Retrievable iPhone Numbers Raise Privacy Issue 146
TechnologyResource writes "When a couple of voicemails didn't show up recently, I thought nothing of it until a friend asked me if I'd gotten his message — people just don't call me that often. But the iPhone is indeed a phone, as some users are reportedly being reminded when they get phone calls from the publishers of a free app they've downloaded from the App Store. The application in question, mogoRoad, is a real-time traffic monitoring application. As invasive and despicable as that sounds, it raises another question: how did the company get hold of the contact information for those users? Mogo claims the details were provided by Apple, but Apple doesn't disclose that information to App Store vendors. French site Mac 4 Ever did some digging (scroll down for the English version) and determined it was possible — even easy — for an app to retrieve the phone number of a unit on which it was installed."
Apps use this all the time... (Score:3, Informative)
At least one server-based game I was looking at a network capture for was using the phone number as the login/authentication information to their server....rather stupid as it meant that anyone able to guess iPhone phone numbers would be able to hack other users accounts of the game...WHOOPS!
Re:You Think That's Bad? (Score:4, Informative)
I get the whole racket thing, and it's a joke, etc, etc, but it's worth noting that you can turn the entire Core Location framework off on a system-wide basis. You just go in to Settings->General and turn off "Location Services".
Re:So (Score:5, Informative)
From the very first link:
Several commenters on the store say theyâ€(TM)ve received phone calls from the company behind the application after they downloaded the free version, inviting them to shell out money for the full version.
Re:So (Score:1, Informative)
Similary functionality on other devices (Score:2, Informative)
I was curious if this was possible on other devices. Seems like all the big ones have some API functionality to retrieve similar information:
- http://docs.blackberry.com/en/developers/deliverables/8540/Retrieve_phone_number_BB_device_565546_11.jsp [blackberry.com] Blackberry
- http://blogs.msdn.com/windowsmobile/archive/2004/11/28/271110.aspx [msdn.com] Windows Mobile
- http://www.forum.nokia.com/infocenter/index.jsp?topic=/S60_5th_Edition_Cpp_Developers_Library/GUID-3EB7E846-A29F-4546-B04D-A90B009903EF.html [nokia.com] Symbian (while on casual inspection there appears to be no function to retrieve the phone number, you can retrieve the IMEI, and be notified on events such as phone calls, at which point you can retrieve the caller ID as well as the dialed number)
- http://developer.android.com/reference/android/telephony/TelephonyManager.html [android.com] Android (requires permissions be granted to the app)
Re:Invasive? (Score:1, Informative)
I know, I had to read it a few times as well. The way over the top reaction wasn't to the immediate prior sentence. It was to two sentences before. When I finally realized that the submitter flew off the handle about receiving solicitous phone calls from the company that published a free app these people had downloaded, I too, was a little ticked off at the thought of it. Of course, it wasn't until I got over the smugness of the submitter wasting my time with the whole discussion about how so few people actually call him anymore. What a douche.
My first reaction was, "why is a company burning these people's minutes?" followed by, "I thought it was illegal for businesses to make solicitation calls to cell phones" then followed by "I can't believe this smug little douchey asshole didn't register his cellphone on the Do Not Call Registry" eventually ending with, "Ahhhh, they downloaded the app, so perhaps that can be construed into their having 'a business relationship' with the vendor, thus meeting the minimum requirements for making solicitation calls."
Regardless, its still never legal to call a cellphone for the purpose of solicitation. Long story short: the submitter is probably an ESL speaker and doesn't understand the basic rules of English.
Re:You Think That's Bad? (Score:1, Informative)
Don't forget Canada! We're as backwards as the US when it comes to cell phone carriers, only they charge us even more.
Re:Why is that an app? (Score:1, Informative)
He's referring to web applications, not local applications. But thanks for playing, Bill.
Nothing New Here (Score:5, Informative)
I have written applications on just about every smartphone plaform, and I have never met an API did that did not have the ability to query the phone number of the device. Assuming you have a data plan (in many cases, the only way to get the app in the first place), its a tiny amount of code to post that information to a web page the first time the application runs. Some platforms, such as the Android, do indicate when an application has access to use the Internet, but its not trivial to find out exactly what information is going back and forth.
This issue has always been there, and is no more of a problem on an iPhone than other similar platforms.
Re:You Think That's Bad? (Score:3, Informative)
I can't believe people trying to justify "freeware" vendors access to phone number. It is totally impossible on other smartphone operating systems, on Symbian you can't even dare to try it.
Incorrect. Symbian will allow it if you're Symbian Signed®, and Windows Mobile allows it by default. Not sure about Blackberry OS.
Re:You Think That's Bad? (Score:3, Informative)
Yup, it's the same 100 people using proxies in Canada to post to slashdot!
Old News (Score:3, Informative)
Tha't old news people.
Anyone with half a brain has already installed on his jailbreaked iPhone the modified /etc/hosts from i-phone-home.blogspot.com [blogspot.com].
Re:Nothing New Here (Score:3, Informative)
but. . . but. . . security is one of the claimed reasons for sandboxing applications on the iPhone. Apple is lying? Tell me it ain't so!
No, not lying, just complacent.
There should be an option to restrict this, and sandboxing does in fact give Apple the option to add it in the future - it does increase security by not allowing direct access to system files. All access to stuff like phone numbers and addresses is only via an API which Apple control, which they can modify at any time to pop up a dialog asking the user (see their restrictions on core location data).