Advertisers Already Using New iPhone Text Message Exploit

Andy Smith writes: The annoying App Store redirect issue has blighted iPhone users for years, but now there's a new annoyance and it's already being exploited: Visit a web page on your iPhone and any advertiser can automatically open your messages app and create a new text message with the recipient and message already filled in. We can only hope they don't figure out how to automatically send the message, although you can bet they're trying.

See

[Greyfox]

It's shit like that that drives people to adblock. And also to class action lawsuits.

Re:See

[jellomizer]

Exactly, Adblocking for the most part isn't about trying to stop advertising that helps pay for the operation of the website, but to stop abusive add companies that attempt to turn your full device into an advertising media. Especially when it gets past the site you are viewing, then the add revenue doesn't go to the web-site but only to the advertising company, thus creating a no benefit business model.

Re:See

I do not currently and do not expect to ever have a personal opposition to advertisements hosted on the same server as the page I am viewing and inserted by server-side script.

So long as the advertisements are handled by a third party client-side script, page owners can claim ignorance of what is being advertised through their page. This willful refusal to asses their own contribution to the spread of malicious software is why I have no doubts about my decision to use ad blockers and a nice big host file.

Re:See

[JustAnotherOldGuy]

Exactly, Adblocking for the most part isn't about trying to stop advertising that helps pay for the operation of the website, but to stop abusive add companies

Bingo. I'd be happy seeing a reasonable number of non-intrusive ads on a page, but that's not the problem here.

I run AdBlock specifically to try and avoid the malware-laden ads and auto-playing ads with sounds. I have no problem with text ads whatsoever, but when ads cross the line and infect my PC or blare sound unrequested, that's it.

The advertisers have really brought this on themselves for the most part. Not 100% of the blame, but ~95% of the blame is on them.

I say 95% because I realize it's hard to vet every ad, especially those with flash, but that's not my problem- it's their problem and if they can't get a grip on it then they completely lose my eyeballs.

Really, I don't mind a reasonable number of benign ads, but infecting my PC isn't something I'm willing to agree to.

Why does this API exist?

[ZorinLynx]

Why is there an API for sending a text message from a web page? Why does this need to exist at all?

You'd think someone at Apple, when they came up for this idea for this, would be shot down by someone else saying "Sorry dude, this is a feature that can be abused."

Same deal with javascript being able to open the App Store. WHY??

Re:Why does this API exist?

[Ronin+Developer]

However, there is no cost if you don't hit "Send". You have the option to cancel the text just as we have done for years with mailto: links.

Now, if they figure out how to actually send the text without consent, that's another game altogether.

mailto:

[Aaden42]

How is this different than a mailto: link which can populate the subject, body, etc. but not actually send it until you tap send?

Re:mailto:

[clonehappy]

It's not.

Just like every meatspace annoyance turned into public hyperventilation when translated into computer annoyances, now every regular computer annoyance means public hyperventilation when translated into mobile annoyances.

Even for slashdot, calling this an "exploit" is a fucking stretch. But oh yeah, fuck Apple or something...