Prepare to freak out! iPhone developers are using apps to pass your phone number to telemarketers
Our good friends over at the French Mac site Mac4Ever have alerted us to a somewhat alarming development. Apparently a few days after purchasing the Swiss app MogoRoad, a free radar tracking application, users are reporting receiving telephone calls asking them if they’d like to purchase the FULL version of the application. When asked how the caller had obtained their number, the responses vary, but generally the person tells you that Apple sent them their number at the time of purchase.
Obviously this is not the case, as Apple does not forward any information on its customers to third parties, so Mac4Ever did a little testing using the latest iPhone SDK and discovered that it is extremely easy for a developer to send a user’s phone number to their servers without their knowledge. In fact, the hole has been around since the 2.1 firmware.
“But after deep investigation, it appears that programmers are able to retrieve the personal iPhone’s user number, with one unique line of code! This data can then be sent to remote databases, which collect personal information, without notifying the user.
We tried this method quickly with the official SDK: it works !
Readers mostly pointed out mogoRoad , a swiss application that gives traffic information for free. When reading comments on iTunes, it’s clear that a lot of people did receive the famous call as well.
Currently, the buyer explicitly gives its coordinates as Apple. Developer side, Apple is the only interlocutor, and it is impossible to have access to personal data of customers. But the access number is available since firmware 2.1, according to our survey. Moreover, it seems surprising that those responsible for the validation does not check that certain sensitive data, such as phone number, do not pass freely through the internet. This could be the beginning of a real scandal for the firm Iceberg, because nobody knows how many applications currently collecting phone numbers. “
We’ve yet to hear of any reports of this type of data collecting here in the US, but this is exactly the type of thing that tends to freak out privacy advocates (and rightly so, if true), so prepare for this one to spread across the interweb even faster than the usual anti-iPhone news.