Slashdot Mirror

← Back to Stories (view on slashdot.org)

Retrievable iPhone Numbers Raise Privacy Issue

Posted by kdawson on from the how-about-never-is-never-good-for-you dept.

TechnologyResource writes "When a couple of voicemails didn't show up recently, I thought nothing of it until a friend asked me if I'd gotten his message — people just don't call me that often. But the iPhone is indeed a phone, as some users are reportedly being reminded when they get phone calls from the publishers of a free app they've downloaded from the App Store. The application in question, mogoRoad, is a real-time traffic monitoring application. As invasive and despicable as that sounds, it raises another question: how did the company get hold of the contact information for those users? Mogo claims the details were provided by Apple, but Apple doesn't disclose that information to App Store vendors. French site Mac 4 Ever did some digging (scroll down for the English version) and determined it was possible — even easy — for an app to retrieve the phone number of a unit on which it was installed."

7 of 146 comments (clear)

  1. You Think That's Bad? by eldavojohn · · Score: 5, Funny

    That's nothing. You can use the Core Location Framework to figure out where they are. So I sold an application to celebrities only that shows them where the paparazzi are, it's called iAvoidPaparazzi. Then iAvoidPaparazzi sends my server their location which gets fed into another application called iMolestCelebs that I sell to tabloids and paparazzi. Then their information comes back to my server and gets fed out to iAvoidPaparazzi. Yeah it took me a few weeks to prime the pump so to speak but once this gets rolling I'm sure I'll make some huge bank off of it ... at least until I get shutdown after I take the heat for a few Princess Dianas. *sigh* A man can't make an honest living these days ...

    --
    My work here is dung.
  2. Where's the mainstream media? by Stoutlimb · · Score: 4, Interesting

    What are the chances that mainstream media would ever do this kind of investigative journalism? Or take seriously this kind of investigation done by an individual. Mainstream media like newspapers always claim that they have the upper hand over bloggers because they can do serious investigation.... but concerned people with time on their hands far outnumber journalists. This is a great example of that... and it's very telling that no mainstream news has yet to carry this.

    And I think it's serious, because I'm sure this violates a few laws, at least in my country.

    1. Re:Where's the mainstream media? by Goaway · · Score: 5, Insightful

      This kind of investigative journalism? The kind that puts confusing and irrelevant babble about phonecalls from friends at the start of the article? I'd hope those chances are pretty low.

  3. Re:So by tonywong · · Score: 5, Informative

    I'd mod you down for not even bothering to RTFA, but claiming that it didn't say what the calls were about is a bit disingenuous.

    From the very first link:
    Several commenters on the store say theyâ€(TM)ve received phone calls from the company behind the application after they downloaded the free version, inviting them to shell out money for the full version.

  4. Need your phone number stolen? by secretvampire · · Score: 5, Funny

    There's an app for that.

  5. Re:Android permission model FTW by w3woody · · Score: 4, Interesting

    Please.

    The Android permissions model works if you are a geek and have the correct magic decoder ring to understand the permissions being asked for. But most people are going to blow through those settings the same way that they blow through the Windows Vista UAC alerts.

    I know: the company I'm working for is currently shipping on the Android Marketplace an application which explicitly requests the "Phone calls (read phone state)" and "Services that cost you money (directly call phone numbers)" states--and that hasn't slowed our adoption rate one whit.

    (The first is so we can read the IMEI to generate a unique identifier--which is ultimately generated as a one-way hash. The one-way hash makes it impossible for us to go back from the UUID to a specific user or phone--and it works that way because I put my foot down. (Our Prod Manager wanted the user's phone number--to which I responded "No frakkin' way. Fire my ass first.") The second is so when the user asks for more information on a particular business found in our app I can dump him into the telephony application with the phone number pre-loaded. But we do not actually initiate the phone call; the user has to press the "call" button, despite having an API to initiate the phone call ourselves. Again, I put my foot down here--before I suck your minutes I want to know that was what you really wanted.)

    Yes, we don't do anything bad. But it's not because the Android permission model slowed us down one microsecond. Thus far we've shipped over 175,000 copies. No; it's because I put my foot down--and I can see that for someone not as stubborn as me, it'd would have been easy for us to capture the location and phone number of 175,000 users and track where they were while they were using our app in real time.

  6. Nothing New Here by leapis · · Score: 4, Informative

    I have written applications on just about every smartphone plaform, and I have never met an API did that did not have the ability to query the phone number of the device. Assuming you have a data plan (in many cases, the only way to get the app in the first place), its a tiny amount of code to post that information to a web page the first time the application runs. Some platforms, such as the Android, do indicate when an application has access to use the Internet, but its not trivial to find out exactly what information is going back and forth.

    This issue has always been there, and is no more of a problem on an iPhone than other similar platforms.