Lawsuit Claims Top iPhone Games Stole User Data

pdclarry writes "Storm8, a maker of some top iPhone games, allegedly stole users' mobile phone numbers, according to a lawsuit filed on November 4. The suit claims that best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. There have been other reports of applications copying personally identifiable customer information in the past. The complaint seeks class-action status."

Not so secret ..

Getting access to a user's phone number doesn't require a 'secret' code. Any app can do that.

http://blog.timeister.com/2009/06/25/objective-c-get-iphone-number/

What Safeguards?

[hdurdle]

How is using standard, documented, code bypassing safeguards?

NSString *telnum = [[NSUserDefaults standardUserDefaults] stringForKey:@"SBFormattedPhoneNumber"];

On most devices - at least those that were activated via iTunes - that will return the phone number. Or null if you're on an iPod Touch.

Okay, so the developer shouldn't have been harvesting this data, and definitely not without protecting it, but I fail to see how this was bypassing safeguards!

Re:What Safeguards?

[RobTerrell]

Mod parent up. There's no safeguards. The Cocoa Touch SDK doesn't protect the user's phone number or name. Even the contents of the entire address book are accessed without safeguards. I was amazed to learn that I have to give an app permission to get my location, but meanwhile apps could pull every email address from Contacts and post them to a web server somewhere without my ever knowing.

Re:App Testing

[Jackie_Chan_Fan]

skype, opera, flash, and c64 emulators

Re:Apple's "Security" Focus (or lack their of)

[kegger64]

Not a flame, just a correction... the AppleTV supports WPA encription as well as WEP, and has for years. See http://www.engadget.com/2007/04/05/apple-tv-review/ .