Feeds

Regulator sniffs around stonking iPhone game bills

Kids making accidental megabucks calls

SANS - Survey on application security programs

UK phone regulator PhonePayPlus has launched an investigation after game-playing iPhone users complained about surprise premium rate call charges.

Concerns have focused on a free to download, advertising-supported game called BubbleWrap, developed by Orsome New Zealand and available via Apple's App Store.

BubbleWrap comes with an embedded advert engine from AdMob. As previously reported, a minority of AdMob's ads encourage users to tap on the ad to visit a website or place a call (a function documented in an iPhone developer page here).

BubbleWrap is the sort of application that appeals to children, and it seems that premium rate calls were made when young users wandered beyond the game's main field of play onto ads, as one iTunes commenter explains. "The game is great and kids love it but their over eager fingers stray onto the advert banner at the bottom of the screen resulting in several premium rate calls at £1.50 a minute," Wearewolves writes.

BubbleWrap: How much?

Normally a warning dialogue box should be generated before a call is made, but this no longer happens following a software update from Apple. The upshot is that users of the free version of BubbleWrap started making premium-rate calls from their iPhones to unknown numbers since late November, sparking protests to UK regulator PhonePayPlus, which has now launched an investigation.

The organisation said:

PhonepayPlus has received complaints from smartphone users that have incurred premium rate charges as a result of touching banner ads that appear within some mobile applications.

Phone-paid service providers must ensure clear and accurate pricing information is available in all promotions. We are currently investigating certain services that have caused complaints and will take firm action where appropriate.

A PhonePayPlus spokeswoman explained that the focus of this investigation is the two telecom firms maintaining the premium rate numbers being dialled.

"PhonepayPlus is investigating various 09 numbers that we have received consumer complaints about," a PhonePayPlus spokeswoman explained. "The Service Providers responsible for these numbers under our Code of Practice are Think Telecom Solutions Ltd and Rare Direct Media Limited.

"Obviously, the investigations are open and ongoing, so no decisions have yet been made."

A Think Telecom Solutions spokesman told us he wasn't previously aware of the PhonePayPlus investigation. He added that it was only a reseller and suggested any complaints would be more properly directed at its customers.

"We are mobile telecoms dealers who resell airtime to our 600 plus customers, who operate 8,400 lines," he said. "Nonetheless we take any complaints seriously."

Hubble, bubble, toil and trouble

Peter Watling, author of BubbleWrap, told El Reg that the issue affects more than just his application, even though Bubblewrap has been the focus of complaints thus far.

"I saw one report online saying it happened while they used Facebook too, does that use AdMob?" Watling said.

"I'm sure this behaviour isn't limited to my app only. I have passed on a list of numbers I was sent that were dialed, to AdMob to see they are all blocked."

Rik Ferguson, a security consultant at Trend Micro, backed up Watling's assessment that the issue extends beyond BubbleWrap.

"The developer of BubbleWrap stating categorically that his app does not contain code for making calls. The telephone number itself belongs to Rare Direct Media," Ferguson told El Reg

"It looks like there is already an investigation underway into that number. Someone else complained that this number was dialled when they were using the Independent's ad-sponsored newsreader."

AdMob isn't supposed to accept adverts tied to premium-rate numbers, a factor further complicating the situation. AdMob has told Watling that it has addressed the no-warning bug.

The issue illustrates two wider points. Firstly, the mobile eco-system has become very complex so that assigning responsibility in cases of user complaints, especially in similar problem occur on a wider scale, has become much less simple. Secondly, despite Apple's fabled control, the unexpected can still happen with smartphone application. ®

SANS - Survey on application security programs

More from The Register

next story
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
Leaked photos may indicate slimmer next-generation iPad
Will iPad Air evolve into iPad Helium?
Feast your PUNY eyes on highest resolution phone display EVER
Too much pixel dust for your strained eyeballs to handle
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.