Feeds

Regulator sniffs around stonking iPhone game bills

Kids making accidental megabucks calls

SANS - Survey on application security programs

UK phone regulator PhonePayPlus has launched an investigation after game-playing iPhone users complained about surprise premium rate call charges.

Concerns have focused on a free to download, advertising-supported game called BubbleWrap, developed by Orsome New Zealand and available via Apple's App Store.

BubbleWrap comes with an embedded advert engine from AdMob. As previously reported, a minority of AdMob's ads encourage users to tap on the ad to visit a website or place a call (a function documented in an iPhone developer page here).

BubbleWrap is the sort of application that appeals to children, and it seems that premium rate calls were made when young users wandered beyond the game's main field of play onto ads, as one iTunes commenter explains. "The game is great and kids love it but their over eager fingers stray onto the advert banner at the bottom of the screen resulting in several premium rate calls at £1.50 a minute," Wearewolves writes.

BubbleWrap: How much?

Normally a warning dialogue box should be generated before a call is made, but this no longer happens following a software update from Apple. The upshot is that users of the free version of BubbleWrap started making premium-rate calls from their iPhones to unknown numbers since late November, sparking protests to UK regulator PhonePayPlus, which has now launched an investigation.

The organisation said:

PhonepayPlus has received complaints from smartphone users that have incurred premium rate charges as a result of touching banner ads that appear within some mobile applications.

Phone-paid service providers must ensure clear and accurate pricing information is available in all promotions. We are currently investigating certain services that have caused complaints and will take firm action where appropriate.

A PhonePayPlus spokeswoman explained that the focus of this investigation is the two telecom firms maintaining the premium rate numbers being dialled.

"PhonepayPlus is investigating various 09 numbers that we have received consumer complaints about," a PhonePayPlus spokeswoman explained. "The Service Providers responsible for these numbers under our Code of Practice are Think Telecom Solutions Ltd and Rare Direct Media Limited.

"Obviously, the investigations are open and ongoing, so no decisions have yet been made."

A Think Telecom Solutions spokesman told us he wasn't previously aware of the PhonePayPlus investigation. He added that it was only a reseller and suggested any complaints would be more properly directed at its customers.

"We are mobile telecoms dealers who resell airtime to our 600 plus customers, who operate 8,400 lines," he said. "Nonetheless we take any complaints seriously."

Hubble, bubble, toil and trouble

Peter Watling, author of BubbleWrap, told El Reg that the issue affects more than just his application, even though Bubblewrap has been the focus of complaints thus far.

"I saw one report online saying it happened while they used Facebook too, does that use AdMob?" Watling said.

"I'm sure this behaviour isn't limited to my app only. I have passed on a list of numbers I was sent that were dialed, to AdMob to see they are all blocked."

Rik Ferguson, a security consultant at Trend Micro, backed up Watling's assessment that the issue extends beyond BubbleWrap.

"The developer of BubbleWrap stating categorically that his app does not contain code for making calls. The telephone number itself belongs to Rare Direct Media," Ferguson told El Reg

"It looks like there is already an investigation underway into that number. Someone else complained that this number was dialled when they were using the Independent's ad-sponsored newsreader."

AdMob isn't supposed to accept adverts tied to premium-rate numbers, a factor further complicating the situation. AdMob has told Watling that it has addressed the no-warning bug.

The issue illustrates two wider points. Firstly, the mobile eco-system has become very complex so that assigning responsibility in cases of user complaints, especially in similar problem occur on a wider scale, has become much less simple. Secondly, despite Apple's fabled control, the unexpected can still happen with smartphone application. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Reg man builds smart home rig, gains SUPREME CONTROL of DOMAIN – Pics
LightwaveRF and Arduino: Bright ideas for dim DIYers
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Apple patent LOCKS drivers out of their OWN PHONES
I'm sorry Dave, I'm afraid I can't let you text that
Microsoft signs Motorola to Android patent pact – no, not THAT Motorola
The part that Google never got will play ball with Redmond
Slip your finger in this ring and unlock your backdoor, phone, etc
Take a look at this new NFC jewellery – why, what were you thinking of?
Happy 25th birthday, Game Boy!
Monochrome handset ushered in modern mobile gaming era
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.