Lawsuit Claims Top iPhone Games Stole User Data

pdclarry writes "Storm8, a maker of some top iPhone games, allegedly stole users' mobile phone numbers, according to a lawsuit filed on November 4. The suit claims that best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. There have been other reports of applications copying personally identifiable customer information in the past. The complaint seeks class-action status."

Not so secret ..

Getting access to a user's phone number doesn't require a 'secret' code. Any app can do that.

http://blog.timeister.com/2009/06/25/objective-c-get-iphone-number/

Re:Clearly an inside job.

[chocomilko]

Apple acknowledges the fact that developers might insert hidden content into their app to skirt the review process. They do warn, however, that they will eventually find out and yank your app -- which is what has happened here.

Unfortunately, app reviewers literally just install your app on a bunch of devices and tap around the screen to make sure nothing breaks, so any sort of hidden functionality will likely make it past the initial screening.

For the record... my app, Touch Health, will not steal your phone number.

What Safeguards?

[hdurdle]

How is using standard, documented, code bypassing safeguards?

NSString *telnum = [[NSUserDefaults standardUserDefaults] stringForKey:@"SBFormattedPhoneNumber"];

On most devices - at least those that were activated via iTunes - that will return the phone number. Or null if you're on an iPod Touch.

Okay, so the developer shouldn't have been harvesting this data, and definitely not without protecting it, but I fail to see how this was bypassing safeguards!

Re:What Safeguards?

[RobTerrell]

Mod parent up. There's no safeguards. The Cocoa Touch SDK doesn't protect the user's phone number or name. Even the contents of the entire address book are accessed without safeguards. I was amazed to learn that I have to give an app permission to get my location, but meanwhile apps could pull every email address from Contacts and post them to a web server somewhere without my ever knowing.

Re:App Testing

[Jackie_Chan_Fan]

skype, opera, flash, and c64 emulators

This is isn't new

You can get device id (often the number) on games/apps from a variety of carriers. We're contractually bound only to use it for reporting back to them. Esp for subscription games. There's that line about sharing info with our partners in nearly every privacy clause, basically we use it to track you but not to market to you.

And yes I've worked in the industry for a while.

Re:Apple's "Security" Focus (or lack their of)

[kegger64]

Not a flame, just a correction... the AppleTV supports WPA encription as well as WEP, and has for years. See http://www.engadget.com/2007/04/05/apple-tv-review/ .

Which of these are valid...

[SuperKendall]

MacBook's default to no user authentication which is unacceptable for a portable device that can be stolen or misplaced.

Are you sure about that? Every new Mac I've seen, you have to set up a user account (with password) first. Are you talking about how there is a setting to log you in automatically on restart?

The OS X Firewall is disabled by default. Let's assume every OS X component is 100% secure, there's no way that every OS X app is.

This makes no sense. No ports are open by default, so just what would the firewall be, well, firewalling? With no ports open by default it's pretty much pointless to target any of the services since so few of them are likley to be turned on across the population. That's actually the real reason we've seen no viruses on OS X, because there's no target vector wide enough to be worth the trouble - thus all attacks are trojan style.

If a particular app has a flaw how does a firewall help, if that app choses to listen on a port? Wouldn't it have to do that around the firewall anyway?

And as a completely random example... AppleTV only supports WEP

As stated by other posters, this is not correct.

I like OS X and the new unibody MacBooks just rock... but Apple's shwarmy and basically indifferent attitude to security

I disagree here, I think Apple has been very security conscious in the ways that actually matter most to users.

Re:yeah, right!

[DJRumpy]

> IANAL, but a content provider that facilitates distribution of malware/spyware through its portal must be culpable to some extent?

No they aren't. You should know better if you're on this site. That's like saying the internet providers are responsible for all malware.

They check apps for content and for duplicated functionality. They don't do a line by line review of every piece of code, nor do they claim to do so.

Re:Apple's "Security" Focus (or lack their of)

[cbreak]

For 1: User authentication does not help against data loss due to stolen or lost hardware. Local access means root access, unless encryption is used. And Apple can't turn on FileVault by default since users that aren't careful (master password, write their password down and store it in a safe) would just forget their passwords and lose access to their data permanently.
For 2: The purpose of a firewall is to filter traffic to open ports. Mac OS X has no open ports by default. Any services the user chooses to run have to get a hole in the firewall anyway to work. So how exactly would turning the firewall on by default help the security against intrusion?

Why just the iPhone?

[tlhIngan]

From - http://yro.slashdot.org/comments.pl?sid=1386337&cid=29585841 - every phone OS has ways to get the phone number, much easier than various little hacks to do so. Android, Symbian, Blackberry OS, Windows Mobile. Though to Symbian's credit, you need to do a few tricks (like waiting for a phone call), and Android requires permission.

The interesting question is, how many apps on those platforms already call home? Why is Apple "innovating" in revealing what could be standard practice elsewhere?

Contact info is the least of your problems.

An application installed on your iPhone "in principle" runs in its own sandbox, but it is quite possible to access, say, your photos. I could write a game which uploaded all your personal photos to my website while you were playing it.

Apple does not check source code. You provide a compiled binary for their review. Accessing stuff outside of your application sandbox *may* get your app rejected, though. I say *may*, because I wrote an iPhone game which used the standard wallpapers as a background. Version 1.0 was accepted. I added ad-support and made it free, resubmitted it as 1.1, and got rejected because I used "Apple copyrighted images". Note that this part of the application wasn't changed at all from the 1.0, accepted version. I pointed dout that the app didn't contain *copies* of those images at all, and that I simply accessed /Library/Wallpapers (paraphrased). After that, I got a mail from the reviewer saying it's not allowed to access data outside my apps sandbox, so it stayed rejected. I then added a few photos to the installer from my own personal photo library and resubmitted. The app then got accepted.

It would probably be a good idea if trying to upload data would trigger an end-user popup, just like accessing the current location (GPS coordinates) currently does. If you hadn't just selected "upload my high-score to the internet", the pop-up would be suspicious and you'd reject it.

On the other hand, the app could simply upload your personal photos while pretending to upload your highscore.

A better solution would probably be to use POSIX permissions to make things unreadable by default, and use the "UAC-style popup" to grant specific permissions. A photo editor which asks to read your camera roll makes sense, but some game probably doesn't have any business there.

Note: I'm not currently doing anything evil, apart from serving ads. I realize that probably is evil enough for the people reading /.

Re:Apple's "Security" Focus (or lack their of)

[SuiteSisterMary]

For 2: The purpose of a firewall is to filter traffic to open ports. Mac OS X has no open ports by default. Any services the user chooses to run have to get a hole in the firewall anyway to work. So how exactly would turning the firewall on by default help the security against intrusion?

The purpose of a firewall is to filter traffic on open ports. Without a firewall, *all* ports are open, even if there are no daemons listening on them. When you install new software, you are potentially installing a daemon, or a client software. Some people like having firewalls that do the proper job of also filtering outbound traffic.

Re:OS X 10.5+ firewall is app firewall in fact

[SuperKendall]

BTW: Check your ports with nmap locally (nmap) or remotely (grc.com) after putting machine to DMZ. Some real needless ports are always open.

But only if you have enabled some services, none of which are enabled by default. That's why it doesn't really matter, because any one service is going to have such a low surface area to attack it's a waste of time to write the exploit - in the general case.

Companies should always be more cautious because of the potential for espionage, but then they could insist that be turned on. For the average home user I still don't see it as a bad default because few people will ever enable the "sharing" items. An average home user will not share a computer from a desktop Mac, instead they'd be plugging a printer into a computer directly or sharing it via a dedicated device like an Airport Express.