Lawsuit Claims Top iPhone Games Stole User Data

pdclarry writes "Storm8, a maker of some top iPhone games, allegedly stole users' mobile phone numbers, according to a lawsuit filed on November 4. The suit claims that best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. There have been other reports of applications copying personally identifiable customer information in the past. The complaint seeks class-action status."

Not so secret ..

Getting access to a user's phone number doesn't require a 'secret' code. Any app can do that.

http://blog.timeister.com/2009/06/25/objective-c-get-iphone-number/

What Safeguards?

[hdurdle]

How is using standard, documented, code bypassing safeguards?

NSString *telnum = [[NSUserDefaults standardUserDefaults] stringForKey:@"SBFormattedPhoneNumber"];

On most devices - at least those that were activated via iTunes - that will return the phone number. Or null if you're on an iPod Touch.

Okay, so the developer shouldn't have been harvesting this data, and definitely not without protecting it, but I fail to see how this was bypassing safeguards!

Re:What Safeguards?

[RobTerrell]

Mod parent up. There's no safeguards. The Cocoa Touch SDK doesn't protect the user's phone number or name. Even the contents of the entire address book are accessed without safeguards. I was amazed to learn that I have to give an app permission to get my location, but meanwhile apps could pull every email address from Contacts and post them to a web server somewhere without my ever knowing.

Re:App Testing

[Jackie_Chan_Fan]

skype, opera, flash, and c64 emulators

Re:Apple's "Security" Focus (or lack their of)

[kegger64]

Not a flame, just a correction... the AppleTV supports WPA encription as well as WEP, and has for years. See http://www.engadget.com/2007/04/05/apple-tv-review/ .

Which of these are valid...

[SuperKendall]

MacBook's default to no user authentication which is unacceptable for a portable device that can be stolen or misplaced.

Are you sure about that? Every new Mac I've seen, you have to set up a user account (with password) first. Are you talking about how there is a setting to log you in automatically on restart?

The OS X Firewall is disabled by default. Let's assume every OS X component is 100% secure, there's no way that every OS X app is.

This makes no sense. No ports are open by default, so just what would the firewall be, well, firewalling? With no ports open by default it's pretty much pointless to target any of the services since so few of them are likley to be turned on across the population. That's actually the real reason we've seen no viruses on OS X, because there's no target vector wide enough to be worth the trouble - thus all attacks are trojan style.

If a particular app has a flaw how does a firewall help, if that app choses to listen on a port? Wouldn't it have to do that around the firewall anyway?

And as a completely random example... AppleTV only supports WEP

As stated by other posters, this is not correct.

I like OS X and the new unibody MacBooks just rock... but Apple's shwarmy and basically indifferent attitude to security

I disagree here, I think Apple has been very security conscious in the ways that actually matter most to users.

Re:yeah, right!

[DJRumpy]

> IANAL, but a content provider that facilitates distribution of malware/spyware through its portal must be culpable to some extent?

No they aren't. You should know better if you're on this site. That's like saying the internet providers are responsible for all malware.

They check apps for content and for duplicated functionality. They don't do a line by line review of every piece of code, nor do they claim to do so.