Retrievable iPhone Numbers Raise Privacy Issue

TechnologyResource writes "When a couple of voicemails didn't show up recently, I thought nothing of it until a friend asked me if I'd gotten his message — people just don't call me that often. But the iPhone is indeed a phone, as some users are reportedly being reminded when they get phone calls from the publishers of a free app they've downloaded from the App Store. The application in question, mogoRoad, is a real-time traffic monitoring application. As invasive and despicable as that sounds, it raises another question: how did the company get hold of the contact information for those users? Mogo claims the details were provided by Apple, but Apple doesn't disclose that information to App Store vendors. French site Mac 4 Ever did some digging (scroll down for the English version) and determined it was possible — even easy — for an app to retrieve the phone number of a unit on which it was installed."

Re:You Think That's Bad?

[Anonymous Coward]

That's actually the point : when an app makes use of the CoreLocation framework, an alert is displayed automatically by the iphone to request the user's permission to get his location. It should be the same when an app tries to access the user's personal data. mmmhâ¦

Where's the mainstream media?

[Stoutlimb]

What are the chances that mainstream media would ever do this kind of investigative journalism? Or take seriously this kind of investigation done by an individual. Mainstream media like newspapers always claim that they have the upper hand over bloggers because they can do serious investigation.... but concerned people with time on their hands far outnumber journalists. This is a great example of that... and it's very telling that no mainstream news has yet to carry this.

And I think it's serious, because I'm sure this violates a few laws, at least in my country.

Huh?

[Chad Birch]

Does anyone understand how the first sentence of the summary is supposed to relate to this story at all?

Good job tagging it "coolstorybro" though, whoever did that. You made me laugh.

Re:You Think That's Bad?

[MBCook]

Plus, the first time an application tries to use it, the iPhone pops up a little notification asking you for your permission.

Re:What?

[Arimus]

Android asks you to agree that the app you are intending to install can access a list of various services etc it is then up to you whether you agree or not, you can also revoke permissions for installed apps if you change your mind later.

Re:You Think That's Bad?

[sopssa]

Which, interestingly, is only a problem in US. In every other country the caller pays for the call/sms.

Re:Android permission model FTW

[w3woody]

Please.

The Android permissions model works if you are a geek and have the correct magic decoder ring to understand the permissions being asked for. But most people are going to blow through those settings the same way that they blow through the Windows Vista UAC alerts.

I know: the company I'm working for is currently shipping on the Android Marketplace an application which explicitly requests the "Phone calls (read phone state)" and "Services that cost you money (directly call phone numbers)" states--and that hasn't slowed our adoption rate one whit.

(The first is so we can read the IMEI to generate a unique identifier--which is ultimately generated as a one-way hash. The one-way hash makes it impossible for us to go back from the UUID to a specific user or phone--and it works that way because I put my foot down. (Our Prod Manager wanted the user's phone number--to which I responded "No frakkin' way. Fire my ass first.") The second is so when the user asks for more information on a particular business found in our app I can dump him into the telephony application with the phone number pre-loaded. But we do not actually initiate the phone call; the user has to press the "call" button, despite having an API to initiate the phone call ourselves. Again, I put my foot down here--before I suck your minutes I want to know that was what you really wanted.)

Yes, we don't do anything bad. But it's not because the Android permission model slowed us down one microsecond. Thus far we've shipped over 175,000 copies. No; it's because I put my foot down--and I can see that for someone not as stubborn as me, it'd would have been easy for us to capture the location and phone number of 175,000 users and track where they were while they were using our app in real time.

Re:You Think That's Bad?

[Ilgaz]

There is a hoax running especially in Europe, +358 or similar number, similar to Italy code (+35). Once you get a "ring" from that line or tricked calling it, your phone bill will be doomed. I speak about thousands of dollars (euros) here and you can't get that money back.

They can't filter the number too since telecom system only allows +35**** to be banned, which would mean Italy would get blocked.
Problem of these guys was finding juicy rich people. Just imagine some iphone freeware vendor supplies it to them, a good database of iphone owners.

I can't believe people trying to justify "freeware" vendors access to phone number. It is totally impossible on other smartphone operating systems, on Symbian you can't even dare to try it.