Warning - FAO any parents with an iPhone!

Discussion in 'iOS Apps' started by uphoriak, Apr 22, 2013.

  1. uphoriak macrumors newbie

    Joined:
    Apr 22, 2013
    #1
    Hi everyone, I'm a lurker (don't shoot me, heh) but had to register to post this and give other parents a heads up.

    We have been trying to track down a number of premium rate calls (at £1.53 / $2.30 a pop) appearing on my wifes bill. Eventually we have tracked it down to a series of apps from "eFlashCards, LLC" in the App Store. This morning, we actually watched our son use the "Baby Flash Cards" app and it automatically dial the number - see below. The phone was not signed into iTunes at the time.

    These learning apps are designed for toddlers, and it looks like that they have been purposely designed to encourage the toddler to press a banner with pictures of cartoon animals on. When this is pressed the app automatically dials and connects to a premium rate line, without any kind of confirmation or second-level authorisation.

    I tried contacting eFlashApps directly to inform them that they may not be aware of this issue (in case they are using an advertising plug-in in their code) which seems to have occured since they updated their apps at the beginning of March. We vet all apps when first installed and this "feature" was not there originally. They did not reply, and when I posted a message on their facebook wall to let them know, they deleted my comment and did not contact me.

    We're contacting our line rental provider to inform them and see if we can get some kind of refund, and if you check iTunes you'll see other people reporting the same thing, but the app is still there. I've contacted iTunes support and am waiting to hear back from them.

    Although we've now removed the app I'd like to ensure other parents do not fall for this, and in my opinion this is much worse than the recent "in-app purchase" problems reported in the media.

    Oh and before anyone comments, yes we do supervise our childs use of the iPhone (and limit its use, only install educational/appropriate apps etc) but this slipped through the net.

    Cheers :)
     
  2. CylonGlitch macrumors 68030

    CylonGlitch

    Joined:
    Jul 7, 2009
    Location:
    SoCal
    #2
    The problem is, Applications cannot dial the phone, or send text messages. Thus it is either not an iPhone, Jailbroken, or something else completely.
     
  3. uphoriak, Apr 22, 2013
    Last edited: Apr 22, 2013

    uphoriak thread starter macrumors newbie

    Joined:
    Apr 22, 2013
    #3
    I'll go with "something else entirely"!

    The phone is not jailbroken, and you can replicate the issue by following these steps:

    1. Install "Baby Flash Cards" from "eFlashCards, LLC" from the App Store onto your phone.
    2. Start the app, and you will see a banner appear at the bottom of the app which has pictures of cartoon animals on. Note that the other buttons and commands are placed next to the banner.
    3. If you hit the banner, the app will open the Phone app, and dial a premium rate number (from our phone records has been 0904 161 0190 and 0905 105 0403).

    This may be UK only, I'm unsure. We've reported it to Apple who are investigating, and we have contacted Tesco Mobile who have said it's basically not their problem but who are referring it to the "PhonePayPlus" regulator.

    This note is really just for anyone who has used these apps to check if they have recently performed an update and double-check the app. As I said this did not have the "feature" originally, and seems to be down an update from early March that does not make any mention of this change. As you can see from my earlier link, other people are finding this out and are leaving notes in the reviews on the app.

    I've heard of rogue apps on Android that automatically call numbers but this is the first I've heard or experienced it within the "walled garden". Thankfully we caught it and the bill is only just over £40 but it could have been worse!
     
  4. large farva macrumors regular

    Joined:
    Jan 14, 2013
    Location:
    Melbourne, FL
    #4
    That's quite disturbing. I would seem that the app developer knew of the situation, or is actually to culprit, because of the fact that they deleted your comment and haven't returned your call. Good luck with getting it straightened out. I'll let all my friends know to stay away from the app. Also, to the other user. It's not possible for an application to have permissions to make calls/texts from the phone? I don't see how it's that far fetched, as Find My iPhone allows you to display messages, wipe and the phone, and there was another feature, I can't remember exactly what it did, whether it causes the phone to call your phone so you'd be able to hear what's going on, or whatever it sent something out to allow you to better locate the phone. But I think it's completely possible for an application or process to make outgoing calls or texts.
     
