Slashdot Mirror

← Back to Stories (view on slashdot.org)

Retrievable iPhone Numbers Raise Privacy Issue

Posted by kdawson on from the how-about-never-is-never-good-for-you dept.

TechnologyResource writes "When a couple of voicemails didn't show up recently, I thought nothing of it until a friend asked me if I'd gotten his message — people just don't call me that often. But the iPhone is indeed a phone, as some users are reportedly being reminded when they get phone calls from the publishers of a free app they've downloaded from the App Store. The application in question, mogoRoad, is a real-time traffic monitoring application. As invasive and despicable as that sounds, it raises another question: how did the company get hold of the contact information for those users? Mogo claims the details were provided by Apple, but Apple doesn't disclose that information to App Store vendors. French site Mac 4 Ever did some digging (scroll down for the English version) and determined it was possible — even easy — for an app to retrieve the phone number of a unit on which it was installed."

9 of 146 comments (clear)

  1. Apps use this all the time... by volxdragon · · Score: 2, Informative

    At least one server-based game I was looking at a network capture for was using the phone number as the login/authentication information to their server....rather stupid as it meant that anyone able to guess iPhone phone numbers would be able to hack other users accounts of the game...WHOOPS!

  2. Re:You Think That's Bad? by ZackSchil · · Score: 3, Informative

    I get the whole racket thing, and it's a joke, etc, etc, but it's worth noting that you can turn the entire Core Location framework off on a system-wide basis. You just go in to Settings->General and turn off "Location Services".

  3. Re:So by tonywong · · Score: 5, Informative

    I'd mod you down for not even bothering to RTFA, but claiming that it didn't say what the calls were about is a bit disingenuous.

    From the very first link:
    Several commenters on the store say theyâ€(TM)ve received phone calls from the company behind the application after they downloaded the free version, inviting them to shell out money for the full version.

  4. Similary functionality on other devices by zn0k · · Score: 2, Informative

    I was curious if this was possible on other devices. Seems like all the big ones have some API functionality to retrieve similar information:

    - http://docs.blackberry.com/en/developers/deliverables/8540/Retrieve_phone_number_BB_device_565546_11.jsp Blackberry

    - http://blogs.msdn.com/windowsmobile/archive/2004/11/28/271110.aspx Windows Mobile

    - http://www.forum.nokia.com/infocenter/index.jsp?topic=/S60_5th_Edition_Cpp_Developers_Library/GUID-3EB7E846-A29F-4546-B04D-A90B009903EF.html Symbian (while on casual inspection there appears to be no function to retrieve the phone number, you can retrieve the IMEI, and be notified on events such as phone calls, at which point you can retrieve the caller ID as well as the dialed number)

    - http://developer.android.com/reference/android/telephony/TelephonyManager.html Android (requires permissions be granted to the app)

  5. Nothing New Here by leapis · · Score: 4, Informative

    I have written applications on just about every smartphone plaform, and I have never met an API did that did not have the ability to query the phone number of the device. Assuming you have a data plan (in many cases, the only way to get the app in the first place), its a tiny amount of code to post that information to a web page the first time the application runs. Some platforms, such as the Android, do indicate when an application has access to use the Internet, but its not trivial to find out exactly what information is going back and forth.

    This issue has always been there, and is no more of a problem on an iPhone than other similar platforms.

    1. Re:Nothing New Here by Serious+Callers+Only · · Score: 2, Informative

      but. . . but. . . security is one of the claimed reasons for sandboxing applications on the iPhone. Apple is lying? Tell me it ain't so!

      No, not lying, just complacent.

      There should be an option to restrict this, and sandboxing does in fact give Apple the option to add it in the future - it does increase security by not allowing direct access to system files. All access to stuff like phone numbers and addresses is only via an API which Apple control, which they can modify at any time to pop up a dialog asking the user (see their restrictions on core location data).

  6. Re:You Think That's Bad? by Kalriath · · Score: 2, Informative

    I can't believe people trying to justify "freeware" vendors access to phone number. It is totally impossible on other smartphone operating systems, on Symbian you can't even dare to try it.

    Incorrect. Symbian will allow it if you're Symbian Signed®, and Windows Mobile allows it by default. Not sure about Blackberry OS.

    --
    For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  7. Re:You Think That's Bad? by Khyber · · Score: 2, Informative

    Yup, it's the same 100 people using proxies in Canada to post to slashdot!

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  8. Old News by psergiu · · Score: 2, Informative

    Tha't old news people.

    Anyone with half a brain has already installed on his jailbreaked iPhone the modified /etc/hosts from i-phone-home.blogspot.com.

    --
    1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.