Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lawsuit Claims Top iPhone Games Stole User Data

Posted by Soulskill on from the shake-up-and-down-to-send-credit-card-details dept.

pdclarry writes "Storm8, a maker of some top iPhone games, allegedly stole users' mobile phone numbers, according to a lawsuit filed on November 4. The suit claims that best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. There have been other reports of applications copying personally identifiable customer information in the past. The complaint seeks class-action status."

9 of 149 comments (clear)

  1. Big Surprise... by Super+Dave+Osbourne · · Score: 3, Insightful

    Is it a real surprise that there are iPhone apps out there that snoop, and bypass safeguards. When will encrypted data at the 2048 and higher bit level make it into the tech we take for granted on a daily basis. If you want safeguards, folks need to start using the stuff out on the market that is free to give them some level of protection against theft. Don't lock the door well, expect thieves, don't weatherize in well, expect to get cold. Don't encrypt your data, expect to lose it to theft.

    1. Re:Big Surprise... by Quantos · · Score: 5, Insightful

      We have to be on guard for this behavior with computers, why are people surprised that it happens with mobile devices? That brings one question to mind though. Do they not verify the applications that are put up on their store?

      --
      Some people are only alive because it's against the law for me to hunt them down and kill them.
    2. Re:Big Surprise... by E+IS+mC(Square) · · Score: 5, Insightful

      >>What's to stop a bad application from bypassing those safeguards?

      Whatever happened to Apple's policy of babysitting their users by allowing only certain apps? Wouldn't this application exactly the kind of crap users should be protected against?

      It's been claimed on /. by appple apologists that that's the way apple protects its users. But apple is actually doing is protecting its pockets by banning applications which takes business away from them or AT&T - while such apps are in the wild - blessed by Apple.

    3. Re:Big Surprise... by SleepyHappyDoc · · Score: 5, Insightful

      Encryption wouldn't help here. The API allows access to all kinds of data on the iPhone, which some apps do legitimately require in order to function (for example, a Google Voice-type app would indeed need the user's phone number). Even if the data was encrypted, the iPhone would happily decrypt it and pass it to the app when given the proper API call. The issue here is enforcement. Developers caught doing this kind of thing should be banned from the App Store, and put on some kind of blacklist at Apple so Apple doesn't do further business with them.

      --
      Stasis is death. Embrace change.
    4. Re:Big Surprise... by R3d+M3rcury · · Score: 3, Insightful

      So Apple will try but they may make mistakes. Fair enough.

      But if we accept the fact that mistakes will be made, how is this better than either a "Wild West" approach where anyone can publish applications with no review whatsoever or, conversely, a competitive store approach where some stores will be better than others about evaluating what an app does?

  2. Re:Clearly an inside job. by SchroedingersCat · · Score: 5, Insightful

    They don't have access to the code. Besides, reviewing the code requires non-trivial technical skills. They are checking that apps conform to certain standards. If somebody really wants to plant backdoor into their app then nothing can realy stop them. There must be an explanation for 10000 fart apps in the store. Perhaps some of them have VOIP client built in...

  3. yeah, right! by Anonymous Coward · · Score: 5, Insightful

    To be fair, given apple's reputation of 'protecting' their users by banning apps for all and sundry stupid reasons, it's only fair to lay the blame on the company for failing to protect against this.

    You can't have the cake and eat it too.

    But of course, if it's apple - apparently they can, at least here on /.

    1. Re:yeah, right! by MightyMartian · · Score: 3, Insightful

      I'd love to, but sadly, I think it shows the sheer ineptitude of their apps store and undermines the very arguments they use for denying things like full C64 emulators. In short, Apple's excuse is a pile of bullshit. If malware can make it on to the iPhone via the Store, then one of the Store's primary purposes has been undermined, as has Apple's claims about it.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
  4. Re:note to Apple by 140Mandak262Jamuna · · Score: 3, Insightful

    mass-adoption is a security liability. it must be feared as much as holes and bugs in software. how does it feel to be in Microsoft's shoes? go ahead, fanbois. mod me down.

    Oh, really? Take a look at the market share of Apache webserver. Now which is more secure? IIS or Apache? They are plump target for every organized crime outfits in the world. They host banks and brokerage accounts that transact trillions of dollars day in day out. And the organized crime outfits don't limit themselves to simple hacker techniques. They would not mind murder and kidnapping and bribing to get passwords or breaking and entering to install key loggers. In that market place Apache shines and IIS lags.

    Mass adoption alone is not a security liability. Mass adoption of closed proprietary protocols, be it Apple, be it Microsoft, be it Diebold, is a security liability. The reason is the main interest of Apples and Microsofts and Diebolds is to sell more of their product. Not security of user data. It is important only as much as it affects sales. If there are other factors that influence sales they will be the preoccupation of these companies, not security of user data.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact