Go Back   MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Sep 29, 2009, 08:50 AM   #1
Buskape
macrumors 6502
 
Join Date: Dec 2008
Location: Switzerland
Warning!! Applications can collect your number without informing you

Your number and who knows if other personal data..

This is a major concern, as it is a huge violation in Europe Commision laws, and totally UNACCEPTABLE!

Some users have reported being called by the company developing applications asking them to buy their full version

Source:
http://www.mac4ever.com/news/48159/e..._personnelles/

(scroll down for English)

I hope Apple does something about this VERY quickly, like verifying during the app approval process.....
__________________
MacBook Aluminium 2,4 Ghz, Macbook Air 11", iPhone 5 64GB White, iPad 2 32Gb, iPad 3 32Gb, iPad Mini 16gb black, Nikon D7000

Last edited by Buskape; Sep 29, 2009 at 08:57 AM.
Buskape is offline   0 Reply With Quote
Old Sep 29, 2009, 08:52 AM   #2
jav6454
macrumors G5
 
jav6454's Avatar
 
Join Date: Nov 2007
Location: 1 Geostationary Tower Plaza
I believe this violates certain ethical and private laws all over the place.
__________________
Al MacBook 2.4GHz Late '08 | 5 S⃣ | Macross Click Me
jav6454 is offline   0 Reply With Quote
Old Sep 29, 2009, 09:06 AM   #3
Mystikal
macrumors 68020
 
Mystikal's Avatar
 
Join Date: Oct 2007
Location: Irvine, CA
Send a message via AIM to Mystikal
Thats why you jailbreak, and download privacy.

Then they cant do anything . Jailbreaking wins again!
Mystikal is offline   0 Reply With Quote
Old Sep 29, 2009, 09:17 AM   #4
ghayenga
macrumors regular
 
Join Date: Jun 2008
Quote:
Originally Posted by Buskape View Post
Your number and who knows if other personal data..

This is a major concern, as it is a huge violation in Europe Commision laws, and totally UNACCEPTABLE!

Some users have reported being called by the company developing applications asking them to buy their full version

Source:
http://www.mac4ever.com/news/48159/e..._personnelles/

(scroll down for English)

I hope Apple does something about this VERY quickly, like verifying during the app approval process.....
There is a private API that will read the phone number off of the SIM card for those carriers that actually store the phone number there, but many don't. It *is* unauthorized and Apple will not approve it if they are aware of it.
ghayenga is offline   0 Reply With Quote
Old Sep 29, 2009, 09:43 AM   #5
SpaceKitty
Banned
 
Join Date: Nov 2008
Location: Fort Collins Colorado
Quote:
Originally Posted by Mystikal View Post
Thats why you jailbreak, and download privacy.

Then they cant do anything . Jailbreaking wins again!
That's true. Privacy was developed after it was discovered that allot of apps phone home informing them about many things including if you are Jailbroken or not and your IP and phone model.

I'm betting each one of us has a few apps at least that do something like this.
SpaceKitty is offline   0 Reply With Quote
Old Sep 29, 2009, 09:52 AM   #6
EatMyApple
macrumors 6502
 
Join Date: Dec 2008
Quote:
Originally Posted by Mystikal View Post
Thats why you jailbreak, and download privacy.

Then they cant do anything . Jailbreaking wins again!
In Privacy settings, do you want the toggles ON or OFF to prevent information being shared. They came set to OFF but I changed them to ON. Not sure which one I need. Thanks!
__________________
iPhone 5 64GB Retina MacBook Pro iPad 64GB Wi-Fi + LTE Time Capsule 3TB Apple TV iPod Classic 120GB
EatMyApple is offline   0 Reply With Quote
Old Sep 29, 2009, 10:05 AM   #7
MacRumors
macrumors bot
 
Join Date: Apr 2001
iPhone Developers Accessing Users' Telephone Numbers for Telemarketing?






French site Mac4Ever reports that a number of users of a free Swiss traffic application for the iPhone have received telemarketing calls from callers who claim that they received the users' telephone numbers from Apple after making the application purchase.

Since Apple's privacy policy would preclude Apple from providing such information, Mac4Ever dug into the issue and discovered that an iPhone application is capable of accessing a device's mobile telephone number with just a single line of code and can then send that information back to the developer without notifying the user that their personal information has been obtained. Mac4Ever confirmed this ability by creating its own proof-of-concept iPhone application and obtaining the phone number of one of its editors' iPhones.
Quote:
From a client's side, Apple is the unique entiy you can deal with (except for the support). For a developer, it's quite the same : you can only deal with Apple, who never give you an access to the client's information. But it appears that this behaviour is available since firmware 2.1! So, how can't Cupertino be aware of such a thing? And how many apps are involved?

