSA conducts business. If they actively work to discover and catalog unknown vulnerabilities for their own operational use, and not disclose them to the relevant companies like apple for patching, then it’s very plausible that other malicious entities could also discover and exploit said vulnerabilities.

    Thereby weakening security and putting the public at risk.