Comments for iPhone Developer Steals Customers' Phone Numbers, Calls Them

iPhone Developer Steals Customers' Phone Numbers, Calls Them

2009-09-30T13:30:49Z

Company calls customers in attempt to sell paid version of mobile app

Within iTunes' user ratings section of iPhone application mogoRoad, a real-time traffic monitoring tool available in Switzerland, several users claim to have received phone calls from the development company behind the mobile software. Reportedly, the company is asking the app owners if they would like to purchase the paid version of the application. While unsolicited sales calls are annoying and intrusive, the bigger issue here is how did the company get its customers' phone numbers to begin with? According to mogoRoad, the information came from Apple.

]]> The recipients of the unwanted calls said that they were contacted a few weeks after the initial installation of the mogoRoad application. An operator would then try to sell them the paid version of the mobile software. If pressed as to how the company got access to their phone number, the operator would generally respond that the information was provided by Apple.

That seems unlikely since Apple does not provide this sort of private information to App Store developers nor does it provide direct access to that information via the iPhone SDK (software development kit), the tool used by developers to build their mobile apps.

Apple Doesn't Provide Phone Numbers, but They Do Provide Access

However, it's not entirely inaccurate of the company to say that Apple did provide them with the customers' phone numbers. Although Apple doesn't directly give out this info, they do provide a relatively easy way for any app developer to retrieve mobile numbers from the phone. In other words, Apple didn't give out the numbers in question, they just provided access to them.

Although mogoRoad won't admit it, the most likely explanation as to how they retrieved the phone numbers involves the use of an undocumented feature which allows any Apple iPhone/iPod Touch application to access the phone number of the device on which it is installed. In an article on tech blog Ars Technica from earlier this year, the process of doing so was described as "a shockingly easy thing to do:"

Apple sneaks in a hidden symbolic link between the app's sandboxed preferences and a global preferences property list...Peek in Library/Preferences with "ls -a". You'll find a symbolic link to /private/var/mobile/Library/Preferences/.GlobalPreferences.plist, which is where (among other items), you'll find a preference called SBFormattedPhoneNumber. This preference provides exactly what the name implies: the user's phone number formatted to the current locale.

In checking with multiple iPhone developers this morning, we confirmed that the trick still works as described above.

It's Not a Bug, It's a Feature

Believe it or not, this isn't actually a security hole in need of patching - it's more of a feature. "It's important to remember that perfectly legit applications can reach your phone number plus your entire address book as well," Ars Technica blogger Erica Sadun wrote back in January. "Applications can also obtain personal information from most of the iPhone file system..."

While the large majority of app developers out there would never do anything quite so nefarious as what mogoRoad did and undoubtedly wouldn't want to risk alienating their customers in this fashion, it's unsettling to know that they could. And every time you install a mobile app, you're putting yourself at risk.

As of now, Apple hasn't officially responded to requests for comment as to how they will proceed with regards to this situation, either to us or to the blog originally reporting this story, French site Mac4Ever. However, given that the development company has clearly abused an undocumented feature, that should be enough to get them booted out of the App Store...hopefully for good.

Many thanks to MacWord, which pointed us to this story.

Comment from Internet Marketing Expert on 2010-12-05

2010-12-05T21:42:03Z

Its scary to think that these apps can have full access to your phone. Imagine people been able to see what your doing 24/7, its scary stuff. However, the new

iPhone eBay application is well smart

Comment from melymoocow on 2010-06-19

2010-06-19T12:49:30Z

I downloaded 3 apps for my iphone from the app store and had all my email accounts and youtube account and facebook account hacked and stolen, people need to be far more informed

Comment from Chris on 2010-02-02

2010-02-03T01:37:52Z

This was a really dumb move by this iphone developer , like did he think he was going to get away with this? And now he is banned from the App store forever and is probably missing out on tons of revenue. No bueno.

Comment from Will on 2010-02-02

2010-02-02T16:12:09Z

Hopefully I can be of assistance to up and coming developers. I specialise in the recruitment of iPhone developers and I am a great contact to have if you’re a developer. I have access to some of the best App development companies and I am passionate about what I do!

Drop me an Email: wharford@keypeople.co.uk
Connect with me on LinkedIn,

iPhone LinkedIn Jobs
/in/wharford (I accept all requests)
Or call me 00441727 817641

Comment from Jesse on 2009-10-02

2009-10-02T11:47:17Z

Peter,

There's an installer for that, Cydia and Icy, and maybe other installers based on Cydia system.

The only problem is, not all people would want to jailbreak their phone. Every time there's an OS upgrade, jailbreaking needs to be done with care.

Apple will be overloaded to also maintain this type of installer.

Comment from Son Nguyen on 2009-09-30

2009-09-30T22:32:47Z

This just waits to happen and finally it did. Platform providers like Facebook or Apple must give users more levels to tune their privacy preferences. Now apps just has too much power and some will no doubt try to exploit that.

Comment from Peter on 2009-09-30

2009-09-30T19:03:15Z

Ah yes. The sound of a false sense of security being shattered.

I've always laughed when the Apple Fanbois talked about how Apple needs to control the store because, if it didn't, you'd have all these apps that steal your personal information. Apple checks these apps to make sure they're not doing anything untoward.

Well, it turns out that they're not checking after all--or at least not hard enough.

In my opinion, Apple should:

1. Create an installer so that anybody can install whatever Apps they want. This way, third-party developers don't have to get any approval from Apple. But Apple doesn't host, advertise, or do anything with their Apps.
2. If you want to be in the App Store, you submit to a far more rigorous examination, including source code. Appropriate NDAs will need to be negotiated between you and Apple.
3. Anyone who doesn't agree to the above is out of the App Store and on their own.

By doing #1, Apple is not ruining the application experience for those who are interested. In fact, it will generate a wider variety of Apps, versus the hundreds of fart Apps and tip calculators that clog up the store.

By doing #2, customers can choose to only shop at the App Store where they know it's safe, that applications have been reviewed, etc.

Comment from richy on 2009-09-30

2009-09-30T15:38:15Z

Why am I not one bit surprised at this story ? It's no different to any apps on anything. I'm sure it's exactly the same on all apps on things like facebook etc...

Comment from BWI on 2009-09-30

2009-09-30T14:58:42Z

That is classic. That certainly should be a controlled "feature" by Apple.

Comment from Vincent on 2009-09-30

2009-09-30T14:45:45Z

It has been known for a long time that every application have full access to your Contacts on your iPhone without any warning.

Why the hell does Apple allows this. People have a false sense of security when they install an application.

Comment from ITrush on 2009-09-30

2009-09-30T14:34:27Z

What the?!! Hmm, how the hek on earth those company manage to get our phone numbers?