  5. CylonGlitch macrumors 68030

    CylonGlitch

    Joined:
    Jul 7, 2009
    Location:
    SoCal
    #5
    There is no API for the application to gain access to those pieces of the system that can make calls or send texts. Either the developer found a loophole somewhere in the OS that allows them to hook into these features, possible but improbable; or they are communicating directly with the hardware (something although possible isn't very easy in iOS, if possible at all) or something else is going on.

    After doing a little research (between last paragraph and now) it looks like they may be using the "auto detect phone number" on websites to cause it to automatically dial. I've read that there are some tricks you can play to possibly make this happen.

    Hopefully Apple will get on this and shut it down ASAP.
     
  6. uphoriak, Apr 23, 2013
    Last edited: Apr 23, 2013

    uphoriak thread starter macrumors newbie

    Joined:
    Apr 22, 2013
    #6
    I think you're right, it must be the link.

    As mentioned, the app previously did not have adverts, so this has been rolled out recently. I've just taken a couple screenshots from the app:

    [​IMG]
    In this case the advert is designed to look like a facebook notification (the message icon is blinking), but when clicked the link takes you to a website where you will be signed up to a £4.50 ($7)/week SMS service.

    [​IMG]
    In this case the link will automatically open the dialer, call the number, and connect. The advert is also misleading as according to our phone records one particular call came to £15 ($23).

    Now to you and me the second one is obviously an advert, but the other banners that have popped up aren't as obvious, as I mentioned earlier the one we saw our son click was a picture of cartoon animals. The banner is also less than half a centermeter away from the "Next" arrow which you need to click, so unless the user (and remember this app is aimed at pre-school children according to their iTunes app page) is very accurate with your finger you will make the call.

    So, to conclude:
    * Let's hope that an IOS update includes some kind of option that you can turn on to disallow apps or links automatically making calls.
    * Let's hope that laws are changed to prevent ads of these kind being put inside apps aimed at infants.

    In the meantime:
    * Be extra careful after any app updates to ensure they don't suddenly include these kinds of ads.
    * If you have to give a child your phone to use (I'm sure any parent with an iPhone and in a long queue or at a restaurant has given in at some point!) turn on airline mode.

    Also, I heard back from The Register today and the Ofcom regulator in the UK is investigating this issue and are due to feed back around October. See http://www.theregister.co.uk/2013/04/15/ofcom_guide/.
     
  7. vp2013 macrumors newbie

    Joined:
    Apr 27, 2013
    #7
    Premium phone cons

    I just experienced this premium number phone Con from an Iphone app. It looks like after the recent app update one of the kids apps, may be flash cards or similar apps made two premium number calls to 09051050403, each apparently lasting for 10 mins at the same time ( phone bill shows call time as 18.36 and 18.37). I am not even sure if you can make simultaneous phone calls but this shows the extent of con!. I am glad that atleast this is getting some publicity, hopefully something will be done about the apps making phone calls. I have called 3 who are looking into this but not sure how seriously they will take this.:rolleyes:
     
  8. Apple fanboy macrumors P6

    Apple fanboy

    Joined:
    Feb 21, 2012
    Location:
    Behind the Lens, UK
    #8
    This is really underhanded. My daughter is old enough to know better and uses her iPad or iPod rather than my iPhone. However thanks to the op for pointing this out for other unsuspecting parents.

    Another App my daughter plays is Tiny Sheep. Sometimes when you come back from the town as you touch the screen an advert pops up immediately for another app and redirects you to iTunes to download it. Of course you never do, but this is deceitful because I bet you will still be registering as clicking the link, and this will help the company receive a kick back form the other developer.

    I'm glad I'm into all my apple stuff because I can imagine a lot of parents being bamboozled by this new technology and being ripped off.
     

Share This Page