We contacted Apple about this issue and we will keep you posted as soon as we'll receive a complete answer.
It remains unclear whether other iPhone developers beyond those behind the application cited in the report have resorted to such tactics.

Article Link: iPhone Developers Accessing Users' Telephone Numbers for Telemarketing?
MacRumors is offline   0 Reply With Quote
Old Sep 29, 2009, 10:19 AM   #8
guzhogi
macrumors 68020
 
guzhogi's Avatar
 
Join Date: Aug 2003
Location: Wherever my feet take me…
Let the class action suits begin…
guzhogi is offline   0 Reply With Quote
Old Sep 29, 2009, 10:21 AM   #9
willwc
macrumors newbie
 
Join Date: Aug 2008
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7C144 Safari/528.16)

I wonder if other developers were even aware of this before. Well they are now.
willwc is offline   0 Reply With Quote
Old Sep 29, 2009, 10:26 AM   #10
randallking
macrumors newbie
 
Join Date: Sep 2009
I've received some telemarketing calls

I've had the same cell phone number for nine years, and that number is on the national Do Not Call registry. I never received one telemarketing call until just recently. In the past few months I've received two. This article makes me suspect that my phone number was obtained through one of the many apps I've used. Heavy iPhone and app usage is the only thing that's changed in my phone usage or who I give my number to.
randallking is offline   0 Reply With Quote
Old Sep 29, 2009, 10:33 AM   #11
dejo
Moderator
 
dejo's Avatar
 
Join Date: Sep 2004
Location: The Centennial State
Quote:
Originally Posted by willwc View Post
I wonder if other developers were even aware of this before.
I was. But it was my understanding that the App Review team was supposed to be looking out for abuses like this. It does violate the iPhone SDK Agreement. But I guess, just like in the case of Aurora Feint, another app that violates the agreement has still managed to slip through the cracks.
__________________
dejo is online now   0 Reply With Quote
Old Sep 29, 2009, 10:38 AM   #12
JollyRogers
macrumors regular
 
Join Date: Mar 2008
Location: Virginia
Wow. I would expect Apple to screen for this. If not shame on them. Also, it would be really nice to know what apps do this and have them listed in case we are running something we wouldn't otherwise.
__________________
MAC PRO 2.8G/4G mem/HD4870, MacBook (for work), iPhone 3GS (me) & 4 (wife).
JollyRogers is offline   0 Reply With Quote
Old Sep 29, 2009, 10:43 AM   #13
thejadedmonkey
macrumors 604
 
thejadedmonkey's Avatar
 
Join Date: May 2005
Location: Pa
Send a message via AIM to thejadedmonkey
And that's the problem with a close-walled approach to the app store. It implies (although I'm pretty sure legally Apple denies any wrongdoing, anywhere, by way of their developer and EULA contracts) that Apple is at fault for letting a malicious app though.

personally I'm so fed up with having an "app store" for every device. I really hope that there's a class action lawsuit to dissuade software vendors from making even more app stores.

P.S. Thought: If apple's EULA denies any responsibility, and there's a class action which finds Apple accountable for letting malware through into their app store garden, wouldn't that set precedence for EULA's not being valid (e.g.: the Pystar case)?
__________________
MacBook • 17" MacBook Pro • iPod Nano • Apple TV
PS4 • Custom Windows 8.1 Desktop • WP8.1
"Good judgment comes from experience,
experience comes from bad judgment."
- Mulla Nasrudin
thejadedmonkey is offline   0 Reply With Quote
Old Sep 29, 2009, 10:50 AM   #14
DavidLeblond
macrumors 68020
 
DavidLeblond's Avatar
 
Join Date: Jan 2004
Location: Raleigh, NC
Uh the SDK has, and always has, had complete access to your entire address book. This is pretty obvious if you use any contact sharing apps like Bump.
__________________
iOS Developer
DavidLeblond is offline   0 Reply With Quote
Old Sep 29, 2009, 10:54 AM   #15
Yvan256
macrumors 601
 
Yvan256's Avatar
 
Join Date: Jul 2004
Location: Canada
Quote:
Originally Posted by DavidLeblond View Post
Uh the SDK has, and always has, had complete access to your entire address book. This is pretty obvious if you use any contact sharing apps like Bump.
Indeed, doesn't that mean that they probably took ALL the phone numbers? Those affected should ask people in their address book if they received similar calls recently.
Yvan256 is offline   0 Reply With Quote
Old Sep 29, 2009, 10:55 AM   #16
samcraig
macrumors G5
 
Join Date: Jun 2009
It would be interesting to see if this has occurred in the US.

