Slashdot Mirror
Retrievable iPhone Numbers Raise Privacy Issue
TechnologyResource writes "When a couple of voicemails didn't show up recently, I thought nothing of it until a friend asked me if I'd gotten his message — people just don't call me that often. But the iPhone is indeed a phone, as some users are reportedly being reminded when they get phone calls from the publishers of a free app they've downloaded from the App Store. The application in question, mogoRoad, is a real-time traffic monitoring application. As invasive and despicable as that sounds, it raises another question: how did the company get hold of the contact information for those users? Mogo claims the details were provided by Apple, but Apple doesn't disclose that information to App Store vendors. French site Mac 4 Ever did some digging (scroll down for the English version) and determined it was possible — even easy — for an app to retrieve the phone number of a unit on which it was installed."
At least one server-based game I was looking at a network capture for was using the phone number as the login/authentication information to their server....rather stupid as it meant that anyone able to guess iPhone phone numbers would be able to hack other users accounts of the game...WHOOPS!
I get the whole racket thing, and it's a joke, etc, etc, but it's worth noting that you can turn the entire Core Location framework off on a system-wide basis. You just go in to Settings->General and turn off "Location Services".
I'd mod you down for not even bothering to RTFA, but claiming that it didn't say what the calls were about is a bit disingenuous.
From the very first link:
Several commenters on the store say theyâ€(TM)ve received phone calls from the company behind the application after they downloaded the free version, inviting them to shell out money for the full version.
Generally something that has "road" in its name or description is about roads, so a traffic monitoring program with "road" in its name is somewhat obviously about road traffic.
I was curious if this was possible on other devices. Seems like all the big ones have some API functionality to retrieve similar information:
- http://docs.blackberry.com/en/developers/deliverables/8540/Retrieve_phone_number_BB_device_565546_11.jsp Blackberry
- http://blogs.msdn.com/windowsmobile/archive/2004/11/28/271110.aspx Windows Mobile
- http://www.forum.nokia.com/infocenter/index.jsp?topic=/S60_5th_Edition_Cpp_Developers_Library/GUID-3EB7E846-A29F-4546-B04D-A90B009903EF.html Symbian (while on casual inspection there appears to be no function to retrieve the phone number, you can retrieve the IMEI, and be notified on events such as phone calls, at which point you can retrieve the caller ID as well as the dialed number)
- http://developer.android.com/reference/android/telephony/TelephonyManager.html Android (requires permissions be granted to the app)
I know, I had to read it a few times as well. The way over the top reaction wasn't to the immediate prior sentence. It was to two sentences before. When I finally realized that the submitter flew off the handle about receiving solicitous phone calls from the company that published a free app these people had downloaded, I too, was a little ticked off at the thought of it. Of course, it wasn't until I got over the smugness of the submitter wasting my time with the whole discussion about how so few people actually call him anymore. What a douche.
My first reaction was, "why is a company burning these people's minutes?" followed by, "I thought it was illegal for businesses to make solicitation calls to cell phones" then followed by "I can't believe this smug little douchey asshole didn't register his cellphone on the Do Not Call Registry" eventually ending with, "Ahhhh, they downloaded the app, so perhaps that can be construed into their having 'a business relationship' with the vendor, thus meeting the minimum requirements for making solicitation calls."
Regardless, its still never legal to call a cellphone for the purpose of solicitation. Long story short: the submitter is probably an ESL speaker and doesn't understand the basic rules of English.
Don't forget Canada! We're as backwards as the US when it comes to cell phone carriers, only they charge us even more.
He's referring to web applications, not local applications. But thanks for playing, Bill.
I have written applications on just about every smartphone plaform, and I have never met an API did that did not have the ability to query the phone number of the device. Assuming you have a data plan (in many cases, the only way to get the app in the first place), its a tiny amount of code to post that information to a web page the first time the application runs. Some platforms, such as the Android, do indicate when an application has access to use the Internet, but its not trivial to find out exactly what information is going back and forth.
This issue has always been there, and is no more of a problem on an iPhone than other similar platforms.
I can't believe people trying to justify "freeware" vendors access to phone number. It is totally impossible on other smartphone operating systems, on Symbian you can't even dare to try it.
Incorrect. Symbian will allow it if you're Symbian Signed®, and Windows Mobile allows it by default. Not sure about Blackberry OS.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Yup, it's the same 100 people using proxies in Canada to post to slashdot!
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Tha't old news people.
Anyone with half a brain has already installed on his jailbreaked iPhone the modified /etc/hosts from i-phone-home.blogspot.com.
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.