Apple

French web site Mac4Ever is reporting that a flaw in the iPhone allows apps installed on the device to recover the device’s telephone number. Apparently, a number of iPhone user in Europe received phone calls from a company after downloading an app from the iTunes Store. When they asked the company calling how they had gotten the phone numbers, they were told that Apple gave it to them. Since this is unlikely, a developer made a proof of concept app for the iPhone that recover’s the devices phone number. Using this flaw, any developer could harvest the phone numbers of people who have downloaded their apps.

One app that is accused of doing this is a Swiss traffic app called mogoRoad. Mac4Ever says that a few weeks after installing this free app, people received calls trying to sell them a paid version of the program. Comments on the iTunes Store for this application, dating back to June, mention that people have gotten calls from the company. Mac4Ever says that the ability to harvest phone numbers goes back at least to iPhone OS 2.1, so this company has probably been using this procedure for some time.

It turns out, however, that this is not new; one of our contacts said that this has existed since the beginning of the iPhone. (ArsTechnica published an article about this in January.) It seems that Apple has decided to allow this possibility. And it is important to point out that any Mac OS X application can get this information as well, simply by recovering it from your Address Book using a standard API.

While it seems that Apple should have some way of allowing or blocking access to an iPhone’s phone number, we don’t see this as a serious security risk. No more so, at least, than a phone company selling numbers that are used for robo-calls. However, the fact that users are not aware of this possibility is certainly annoying; just as there is an option in the iPhone OS to turn off location services, there should be an option to block access to a phone number.