Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Cellphones Privacy

Retrievable iPhone Numbers Raise Privacy Issue 146

Posted by kdawson
from the how-about-never-is-never-good-for-you dept.
TechnologyResource writes "When a couple of voicemails didn't show up recently, I thought nothing of it until a friend asked me if I'd gotten his message — people just don't call me that often. But the iPhone is indeed a phone, as some users are reportedly being reminded when they get phone calls from the publishers of a free app they've downloaded from the App Store. The application in question, mogoRoad, is a real-time traffic monitoring application. As invasive and despicable as that sounds, it raises another question: how did the company get hold of the contact information for those users? Mogo claims the details were provided by Apple, but Apple doesn't disclose that information to App Store vendors. French site Mac 4 Ever did some digging (scroll down for the English version) and determined it was possible — even easy — for an app to retrieve the phone number of a unit on which it was installed."
This discussion has been archived. No new comments can be posted.

Retrievable iPhone Numbers Raise Privacy Issue

Comments Filter:
  • by sopssa (1498795) * <sopssa@email.com> on Tuesday September 29, 2009 @04:30PM (#29585769) Journal

    The Ars Technica article linked in the OP says that this applies to jailbroken iPhones.

    It doesn't say it applies to only jailbroken iPhones, it says it's easy to see with a jailbroken iPhone (since you can find the directory then)

    Both jailbroken and non-jailbroken can access it tho.

  • by codeonezero (540302) * on Tuesday September 29, 2009 @04:37PM (#29585819)

    As much as this may be on Apple, any good software developer should be asking the user for authority to share/access that information to begin with, specially if it's going to lead to sales calls down the line. Since it looks like mogoRoad didn't (at least there's no mention of this anywhere) it's telling that they really don't care about user privacy.

    Apple could probably solve this by encapsulating any data on the iPhone with a framework that forces UI authorization before any app on the iPhone is allowed to access information.

  • by Goaway (82658) on Tuesday September 29, 2009 @04:43PM (#29585853) Homepage

    This kind of investigative journalism? The kind that puts confusing and irrelevant babble about phonecalls from friends at the start of the article? I'd hope those chances are pretty low.

  • Re:So (Score:3, Insightful)

    by sadness203 (1539377) on Tuesday September 29, 2009 @04:54PM (#29585949)
    It's more akin to a PC apps getting your e-mail address and sending you spam.
    With an IP address, there's not a lot of thing a publisher could do, except if it want to build a botnet.
  • by roothog (635998) on Tuesday September 29, 2009 @04:55PM (#29585961)
    Software that steals email addresses is called "malware" and isn't sold at a marketplace managed by the OS vendor.
  • by MrKaos (858439) on Tuesday September 29, 2009 @05:00PM (#29586005) Journal

    If Apple really did care about your privacy then the functionality just would not exist, and at best it would be a hack. As it stands it's just an undocumented feature.

    It's great to rely on 'developer integrity' and all ya' know, but those developers are motivated by a need to generate a return. It's hard for anyone to expect a management team *not* to instruct a development team to extract said information and feed it into a marketing team. I've got two ideas for iPhone applications iWantYourMoney and iWantYourInformation supported by the iPwned you framework.

    Seriously people it's like putting a 9 year old in front of a big red button with a sign under it saying 'Do not press this button' and saying to the kid 'Don't touch that button kid'. I'd expect the management teams to be saying 'what other user information can you extract'.

  • by BobMcD (601576) on Tuesday September 29, 2009 @05:26PM (#29586217)

    I guess some people are just so frugal and introverted that any use of their time or minutes results in a temper tantrum, like some arrogant teenager when the unwashed have the audacity to talk to them.

    And you'd be right in a tiny fraction of the population's cases. For the majority, however, a better guess would be that were they asked to provide their iPhone number to the vendor, they would have declined to do so. However since they were not asked and the app took the number any way, they were understandably aggravated.

    It isn't the phone call that is important at all. It is the power to decide, and with whom that power ultimately rests.

    And if you genuinely cannot see that, I can only hope you do not live in the same democracy that I do...

  • by Ilgaz (86384) on Tuesday September 29, 2009 @05:47PM (#29586417) Homepage

    There isn't a single other phone allowing this. On Symbian, you can't simply make your app "call" a number or send a sms without user getting a huge warning on screen.

    Gathering phone numbers can be done only that way, there is no central "app store" which leaks user phone numbers.

    I believe J2ME apps can't even try to do such sms/dial thing if they don't have a security cert.

    These issues were fixed almost a decade ago, Apple ignored all the hard work done by others and rolled their own control freak store. This is just one of the results. I also saw couple of idiot developers on digg.com bragging about they know every user running their application and pirating it.That is one more scandal waiting in line to unearth.

  • by Threni (635302) on Tuesday September 29, 2009 @06:04PM (#29586637)

    Exactly. Who in their right mind would want to pay for incoming calls? Bizarre? Doesn't the first company which charges YOU for the calls YOU make and doesn't make you pay for spammers and cold callers wasting your time get to pick up just about every mobile user in the States??

  • Re:So (Score:2, Insightful)

    by BattleApple (956701) on Tuesday September 29, 2009 @08:21PM (#29587839)
    Just because an app needs access to your phone number doesn't mean the developer needs access to it.
  • by Cramer (69040) on Tuesday September 29, 2009 @10:04PM (#29588725) Homepage

    That's muddy waters... Does downloading a demo ("free") app constitute a "business relationship"? As for telemarketing calls to cellphones, it's certainly despised, but I don't think it's illegal these days -- for starters, it's impossible to know the number you're dialing is a cellphone, or has been directed to a cellphone. The days when an NPANXX could tell you a location and service provider are long past. (any number can be assigned to anyone, anywhere.)

  • by Tobor the Eighth Man (13061) on Wednesday September 30, 2009 @12:14AM (#29589519)

    The problem here is not with the technology, but with the business ethics of the company involved. It's not like discovering the phone numbers of consumers has been outright impossible before, it's merely become simple enough in this particular instance that an unscrupulous company thought it was worth the effort.

  • Re:What? (Score:3, Insightful)

    by BrokenHalo (565198) on Wednesday September 30, 2009 @02:25AM (#29590145)
    Seems to me there's a difference between your phone number being available for an app (i.e. for the customer's convenience) and the app passing it on to any third party.

    A more honest approach would be some kind of opt-in if it has to be done at all.

It's not so hard to lift yourself by your bootstraps once you're off the ground. -- Daniel B. Luten

Working...