Slashdot Mirror

← Back to Stories (view on slashdot.org)

Advertisers Already Using New iPhone Text Message Exploit

Posted by timothy on from the you-rang? dept.

Andy Smith writes: The annoying App Store redirect issue has blighted iPhone users for years, but now there's a new annoyance and it's already being exploited: Visit a web page on your iPhone and any advertiser can automatically open your messages app and create a new text message with the recipient and message already filled in. We can only hope they don't figure out how to automatically send the message, although you can bet they're trying.

2 of 111 comments (clear)

  1. Computer fraud ... by gstoddart · · Score: 4, Interesting

    So when will we start holding ad agencies accountable for what is basically hacking?

    This is precisely why I will never have any qualms about blocking every damned ad site I can possibly identify ... because they're all ran by assholes who feel entitled to do anything they wish.

    They're untrustworthy, and willing to do anything for a buck. Which means we should be blocking the hell out of this shit.

    Boo hoo to anybody who says they need the ad revenue ... unless you plan on being accountable for this shit done by your advertisers, stop expecting us to trust them or you.

    --
    Lost at C:>. Found at C.
  2. Re:Why does this API exist? by tlhIngan · · Score: 4, Interesting

    Why is there an API for sending a text message from a web page? Why does this need to exist at all?

    You'd think someone at Apple, when they came up for this idea for this, would be shot down by someone else saying "Sorry dude, this is a feature that can be abused."

    Same deal with javascript being able to open the App Store. WHY??

    JavaScript can't open the App Store. What it can do is open a link to iTunes. What happens here is if you click a link that points to iTunes (iTunes Preview), on the desktop, it goes to a page that shows you the target, followed by a button that says "Open in iTunes" at which point iTunes is supposed to open and go to the app/music/movie/tv page of that item.

    On iOS, if you do the same, instead of iTunes opening, it goes to the appropriate store that sellsthe item. This is a regular feature and it's the same on iOS or Android. If you click on the "Apple App Store" button or the "Get it on Google Play", same result - it takes you to that product page in the appropriate store. Both are basically links that get treated specially.

    Likewise, it's possible to do text messaging - iOS has the ability to recognize phone numbers on webpages, and if you tap them, gets you the ability to send a text or phone that number. (Sometimes its heuristics mess up in humorous ways).

    That's by design.

    However, iOS does not allow anyone to send a text, make a phone call, send an email or other things without manual intervention. Siri can do it, but only after Siri composes it for you. Again, this is for safety purposes - apps cannot programmatically run up your phone bill. So at worst, you have an app switch out to Messages or Mail or the App Store on you. But at that point, you must tap "Purchase" or "Send" to actually perform the task. (a webpage can't do it because that point, the other app is onscreen)

    I wouldn't call this a new phenomena ... I have seen ads do this for years - especially on mobile ones where they pop up a full screen interstitial that advertises some freemuim game and the javascript calls open() on it which triggers the app store.

    It's really a form of advertising that's existed on desktops for years exploiting the new mobile technology, except instead of switching between apps, it's triggering plugins.

    Heck, the email one is really a lot like mailto: URLs that can fill in the To, Subject and body of a message, and wait for you to click Send.