iPhone Developers Accessing Users' Telephone Numbers for Telemarketing?

Discussion in 'iOS Blog Discussion' started by Buskape, Sep 29, 2009.

  1. Buskape macrumors 6502


    Dec 10, 2008
    NGC 4889
    Your number and who knows if other personal data..

    This is a major concern, as it is a huge violation in Europe Commision laws, and totally UNACCEPTABLE!

    Some users have reported being called by the company developing applications asking them to buy their full version


    (scroll down for English)

    I hope Apple does something about this VERY quickly, like verifying during the app approval process..... :mad:
  2. jav6454 macrumors P6


    Nov 14, 2007
    1 Geostationary Tower Plaza
    I believe this violates certain ethical and private laws all over the place.
  3. Mystikal macrumors 68020


    Oct 4, 2007
    Irvine, CA
    Thats why you jailbreak, and download privacy.

    Then they cant do anything :D. Jailbreaking wins again!
  4. ghayenga macrumors regular

    Jun 18, 2008
    There is a private API that will read the phone number off of the SIM card for those carriers that actually store the phone number there, but many don't. It *is* unauthorized and Apple will not approve it if they are aware of it.
  5. SpaceKitty macrumors 68040


    Nov 9, 2008
    Fort Collins Colorado
    That's true. Privacy was developed after it was discovered that allot of apps phone home informing them about many things including if you are Jailbroken or not and your IP and phone model.

    I'm betting each one of us has a few apps at least that do something like this.
  6. EatMyApple macrumors 6502

    Dec 2, 2008
    In Privacy settings, do you want the toggles ON or OFF to prevent information being shared. They came set to OFF but I changed them to ON. Not sure which one I need. Thanks!
  7. MacRumors macrumors bot


    Apr 12, 2001
    iPhone Developers Accessing Users' Telephone Numbers for Telemarketing?



    French site Mac4Ever reports that a number of users of a free Swiss traffic application for the iPhone have received telemarketing calls from callers who claim that they received the users' telephone numbers from Apple after making the application purchase.

    Since Apple's privacy policy would preclude Apple from providing such information, Mac4Ever dug into the issue and discovered that an iPhone application is capable of accessing a device's mobile telephone number with just a single line of code and can then send that information back to the developer without notifying the user that their personal information has been obtained. Mac4Ever confirmed this ability by creating its own proof-of-concept iPhone application and obtaining the phone number of one of its editors' iPhones.
    It remains unclear whether other iPhone developers beyond those behind the application cited in the report have resorted to such tactics.

    Article Link: iPhone Developers Accessing Users' Telephone Numbers for Telemarketing?
  8. guzhogi macrumors 68030


    Aug 31, 2003
    Wherever my feet take me…
  9. willwc macrumors newbie

    Aug 8, 2008
    Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7C144 Safari/528.16)

    I wonder if other developers were even aware of this before. Well they are now.
  10. randallking macrumors member


    Sep 29, 2009
    I've received some telemarketing calls

    I've had the same cell phone number for nine years, and that number is on the national Do Not Call registry. I never received one telemarketing call until just recently. In the past few months I've received two. This article makes me suspect that my phone number was obtained through one of the many apps I've used. Heavy iPhone and app usage is the only thing that's changed in my phone usage or who I give my number to.
  11. dejo Moderator


    Staff Member

    Sep 2, 2004
    The Centennial State
    I was. But it was my understanding that the App Review team was supposed to be looking out for abuses like this. It does violate the iPhone SDK Agreement. But I guess, just like in the case of Aurora Feint, another app that violates the agreement has still managed to slip through the cracks.
  12. JollyRogers macrumors regular

    Mar 12, 2008
    Wow. I would expect Apple to screen for this. If not shame on them. Also, it would be really nice to know what apps do this and have them listed in case we are running something we wouldn't otherwise.
  13. thejadedmonkey macrumors 604


    May 28, 2005
    And that's the problem with a close-walled approach to the app store. It implies (although I'm pretty sure legally Apple denies any wrongdoing, anywhere, by way of their developer and EULA contracts) that Apple is at fault for letting a malicious app though.

    personally I'm so fed up with having an "app store" for every device. I really hope that there's a class action lawsuit to dissuade software vendors from making even more app stores.

    P.S. Thought: If apple's EULA denies any responsibility, and there's a class action which finds Apple accountable for letting malware through into their app store garden, wouldn't that set precedence for EULA's not being valid (e.g.: the Pystar case)?
  14. DavidLeblond macrumors 68020


    Jan 6, 2004
    Raleigh, NC
    Uh the SDK has, and always has, had complete access to your entire address book. This is pretty obvious if you use any contact sharing apps like Bump.
  15. Yvan256 macrumors 601

    Jul 5, 2004
    Indeed, doesn't that mean that they probably took ALL the phone numbers? Those affected should ask people in their address book if they received similar calls recently.
  16. samcraig macrumors P6

    Jun 22, 2009
    It would be interesting to see if this has occurred in the US.

