Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lawsuit Claims Top iPhone Games Stole User Data

Posted by Soulskill on from the shake-up-and-down-to-send-credit-card-details dept.

pdclarry writes "Storm8, a maker of some top iPhone games, allegedly stole users' mobile phone numbers, according to a lawsuit filed on November 4. The suit claims that best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. There have been other reports of applications copying personally identifiable customer information in the past. The complaint seeks class-action status."

17 of 149 comments (clear)

  1. Clearly an inside job. by Reeses · · Score: 4, Funny

    As strict as the Apple store is about getting actual useful apps in, and screening all kinds of apps based on one or two system calls, clearly the only way this could have happened is if Storm8 has someone on the Apple App Approval Team who they know. Otherwise, how would something like this have gotten past such a stringent code review?

    --
    Reeses
    1. Re:Clearly an inside job. by SchroedingersCat · · Score: 5, Insightful

      They don't have access to the code. Besides, reviewing the code requires non-trivial technical skills. They are checking that apps conform to certain standards. If somebody really wants to plant backdoor into their app then nothing can realy stop them. There must be an explanation for 10000 fart apps in the store. Perhaps some of them have VOIP client built in...

  2. Re:Big Surprise... by Quantos · · Score: 5, Insightful

    We have to be on guard for this behavior with computers, why are people surprised that it happens with mobile devices? That brings one question to mind though. Do they not verify the applications that are put up on their store?

    --
    Some people are only alive because it's against the law for me to hunt them down and kill them.
  3. Not so secret .. by Anonymous Coward · · Score: 5, Informative

    Getting access to a user's phone number doesn't require a 'secret' code. Any app can do that.

    http://blog.timeister.com/2009/06/25/objective-c-get-iphone-number/

  4. yeah, right! by Anonymous Coward · · Score: 5, Insightful

    To be fair, given apple's reputation of 'protecting' their users by banning apps for all and sundry stupid reasons, it's only fair to lay the blame on the company for failing to protect against this.

    You can't have the cake and eat it too.

    But of course, if it's apple - apparently they can, at least here on /.

    1. Re:yeah, right! by E+IS+mC(Square) · · Score: 4, Funny

      Apparently, having the word 'iphone' in the app name is harmful, but allowing some other app to steal user data is okay - as long as it does not have the name 'iphone' in the app name.

      But it's apple!! They can't do no wrong!!

  5. Re:Big Surprise... by E+IS+mC(Square) · · Score: 5, Insightful

    >>What's to stop a bad application from bypassing those safeguards?

    Whatever happened to Apple's policy of babysitting their users by allowing only certain apps? Wouldn't this application exactly the kind of crap users should be protected against?

    It's been claimed on /. by appple apologists that that's the way apple protects its users. But apple is actually doing is protecting its pockets by banning applications which takes business away from them or AT&T - while such apps are in the wild - blessed by Apple.

  6. What Safeguards? by hdurdle · · Score: 5, Informative

    How is using standard, documented, code bypassing safeguards?

    NSString *telnum = [[NSUserDefaults standardUserDefaults] stringForKey:@"SBFormattedPhoneNumber"];

    On most devices - at least those that were activated via iTunes - that will return the phone number. Or null if you're on an iPod Touch.

    Okay, so the developer shouldn't have been harvesting this data, and definitely not without protecting it, but I fail to see how this was bypassing safeguards!

    1. Re:What Safeguards? by RobTerrell · · Score: 5, Informative

      Mod parent up. There's no safeguards. The Cocoa Touch SDK doesn't protect the user's phone number or name. Even the contents of the entire address book are accessed without safeguards. I was amazed to learn that I have to give an app permission to get my location, but meanwhile apps could pull every email address from Contacts and post them to a web server somewhere without my ever knowing.

    2. Re:What Safeguards? by IamTheRealMike · · Score: 4, Interesting

      What? Seriously? Why does this never come up in iPhone vs Android reviews? The Android security system isn't perfect, but it does at least tell you what an app will be able to do ahead of time. If I install a game and it wants to read my address book, I think twice.

  7. note to Apple by N!NJA · · Score: 4, Interesting

    mass-adoption is a security liability. it must be feared as much as holes and bugs in software. how does it feel to be in Microsoft's shoes? go ahead, fanbois. mod me down.

  8. Re:App Testing by Jackie_Chan_Fan · · Score: 5, Informative

    skype, opera, flash, and c64 emulators

  9. Re:Big Surprise... by CharlyFoxtrot · · Score: 4, Funny

    If you want infallible maybe they should get the pope to do app reviews.

    --
    If all else fails, immortality can always be assured by spectacular error.
  10. Re:Big Surprise... by SleepyHappyDoc · · Score: 5, Insightful

    Encryption wouldn't help here. The API allows access to all kinds of data on the iPhone, which some apps do legitimately require in order to function (for example, a Google Voice-type app would indeed need the user's phone number). Even if the data was encrypted, the iPhone would happily decrypt it and pass it to the app when given the proper API call. The issue here is enforcement. Developers caught doing this kind of thing should be banned from the App Store, and put on some kind of blacklist at Apple so Apple doesn't do further business with them.

    --
    Stasis is death. Embrace change.
  11. Apple's "Security" Focus (or lack their of) by thesandbender · · Score: 4, Interesting

    As a recent convert to Apple (short story OS X is a nice balance between Unix and applications I need to use for my client base) I was a little shocked by how nonchalant Apple seems to take user security.

    1. MacBook's default to no user authentication which is unacceptable for a portable device that can be stolen or misplaced.
    2. The OS X Firewall is disabled by default. Let's assume every OS X component is 100% secure, there's no way that every OS X app is.
    3. And as a completely random example... AppleTV only supports WEP. I know this is a nit-picky thing but it shows Apple's indifference. WEP has been thoroughly and completely broken... yet one of Apple's primary devices will not support a more secure protocol. You want to use your new toy you have to downgrade your security.

    I like OS X and the new unibody MacBooks just rock... but Apple's shwarmy and basically indifferent attitude to security is going to end up biting them in the arse.
    /I've strapped on my fire-proof britches... fire away :)

    1. Re:Apple's "Security" Focus (or lack their of) by kegger64 · · Score: 4, Informative

      Not a flame, just a correction... the AppleTV supports WPA encription as well as WEP, and has for years. See http://www.engadget.com/2007/04/05/apple-tv-review/ .

      --
      653899 - Another prime Slashdot UID
  12. Privacy applications are available.... by westyvw · · Score: 5, Interesting

    If your phone is jailbroken. I do not know if it protects the user form this company, but it does block information that other companies have been known to try and get. Yet Apple is still trying to convince users that the App store is the only safe place for software.