Retrievable iPhone Numbers Raise Privacy Issue 146
TechnologyResource writes "When a couple of voicemails didn't show up recently, I thought nothing of it until a friend asked me if I'd gotten his message — people just don't call me that often. But the iPhone is indeed a phone, as some users are reportedly being reminded when they get phone calls from the publishers of a free app they've downloaded from the App Store. The application in question, mogoRoad, is a real-time traffic monitoring application. As invasive and despicable as that sounds, it raises another question: how did the company get hold of the contact information for those users? Mogo claims the details were provided by Apple, but Apple doesn't disclose that information to App Store vendors. French site Mac 4 Ever did some digging (scroll down for the English version) and determined it was possible — even easy — for an app to retrieve the phone number of a unit on which it was installed."
Re:Applies only to jailbroken devices? (Score:4, Insightful)
The Ars Technica article linked in the OP says that this applies to jailbroken iPhones.
It doesn't say it applies to only jailbroken iPhones, it says it's easy to see with a jailbroken iPhone (since you can find the directory then)
Both jailbroken and non-jailbroken can access it tho.
Confirm personal data sharing? (Score:2, Insightful)
As much as this may be on Apple, any good software developer should be asking the user for authority to share/access that information to begin with, specially if it's going to lead to sales calls down the line. Since it looks like mogoRoad didn't (at least there's no mention of this anywhere) it's telling that they really don't care about user privacy.
Apple could probably solve this by encapsulating any data on the iPhone with a framework that forces UI authorization before any app on the iPhone is allowed to access information.
Re:Where's the mainstream media? (Score:5, Insightful)
This kind of investigative journalism? The kind that puts confusing and irrelevant babble about phonecalls from friends at the start of the article? I'd hope those chances are pretty low.
Re:So (Score:3, Insightful)
With an IP address, there's not a lot of thing a publisher could do, except if it want to build a botnet.
Re:Other phones allow this (Score:2, Insightful)
Don't touch that button (Score:4, Insightful)
If Apple really did care about your privacy then the functionality just would not exist, and at best it would be a hack. As it stands it's just an undocumented feature.
It's great to rely on 'developer integrity' and all ya' know, but those developers are motivated by a need to generate a return. It's hard for anyone to expect a management team *not* to instruct a development team to extract said information and feed it into a marketing team. I've got two ideas for iPhone applications iWantYourMoney and iWantYourInformation supported by the iPwned you framework.
Seriously people it's like putting a 9 year old in front of a big red button with a sign under it saying 'Do not press this button' and saying to the kid 'Don't touch that button kid'. I'd expect the management teams to be saying 'what other user information can you extract'.
Re:You Think That's Bad? (Score:4, Insightful)
I guess some people are just so frugal and introverted that any use of their time or minutes results in a temper tantrum, like some arrogant teenager when the unwashed have the audacity to talk to them.
And you'd be right in a tiny fraction of the population's cases. For the majority, however, a better guess would be that were they asked to provide their iPhone number to the vendor, they would have declined to do so. However since they were not asked and the app took the number any way, they were understandably aggravated.
It isn't the phone call that is important at all. It is the power to decide, and with whom that power ultimately rests.
And if you genuinely cannot see that, I can only hope you do not live in the same democracy that I do...
Re:Other phones allow this (Score:3, Insightful)
There isn't a single other phone allowing this. On Symbian, you can't simply make your app "call" a number or send a sms without user getting a huge warning on screen.
Gathering phone numbers can be done only that way, there is no central "app store" which leaks user phone numbers.
I believe J2ME apps can't even try to do such sms/dial thing if they don't have a security cert.
These issues were fixed almost a decade ago, Apple ignored all the hard work done by others and rolled their own control freak store. This is just one of the results. I also saw couple of idiot developers on digg.com bragging about they know every user running their application and pirating it.That is one more scandal waiting in line to unearth.
Re:You Think That's Bad? (Score:2, Insightful)
Exactly. Who in their right mind would want to pay for incoming calls? Bizarre? Doesn't the first company which charges YOU for the calls YOU make and doesn't make you pay for spammers and cold callers wasting your time get to pick up just about every mobile user in the States??
Re:So (Score:2, Insightful)
Re:Nothing New Here (Score:2, Insightful)
That's muddy waters... Does downloading a demo ("free") app constitute a "business relationship"? As for telemarketing calls to cellphones, it's certainly despised, but I don't think it's illegal these days -- for starters, it's impossible to know the number you're dialing is a cellphone, or has been directed to a cellphone. The days when an NPANXX could tell you a location and service provider are long past. (any number can be assigned to anyone, anywhere.)
Not a question of technology (Score:2, Insightful)
The problem here is not with the technology, but with the business ethics of the company involved. It's not like discovering the phone numbers of consumers has been outright impossible before, it's merely become simple enough in this particular instance that an unscrupulous company thought it was worth the effort.
Re:What? (Score:3, Insightful)
A more honest approach would be some kind of opt-in if it has to be done at all.