Services Can Grab Your Phone Number, Billing Info, and Location with Just Your Mobile IP Address
Smartphones, and the web browsers that many of us use every single day, are becoming more and more complex with each passing year. These applications used to only be used to browse the contents of a website but now they can activate your vibration sensor, experience virtual reality and much more. Now, mobile carriers have their own APIs that a service provider can pay for, which will give them direct access to personal information with just your mobile IP address.
The amount of user data that is going around from company to company would astonish most people. Today, people get spooked when they learn what data companies like Google and Facebook are collecting on people and this stuff is public knowledge. Then we have other companies who have difficulties communicating what data they collect on you and this is what we recently saw with OnePlus. However, there are far more products and services out there collecting information that we have yet to fully uncover.
So back in 2013, AT&T announced a new service that they called the Mobile Identity API. This API was not made publicly available and it has only been offered to select enterprise contracts since then. They announced it as a way to help businesses improve mobile transaction security and they are used to reveal a lot of personal information about you. They admitted it would reveal “name, address, phone and email information” about the customer but it can also include mobile carrier contract details and even the latitude and longitude of your current location (depending on the kind of cell phone towers you’re connected to).
After AT&T announced this new Mobile Identity API, Verizon Wireless launched a similar service and the co-founder of Shotwell Labs, Philip Neustrom, discovered that two companies (Danal and Payfone) are paying to access this data. Collecting data is one thing as it can lead to better security, improved services, and more. However, this should be done in an anonymized way and instead this shows us that wireless carriers in the United States are selling direct, non-anonymized, real-time access to consumer telephone data to 3rd-party services.