Can anyone think of a good reason why Apple would design for a native app to call through?
Why would Apple code a feature and document it?
Because It has a purpose and is not a flaw.
Well, now it's a flaw that some sneaky and devious individual may be able to use against iPhone owners. The original intent might have been noble but in practical use. . .
When a user taps a telephone link in a webpage, iOS displays an alert asking if the user really wants to dial the phone number and initiates dialing if the user accepts. When a user opens a URL with the tel scheme in a native app, iOS does not display an alert and initiates dialing without further prompting the user.
Looks like that proof is a jailbroken device to me. Once you remove the lock on the "walled garden" who's fault is it if the thieves get in?
Ok, after reading the link to the article, this is either a jailbroken device, or he's running it in the dev testing mode on a mac. The one thing that cannot be verified is if he actually made a script for the link to click itself or if he actually clicked it. With the way the mouse moves in all of the examples, it looks like a person moved the mouse since it does not move straight to the link and click, it loops under the link and then clicks on it.
This is something that Apple should fix of course, I just don't think it's as bad as some people are trying to make it. A call will trigger the "calling" screen with a big red button to hang up. It's not like an app can call hundreds of numbers in the background without you noticing it.
Meanwhile, any app can send spam email (or do other nefarious stuff that can be done through the internet) behind your back without any visible sign that it's happening.
Well, now it's a flaw that some sneaky and devious individual may be able to use against iPhone owners. The original intent might have been noble but in practical use. . .
Nice edit...
But you didn't answer my question of purpose? Why would Apple allow sneaky and nefariously devious individuals to do this?
But you didn't answer my question of purpose? Why would Apple allow sneaky and nefariously devious individuals to do this?
.
They didn't realize that it could be abused for purposes Apple did not intend? Now that Apple is aware of it your answer will come by whether they choose to change it. I'll wager they do.
They didn't realize that it could be abused for purposes Apple did not intend? Now that Apple is aware of it your answer will come by whether they choose to change it.
According to post #14 it has been fixed in iOS 8. They will still need to fix it in all supported OS versions though.
Must be something in the water today. Read the article.
oh geez. . . I read it before the AI author did.
Google can rewrite every one of their iOS apps to display a warning even tho iOS doesn't require it. . It won't prevent any other iOS app from "phoning home" (or something more nefarious) without your OK. It will almost certainly have to be an Apple fix.
READ THE SOURCE ARTICLE!
No.
As you seem determined to ignore the article, let me make it simple for you.
Due to poor programming on the part of Google and Facebook, it is possible to automatically dial a number from a link. To save those developers from themselves, it is suggested that Apple will implement an automatic warning message. Google and Facebook could have simply written in the warning message in the first place, but they didn't bother, as they only care about the advertisers, not the users.
Technical oversightson the part of some of the iOS ecosystem's most prominent developers -- including Facebook and Google --?could allow attackers to exploit a documented iOS feature that allows apps to initiate phone calls without a prompt, spurring reminders that iPhone owners should be careful what they tap on.
While the issue does not represent a flaw on Apple's part, it seems likely that the company will implement changes to save developers from themselves, perhaps by altering the default behavior of such links to draw a confirmation prompt as they do when tapped in mobile Safari.
They didn't realize that it could be abused for purposes Apple did not intend? Now that Apple is aware of it your answer will come by whether they choose to change it. I'll wager they do.
Of course there are unintended consequences.
Since sneaky and devious individuals may be able to use email links against email users, they are now a flaw...
Yes. As hell-bent as you are on being "right" instead of accurate
"While I only tested on a few apps which are big names, it is safe to assume that the smaller teams and platform haven't even thought about preventing this."
No change Google could put in place would have any effect outside of their own apps. Just as I've said (more than once) it's now Apple's "flaw" to fix. MStone was helpful enough to note that Apple is doing just that in iOS 8, an acknowledgement that the URL scheme as written wasn't appropriately done in hindsight. Nice that Apple didn't so stubbornly insist as you do that everything was just fine the way they wrote it don't you think.
"While I only tested on a few apps which are big names, it is safe to assume that the smaller teams and platform haven't even thought about preventing this."
This man is casually dismissing small developers as ignorant twits, suggesting that none of them will have deigned to put in a tiny safeguard because the big boys overlooked it.
The appalling arrogance of that statement tells me all I need to know about you.
I'm going to try to explain something to you in a very simplified manner in hopes that you will be able to understand the concept. AI forums is a community. The long time members enjoy learning and sharing with the other posters with whom they have developed a camaraderie. There are some very knowledgable people who frequent these boards and many are well known for their expertise in certain subjects.
You, on the other hand, are new around here and also a very prolific poster. You are highly critical of even sound logic, intelligent, researched comments. You don't know these people who you try to offend. For most members, an effort to fit in and be well respected and appreciated is something they strive to do. Your posting style has made you almost universally disliked. You are stubborn, lacking in knowledge and insulting. This is not how you win friends or support from the community. It would be much appreciated by all if you would tone down the arrogance and insults. You don't have the knowledge or wit to pull it off. You just come off as pathetically insecure.
You should strive for more thumbs up and less backlash from the other members.
[CONTENTEMBED=/t/181966/known-ios-auto-call-feature-sparks-concerns-about-unintended-dialings/0_100#post_2584334 layout=inline]The appalling arrogance of that statement tells me all I need to know about you.[/CONTENTEMBED]
I'm going to try to explain something to you in a very simplified manner in hopes that you will be able to understand the concept. AI forums is a community. The long time members enjoy learning and sharing with the other posters with whom they have developed a camaraderie. There are some very knowledgable people who frequent these boards and many are well known for their expertise in certain subjects.