I just looked for the app and it's not available on itunes - so either Apple killed it or you can't get it here in the US.
samcraig is online now   0 Reply With Quote
Old Sep 29, 2009, 10:58 AM   #17
jav6454
macrumors G5
 
jav6454's Avatar
 
Join Date: Nov 2007
Location: 1 Geostationary Tower Plaza
Quote:
Originally Posted by Mystikal View Post
Thats why you jailbreak, and download privacy.

Then they cant do anything . Jailbreaking wins again!
Privacy doesn't protect in this case. Privacy only works for ads that collect information inside the app. These developers however, make the app itself (not the ad) gather your phone number and beam it back. So this time the only way to solve the problem is to either:

1. Pull the App
2. Modify the app to delete or modify the code and prevent it from collecting your #.
__________________
Al MacBook 2.4GHz Late '08 | 5 S⃣ | Macross Click Me
jav6454 is offline   0 Reply With Quote
Old Sep 29, 2009, 11:03 AM   #18
bruinsrme
macrumors 68040
 
Join Date: Oct 2008
Quote:
Originally Posted by EatMyApple View Post
In Privacy settings, do you want the toggles ON or OFF to prevent information being shared. They came set to OFF but I changed them to ON. Not sure which one I need. Thanks!
OFF

look here
bruinsrme is offline   0 Reply With Quote
Old Sep 29, 2009, 11:09 AM   #19
dbwie
macrumors 6502
 
Join Date: Jun 2007
Location: New Orleans, LA, USA
I have never been called by an app developer, but if it ever happens, I will treat him/her the same way I used to treat telemarketers... which is "not well"
__________________
2.4 GHz Unibody MacBook, iPhone 3Gs, TV 2, iPad 2 32GB WiFi, G4 Ti Powerbook, iPod Nano 2nd Gen, TV 1 40GB (upgraded to 120GB), Airport Extreme Base Station
dbwie is offline   0 Reply With Quote
Old Sep 29, 2009, 11:29 AM   #20
f00f
macrumors 6502a
 
Join Date: Feb 2009
Location: New Yawk
The one thing here that is supposed to keep applications "safe" for the end-user is Apple and their screening process. Quite obviously this process has failed if applications are allowed to take personal data of any kind unbeknownst to the user.

There's a certain level of trust that is required to install an application on any type of computing device. There's a zillion apps on the App Store written by Joe Schmoes, who, quite frankly, are not worth one iota of trust directly from the user. Instead Apple acts as the middle man, screens the app and clears it for publication on the store (thus establishing trust w/ the developer). Then the users, via their trust in Apple (not the developer, 'cause who knows who half these clowns are), download and install the app.

I don't know anything about Apple's app screening process. I assume it's pretty rigorous. Apparently it needs to be more rigorous, else the lawsuit-happy people will go to town on this one, claiming they trusted Apple and yet their privacy was violated by a third-party.

On a side note, this kb article quoted in one user's signature is kind of funny. I particulary LOL'd at

Quote:
Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.
Apparently if you install a shady app from the App Store this could happen too.
__________________
13" MBA mid 2012 | 27" iMac late 2012 | iPhone 5S 64GB Space Gray
f00f is offline   0 Reply With Quote
Old Sep 29, 2009, 12:04 PM   #21
Xian Zhu Xuande
macrumors 6502a
 
Xian Zhu Xuande's Avatar
 
Join Date: Jul 2008
As far as I know Apple screens for this. I'm not surprised at all that apps can access your phone number. It seems like rather important information for specific app features, especially as they might relate to your address card or interacting with your phone.

We haven't heard a lot about this and I haven't seen people complaining in reviews. It is certain that the occasional attempt would slip through Apple's cracks and I hope they resolve it. On other open platforms that offer application integration with certain core features this would slip by without even a review process.
Xian Zhu Xuande is offline   0 Reply With Quote
Old Sep 29, 2009, 12:11 PM   #22
Xian Zhu Xuande
macrumors 6502a
 
Xian Zhu Xuande's Avatar
 
Join Date: Jul 2008
Quote:
Originally Posted by f00f View Post
On a side note, this kb article quoted in one user's signature is kind of funny. I particulary LOL'd at

"Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses."