    I just looked for the app and it's not available on itunes - so either Apple killed it or you can't get it here in the US.
  17. jav6454 macrumors P6


    Nov 14, 2007
    1 Geostationary Tower Plaza
    Privacy doesn't protect in this case. Privacy only works for ads that collect information inside the app. These developers however, make the app itself (not the ad) gather your phone number and beam it back. So this time the only way to solve the problem is to either:

    1. Pull the App
    2. Modify the app to delete or modify the code and prevent it from collecting your #.
  18. bruinsrme macrumors 603


    Oct 26, 2008

    look here
  19. dbwie macrumors 6502

    Jun 11, 2007
    Albuquerque, NM, USA
    I have never been called by an app developer, but if it ever happens, I will treat him/her the same way I used to treat telemarketers... which is "not well" :D
  20. f00f macrumors 65816


    Feb 18, 2009
    New Yawk
    The one thing here that is supposed to keep applications "safe" for the end-user is Apple and their screening process. Quite obviously this process has failed if applications are allowed to take personal data of any kind unbeknownst to the user.

    There's a certain level of trust that is required to install an application on any type of computing device. There's a zillion apps on the App Store written by Joe Schmoes, who, quite frankly, are not worth one iota of trust directly from the user. Instead Apple acts as the middle man, screens the app and clears it for publication on the store (thus establishing trust w/ the developer). Then the users, via their trust in Apple (not the developer, 'cause who knows who half these clowns are), download and install the app.

    I don't know anything about Apple's app screening process. I assume it's pretty rigorous. Apparently it needs to be more rigorous, else the lawsuit-happy people will go to town on this one, claiming they trusted Apple and yet their privacy was violated by a third-party. :rolleyes:

    On a side note, this kb article quoted in one user's signature is kind of funny. I particulary LOL'd at

    Apparently if you install a shady app from the App Store this could happen too. :rolleyes:
  21. Xian Zhu Xuande macrumors 6502a

    Xian Zhu Xuande

    Jul 30, 2008
    As far as I know Apple screens for this. I'm not surprised at all that apps can access your phone number. It seems like rather important information for specific app features, especially as they might relate to your address card or interacting with your phone.

    We haven't heard a lot about this and I haven't seen people complaining in reviews. It is certain that the occasional attempt would slip through Apple's cracks and I hope they resolve it. On other open platforms that offer application integration with certain core features this would slip by without even a review process.
  22. Xian Zhu Xuande macrumors 6502a

    Xian Zhu Xuande

    Jul 30, 2008
    I jailbreak my own phone, so obviously I'm not on-board with Apple's warnings, but like it or not, what they say is true. A jailbroken app can do anything it wants with your phone and the information on it and the only check you can enjoy against this is what the public at large is aware of. All the things described by Apple are possible in a jailbroken app specifically because there is no review process against a developer.

    What's overstated about this is that it isn't so different from your computer in this regard. An app you deliberately choose to install for your computer could also contain a virus, harvest your information, or more. As the user, you choose to avoid apps which seem shady or too good to be true. I would wager that a jailbroken iPhone also has less checks and measures against further system modifications made by an application which has already been installed.

    If people stick to trusted distribution sources I doubt this is going to become an issue. I do think, however, that it is disingenuous to tie this observation in with an app which has facilitated phone spam.

    I hope Apple identifies and removes the app, and takes inventory of their review process as it relates to preventing this sort of thing.
  23. spillproof macrumors 68020


    Jun 4, 2009
    aw hell naw! This is BS. Pure BS. Some developers stoop so low.
  24. kainjow Moderator emeritus


    Jun 15, 2000
    They do. About a year or so ago I worked on a project and we used the private API to get the user's phone number as a unique identifier. Apple rejected the app, which was expected.

    However this requires that the user actually has their own contact in Address Book. I would think not everyone does.

    The API mentioned is really a single line of code. It is a private method, meaning Apple does not support it and does not want you using it. They have ways of checking to see if you are, but there are workarounds that Apple probably doesn't have checks for.
  25. bignumbers macrumors regular

    May 9, 2002
    Nothing new here

    There's nothing new here - the AddressBook API (available on both Mac and iPhone) allows access to the AddressBook database. These aren't private API's, they're public and well documented by Apple. As they should be - many good apps use them.

    On the Mac (since 10.2 or 10.3) there's been API access to the "Me" card. So any Mac app can get the users' contact info and do whatever with it. That's how software works - if you don't trust the software, don't run it.

    I don't think the "Me" card is directly accessible on the iPhone SDK (I didn't look very hard), but since the full Address Book is there anyway it wouldn't be hard to search and make a good guess based on other parameters.

    Using a private API is something Apple does try to catch. They don't always catch them, especially if an app masks the call (by, say, not using the call until it's been installed for a week thus bypassing Apple's checks). But again, all of this info is available via public API's.

    The privacy problem IS against Apple's rules, so if they catch a developer doing such a thing they will pull the app (as they've done before).

    I have argued that an appropriate solution to this problem (if one calls it a problem, it's really just a concern) is to cover the Address Book API's with user confirmation, like accessing your location. This way the user must approve an app's access to private user data. There's no telling what an app can do with that data (just like location data). But it's a valid and understood method of protection.

    But keep in mind none of this is new, since the same API's have been around on the Mac for a very long time. Anyone freaking out because it does so on a smartphone should hide under a rock and shut the hell up.

Share This Page