You, on the other hand, are new around here and also a very prolific poster. You are highly critical of even sound logic, intelligent, researched comments. You don't know these people who you try to offend. For most members, an effort to fit in and be well respected and appreciated is something they strive to do. Your posting style has made you almost universally disliked. You are stubborn, lacking in knowledge and insulting. This is not how you win friends or support from the community. It would be much appreciated by all if you would tone down the arrogance and insults. You don't have the knowledge or wit to pull it off. You just come off as pathetically insecure.
You should strive for more thumbs up and less backlash from the other members.
I must be doing something right to engender such a heartfelt response from you. ????
Comments
Why would Apple code a feature and document it?
Because It has a purpose and is not a flaw.
Well, now it's a flaw that some sneaky and devious individual may be able to use against iPhone owners. The original intent might have been noble but in practical use. . .
If that's a feature then it's flawed thinking.
Ok, after reading the link to the article, this is either a jailbroken device, or he's running it in the dev testing mode on a mac. The one thing that cannot be verified is if he actually made a script for the link to click itself or if he actually clicked it. With the way the mouse moves in all of the examples, it looks like a person moved the mouse since it does not move straight to the link and click, it loops under the link and then clicks on it.
No way to be sure.
Looks like that proof is a jailbroken device to me. Once you remove the lock on the "walled garden" who's fault is it if the thieves get in?
Normally I'd agree with that, but since it is an Apple documented URL behavior, it is probably unrelated to a jailbreak.
This is something that Apple should fix of course, I just don't think it's as bad as some people are trying to make it. A call will trigger the "calling" screen with a big red button to hang up. It's not like an app can call hundreds of numbers in the background without you noticing it.
Meanwhile, any app can send spam email (or do other nefarious stuff that can be done through the internet) behind your back without any visible sign that it's happening.
No way to be sure.
You can go to that webpage and test it. It is actually doing what it demonstrates.
http://box.algorithm.dk/ios/02.html
<script>
var target = document.getElementById("target");
var fakeEvent = document.createEvent("MouseEvents");
fakeEvent.initEvent("click", true, false);
target.dispatchEvent(fakeEvent);
</script>
Nice edit...
But you didn't answer my question of purpose? Why would Apple allow sneaky and nefariously devious individuals to do this?
Oh my God! It's for the NSA!
/s
No reply required.
According to post #14 it has been fixed in iOS 8. They will still need to fix it in all supported OS versions though.
No.
As you seem determined to ignore the article, let me make it simple for you.
Due to poor programming on the part of Google and Facebook, it is possible to automatically dial a number from a link. To save those developers from themselves, it is suggested that Apple will implement an automatic warning message. Google and Facebook could have simply written in the warning message in the first place, but they didn't bother, as they only care about the advertisers, not the users.
Technical oversights on the part of some of the iOS ecosystem's most prominent developers -- including Facebook and Google --?could allow attackers to exploit a documented iOS feature that allows apps to initiate phone calls without a prompt, spurring reminders that iPhone owners should be careful what they tap on.
While the issue does not represent a flaw on Apple's part, it seems likely that the company will implement changes to save developers from themselves, perhaps by altering the default behavior of such links to draw a confirmation prompt as they do when tapped in mobile Safari.
Of course there are unintended consequences.
Since sneaky and devious individuals may be able to use email links against email users, they are now a flaw...
Yes. As hell-bent as you are on being "right" instead of accurate
"While I only tested on a few apps which are big names, it is safe to assume that the smaller teams and platform haven't even thought about preventing this."
No change Google could put in place would have any effect outside of their own apps. Just as I've said (more than once) it's now Apple's "flaw" to fix. MStone was helpful enough to note that Apple is doing just that in iOS 8, an acknowledgement that the URL scheme as written wasn't appropriately done in hindsight. Nice that Apple didn't so stubbornly insist as you do that everything was just fine the way they wrote it don't you think.
This man is casually dismissing small developers as ignorant twits, suggesting that none of them will have deigned to put in a tiny safeguard because the big boys overlooked it.
I'm going to try to explain something to you in a very simplified manner in hopes that you will be able to understand the concept. AI forums is a community. The long time members enjoy learning and sharing with the other posters with whom they have developed a camaraderie. There are some very knowledgable people who frequent these boards and many are well known for their expertise in certain subjects.
You, on the other hand, are new around here and also a very prolific poster. You are highly critical of even sound logic, intelligent, researched comments. You don't know these people who you try to offend. For most members, an effort to fit in and be well respected and appreciated is something they strive to do. Your posting style has made you almost universally disliked. You are stubborn, lacking in knowledge and insulting. This is not how you win friends or support from the community. It would be much appreciated by all if you would tone down the arrogance and insults. You don't have the knowledge or wit to pull it off. You just come off as pathetically insecure.
You should strive for more thumbs up and less backlash from the other members.
I must be doing something right to engender such a heartfelt response from you. ????
Okay if heartfelt means not beating you with a cricket bat, fine, but I consider myself to be repulsed by you. You don't get that?
Using code seems like a lot of trouble to make the phone dial...
After iOS 8 has wide release I could just put out a radio advert during rush hour/drive time that says,
'Hey Siri, dial 1900 xxx-xxx.'
Could probably throw in... 'Ok Google, dial 1900 xxx-xxx' for good measure.
That or maybe a late night TV ad for those who leave their phone charging in the living room and fall asleep with the TV running.
Ok, so I wouldn't do that. But how cheeky will it be for a radio DJ on Mother's day to broadcast, 'Hey Siri, call Mom.'
Unfortunately, very unfortunately, Apple may need to have a (non-voice) confirmation for Siri to complete dialing.
Yeah, I know. I only have a problem not a solution.