iPhone Developers Accessing Users' Telephone Numbers for Telemarketing?

I believe this violates certain ethical and private laws all over the place.

Thats why you jailbreak, and download privacy.

Then they cant do anything . Jailbreaking wins again!

Buskape said:

Your number and who knows if other personal data..

This is a major concern, as it is a huge violation in Europe Commision laws, and totally UNACCEPTABLE!

Some users have reported being called by the company developing applications asking them to buy their full version

Source:
http://www.mac4ever.com/news/48159/...passoire_pour_certaines_donnees_personnelles/

(scroll down for English)

I hope Apple does something about this VERY quickly, like verifying during the app approval process.....

Click to expand...

There is a private API that will read the phone number off of the SIM card for those carriers that actually store the phone number there, but many don't. It *is* unauthorized and Apple will not approve it if they are aware of it.

Mystikal said:

Thats why you jailbreak, and download privacy.

Then they cant do anything . Jailbreaking wins again!

Click to expand...

That's true. Privacy was developed after it was discovered that allot of apps phone home informing them about many things including if you are Jailbroken or not and your IP and phone model.

I'm betting each one of us has a few apps at least that do something like this.

Mystikal said:

Thats why you jailbreak, and download privacy.

Then they cant do anything . Jailbreaking wins again!

Click to expand...

In Privacy settings, do you want the toggles ON or OFF to prevent information being shared. They came set to OFF but I changed them to ON. Not sure which one I need. Thanks!

iPhone Developers Accessing Users' Telephone Numbers for Telemarketing?






French site Mac4Ever reports that a number of users of a free Swiss traffic application for the iPhone have received telemarketing calls from callers who claim that they received the users' telephone numbers from Apple after making the application purchase.

Since Apple's privacy policy would preclude Apple from providing such information, Mac4Ever dug into the issue and discovered that an iPhone application is capable of accessing a device's mobile telephone number with just a single line of code and can then send that information back to the developer without notifying the user that their personal information has been obtained. Mac4Ever confirmed this ability by creating its own proof-of-concept iPhone application and obtaining the phone number of one of its editors' iPhones.

From a client's side, Apple is the unique entiy you can deal with (except for the support). For a developer, it's quite the same : you can only deal with Apple, who never give you an access to the client's information. But it appears that this behaviour is available since firmware 2.1! So, how can't Cupertino be aware of such a thing? And how many apps are involved?

We contacted Apple about this issue and we will keep you posted as soon as we'll receive a complete answer.

Click to expand...

It remains unclear whether other iPhone developers beyond those behind the application cited in the report have resorted to such tactics.

Article Link: iPhone Developers Accessing Users' Telephone Numbers for Telemarketing?

Let the class action suits begin…

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7C144 Safari/528.16)

I wonder if other developers were even aware of this before. Well they are now.

I've received some telemarketing calls

I've had the same cell phone number for nine years, and that number is on the national Do Not Call registry. I never received one telemarketing call until just recently. In the past few months I've received two. This article makes me suspect that my phone number was obtained through one of the many apps I've used. Heavy iPhone and app usage is the only thing that's changed in my phone usage or who I give my number to.

willwc said:

I wonder if other developers were even aware of this before.

Click to expand...

I was. But it was my understanding that the App Review team was supposed to be looking out for abuses like this. It does violate the iPhone SDK Agreement. But I guess, just like in the case of Aurora Feint, another app that violates the agreement has still managed to slip through the cracks.

Wow. I would expect Apple to screen for this. If not shame on them. Also, it would be really nice to know what apps do this and have them listed in case we are running something we wouldn't otherwise.

And that's the problem with a close-walled approach to the app store. It implies (although I'm pretty sure legally Apple denies any wrongdoing, anywhere, by way of their developer and EULA contracts) that Apple is at fault for letting a malicious app though.

personally I'm so fed up with having an "app store" for every device. I really hope that there's a class action lawsuit to dissuade software vendors from making even more app stores.

P.S. Thought: If apple's EULA denies any responsibility, and there's a class action which finds Apple accountable for letting malware through into their app store garden, wouldn't that set precedence for EULA's not being valid (e.g.: the Pystar case)?

Uh the SDK has, and always has, had complete access to your entire address book. This is pretty obvious if you use any contact sharing apps like Bump.

DavidLeblond said:

Uh the SDK has, and always has, had complete access to your entire address book. This is pretty obvious if you use any contact sharing apps like Bump.

Click to expand...

Indeed, doesn't that mean that they probably took ALL the phone numbers? Those affected should ask people in their address book if they received similar calls recently.

It would be interesting to see if this has occurred in the US.

I just looked for the app and it's not available on itunes - so either Apple killed it or you can't get it here in the US.

Mystikal said:

Thats why you jailbreak, and download privacy.

Then they cant do anything . Jailbreaking wins again!

Click to expand...

