Charged by sms for viewing wap page

jimmycrackcorm

I clicked on an advertising link in one of the apps on my Android phone. I saw it was an adult page and it said that by clicking next you get charged €4. I thought - no way - how can my phone get charged simply by accessing a web page.

so I clicked next and - nothing happened - it went to the next page. so I checked my online bill (My3 which is pretty instant). I tried selecting the next page, thinking, how can they possibly charge my phone simply by browsing the pages. Tried it a third and fourth time and checked my bill again. Still nothing but then all of a sudden I get a number of shortcode sms messages saying I have been charged €2 each.

Now, I'm not disputing that the pages stated that I would get charged and that I kept clicking next. However, I cannot understand how the site can get hold of my phone number to actually do the charging. I don't think it's accessible from the Android browser nor do I see it in the urls in the history. I'm mystified about getting premium sms charges from a web page with entering or selecting my mobile number.....

Random

the app itself may have sent the text?

jimmycrackcorm

Random wrote: »

the app itself may have sent the text?

I'd rule that out as I was charged for the number of times I selected the link on the browser. The URL was a wap .WML link but I don't think there is anything in the APN to make this different from any other browser access.

Random

the networks themselves can charge you on their own websites but i didn't think they passed billing information to untrusted third partys. not sure then.

Domscard

See this thread on the Vodafone forum - looks like they can Seems like a whole new way to exploit and extort via the browser on our phones.

jimmycrackcorm

Domscard wrote: »

See this thread on the Vodafone forum - looks like they can Seems like a whole new way to exploit and extort via the browser on our phones.

That's the same company that I have the problem with. I'm going to contact regtel and complain as I now believe the app sent a premium sms when I clicked the advert link without my consent. I don't believe the android browser is able to access the phone information to include in the link. I believe that the app sent the request and it came back with a personalised browser link that allowed the company to continue charging.

Like I say, I'm partially culpable as, having a technical background, I couldn't fathom how they could link a browser link to my phone number. Imagine if you accessed the pages from your desktop computer, that wouldn't work.

Indeed it is a very devious mechanism to achieve a somewhat dubious user consent.

Max Power 2010

Well even by looking at the VF forum link i do think android is a bit dodgy in this respect, every app ive installed (bare in mind the browser is an install) it tells before you hit install this will access phone information, your location etc.

When i access phone info in the settings menu my mobile number is displayed their so i assume this is how they got your number.

jimmycrackcorm

Max Power 2010 wrote: »

Well even by looking at the VF forum link i do think android is a bit dodgy in this respect, every app ive installed (bare in mind the browser is an install) it tells before you hit install this will access phone information, your location etc.

When i access phone info in the settings menu my mobile number is displayed their so i assume this is how they got your number.

I posted about that issue before. There's little point in showing the permissions required or used by an app during installation as it is not apparent then what it might do. Apps should be required to notify you when they attempt to use either phone calls or send texts.

Surely iPhone apps must also be able to access sms messaging to do the same?

Domscard

Big row going on over at Maemo Talk re the Nokia N900 and an SMS 'pulled' by Nokia on updating to the latest software. Essentially (and surreptitiously) Nokia used the N900 to generate an SMS back to them at the time of upgrade to sign everyone up to their 'services', thus confirming our numbers and mobile operators in the process.
There was no option to avoid this - most of us didn't even know it was happening - you simply couldn't get the latest PR1.2 without this registration. Although we were only charged for one SMS in the process, and you can opt out afterwards, the privacy aspect and the potential use of our data/credit in the future is infuriating a lot of people.