Kaspersky Lab, a Russian security company reported that an app on both the iOS App Store and Google Play Store for Android called Find and Call, was harvesting address book contacts and sending them to the developer’s servers. The developers would then send back texts to the gathered contacts advertising the application, with a form containing the original user’s number.
This application was primarily targeting Russian customers as the primary language of the device, but the app was available worldwide. This seems to be the first instance of user contacts have been used in a malicious manner, although there has been some inappropriate use of contact information in the past.
Kaspersky Lab updated their post several times indicating that the app is also sending out spam emails to user contacts.
At any rate, Apple has removed the application from the App Store, with both the US and Russian stores showing that the application is now unavailable. Plus, Apple released a statement to The Loop, acknowledging the removal of the app. Here’s the statement:
“The Find & Call app has been removed from the App Store due to its unauthorized use of users’ Address Book data, a violation of App Store guidelines.”
How did this get on the App Store in the first place? Whatever the reason, it’s inexcusable. If Apple wants to be the gatekeeper, then be the damn gatekeeper. Adding insult to injury, this app has been on the App Store since June 13. More than enough time to do serious damage.