Privacy doesn't protect in this case. Privacy only works for ads that collect information inside the app. These developers however, make the app itself (not the ad) gather your phone number and beam it back. So this time the only way to solve the problem is to either:

1. Pull the App
2. Modify the app to delete or modify the code and prevent it from collecting your #.

EatMyApple said:

In Privacy settings, do you want the toggles ON or OFF to prevent information being shared. They came set to OFF but I changed them to ON. Not sure which one I need. Thanks!

Click to expand...

OFF

look here

I have never been called by an app developer, but if it ever happens, I will treat him/her the same way I used to treat telemarketers... which is "not well"

The one thing here that is supposed to keep applications "safe" for the end-user is Apple and their screening process. Quite obviously this process has failed if applications are allowed to take personal data of any kind unbeknownst to the user.

There's a certain level of trust that is required to install an application on any type of computing device. There's a zillion apps on the App Store written by Joe Schmoes, who, quite frankly, are not worth one iota of trust directly from the user. Instead Apple acts as the middle man, screens the app and clears it for publication on the store (thus establishing trust w/ the developer). Then the users, via their trust in Apple (not the developer, 'cause who knows who half these clowns are), download and install the app.

I don't know anything about Apple's app screening process. I assume it's pretty rigorous. Apparently it needs to be more rigorous, else the lawsuit-happy people will go to town on this one, claiming they trusted Apple and yet their privacy was violated by a third-party.

On a side note, this kb article quoted in one user's signature is kind of funny. I particulary LOL'd at

Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.

Click to expand...

Apparently if you install a shady app from the App Store this could happen too.

As far as I know Apple screens for this. I'm not surprised at all that apps can access your phone number. It seems like rather important information for specific app features, especially as they might relate to your address card or interacting with your phone.

We haven't heard a lot about this and I haven't seen people complaining in reviews. It is certain that the occasional attempt would slip through Apple's cracks and I hope they resolve it. On other open platforms that offer application integration with certain core features this would slip by without even a review process.

f00f said:

On a side note, this kb article quoted in one user's signature is kind of funny. I particulary LOL'd at

"Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses."

Apparently if you install a shady app from the App Store this could happen too.

Click to expand...

I jailbreak my own phone, so obviously I'm not on-board with Apple's warnings, but like it or not, what they say is true. A jailbroken app can do anything it wants with your phone and the information on it and the only check you can enjoy against this is what the public at large is aware of. All the things described by Apple are possible in a jailbroken app specifically because there is no review process against a developer.

What's overstated about this is that it isn't so different from your computer in this regard. An app you deliberately choose to install for your computer could also contain a virus, harvest your information, or more. As the user, you choose to avoid apps which seem shady or too good to be true. I would wager that a jailbroken iPhone also has less checks and measures against further system modifications made by an application which has already been installed.

If people stick to trusted distribution sources I doubt this is going to become an issue. I do think, however, that it is disingenuous to tie this observation in with an app which has facilitated phone spam.

I hope Apple identifies and removes the app, and takes inventory of their review process as it relates to preventing this sort of thing.

aw hell naw! This is BS. Pure BS. Some developers stoop so low.

JollyRogers said:

Wow. I would expect Apple to screen for this. If not shame on them. Also, it would be really nice to know what apps do this and have them listed in case we are running something we wouldn't otherwise.

Click to expand...

They do. About a year or so ago I worked on a project and we used the private API to get the user's phone number as a unique identifier. Apple rejected the app, which was expected.

DavidLeblond said:

Uh the SDK has, and always has, had complete access to your entire address book. This is pretty obvious if you use any contact sharing apps like Bump.

Click to expand...

However this requires that the user actually has their own contact in Address Book. I would think not everyone does.

The API mentioned is really a single line of code. It is a private method, meaning Apple does not support it and does not want you using it. They have ways of checking to see if you are, but there are workarounds that Apple probably doesn't have checks for.

Nothing new here

There's nothing new here - the AddressBook API (available on both Mac and iPhone) allows access to the AddressBook database. These aren't private API's, they're public and well documented by Apple. As they should be - many good apps use them.

On the Mac (since 10.2 or 10.3) there's been API access to the "Me" card. So any Mac app can get the users' contact info and do whatever with it. That's how software works - if you don't trust the software, don't run it.

I don't think the "Me" card is directly accessible on the iPhone SDK (I didn't look very hard), but since the full Address Book is there anyway it wouldn't be hard to search and make a good guess based on other parameters.

Using a private API is something Apple does try to catch. They don't always catch them, especially if an app masks the call (by, say, not using the call until it's been installed for a week thus bypassing Apple's checks). But again, all of this info is available via public API's.

The privacy problem IS against Apple's rules, so if they catch a developer doing such a thing they will pull the app (as they've done before).

I have argued that an appropriate solution to this problem (if one calls it a problem, it's really just a concern) is to cover the Address Book API's with user confirmation, like accessing your location. This way the user must approve an app's access to private user data. There's no telling what an app can do with that data (just like location data). But it's a valid and understood method of protection.

But keep in mind none of this is new, since the same API's have been around on the Mac for a very long time. Anyone freaking out because it does so on a smartphone should hide under a rock and shut the hell up.