Apparently if you install a shady app from the App Store this could happen too.
I jailbreak my own phone, so obviously I'm not on-board with Apple's warnings, but like it or not, what they say is true. A jailbroken app can do anything it wants with your phone and the information on it and the only check you can enjoy against this is what the public at large is aware of. All the things described by Apple are possible in a jailbroken app specifically because there is no review process against a developer.

What's overstated about this is that it isn't so different from your computer in this regard. An app you deliberately choose to install for your computer could also contain a virus, harvest your information, or more. As the user, you choose to avoid apps which seem shady or too good to be true. I would wager that a jailbroken iPhone also has less checks and measures against further system modifications made by an application which has already been installed.

If people stick to trusted distribution sources I doubt this is going to become an issue. I do think, however, that it is disingenuous to tie this observation in with an app which has facilitated phone spam.

I hope Apple identifies and removes the app, and takes inventory of their review process as it relates to preventing this sort of thing.
Xian Zhu Xuande is offline   0 Reply With Quote
Old Sep 29, 2009, 01:20 PM   #23
spillproof
macrumors 68020
 
spillproof's Avatar
 
Join Date: Jun 2009
Location: USA
aw hell naw! This is BS. Pure BS. Some developers stoop so low.
__________________
I don't know what to put here.
spillproof is offline   0 Reply With Quote
Old Sep 29, 2009, 01:21 PM   #24
kainjow
Moderator emeritus
 
kainjow's Avatar
 
Join Date: Jun 2000
Quote:
Originally Posted by JollyRogers View Post
Wow. I would expect Apple to screen for this. If not shame on them. Also, it would be really nice to know what apps do this and have them listed in case we are running something we wouldn't otherwise.
They do. About a year or so ago I worked on a project and we used the private API to get the user's phone number as a unique identifier. Apple rejected the app, which was expected.

Quote:
Originally Posted by DavidLeblond View Post
Uh the SDK has, and always has, had complete access to your entire address book. This is pretty obvious if you use any contact sharing apps like Bump.
However this requires that the user actually has their own contact in Address Book. I would think not everyone does.

The API mentioned is really a single line of code. It is a private method, meaning Apple does not support it and does not want you using it. They have ways of checking to see if you are, but there are workarounds that Apple probably doesn't have checks for.
kainjow is offline   0 Reply With Quote
Old Sep 29, 2009, 02:29 PM   #25
bignumbers
macrumors regular
 
Join Date: May 2002
Nothing new here

There's nothing new here - the AddressBook API (available on both Mac and iPhone) allows access to the AddressBook database. These aren't private API's, they're public and well documented by Apple. As they should be - many good apps use them.

On the Mac (since 10.2 or 10.3) there's been API access to the "Me" card. So any Mac app can get the users' contact info and do whatever with it. That's how software works - if you don't trust the software, don't run it.

I don't think the "Me" card is directly accessible on the iPhone SDK (I didn't look very hard), but since the full Address Book is there anyway it wouldn't be hard to search and make a good guess based on other parameters.

Using a private API is something Apple does try to catch. They don't always catch them, especially if an app masks the call (by, say, not using the call until it's been installed for a week thus bypassing Apple's checks). But again, all of this info is available via public API's.

The privacy problem IS against Apple's rules, so if they catch a developer doing such a thing they will pull the app (as they've done before).

I have argued that an appropriate solution to this problem (if one calls it a problem, it's really just a concern) is to cover the Address Book API's with user confirmation, like accessing your location. This way the user must approve an app's access to private user data. There's no telling what an app can do with that data (just like location data). But it's a valid and understood method of protection.

But keep in mind none of this is new, since the same API's have been around on the Mac for a very long time. Anyone freaking out because it does so on a smartphone should hide under a rock and shut the hell up.
bignumbers is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Accessing Users on iMac via other Mac? willcapellaro OS X Mavericks (10.9) 2 May 20, 2014 02:01 PM
AT&T users got question about switching lines/numbers bobright iPhone 10 Mar 3, 2014 06:31 AM
Any filemaker users/developers here? Gidfd79 Mac Applications and Mac App Store 0 Nov 10, 2013 08:28 AM
Telemarketing calls pr0230 iPhone 3 Sep 20, 2013 06:17 PM
Multiple users accessing network drive NutFlush920 Mac OS X 10.7 Lion 0 Jun 24, 2012 12:03 AM

Forum Jump

All times are GMT -5. The time now is 05:19 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC