Storm8, is the entity behind popular games like iMobsters, World War, Racing Live, Vampires Live, Kingdoms Live, Zombies Live and Rockstars Live, among others. The company has five titles ranked in the top 50 free apps list in iTunes and seven titles in the top 100.A federal lawsuit filed on Wednesday is charging an iPhone development firm with collecting users' cell phone numbers without their permission. The developer, a game-making firm by the name of
According to the pending class-action suit, Storm8 used a well-known backdoor method to "access, collect, and transmit" the wireless phone numbers belonging to their software's users.
Now the company has publicly responded to the suit by posting on their forums a sort of mea culpa as well as their plans to ask for a dismissal of the lawsuit due to its "complete lack of merit."
Download a Game, Give Up Your Phone Number
The complaint, filed on behalf of Michael Turner (and available in its entirety here), states that all the games retrieved the user's cell phone number and sent it over to the company without informing the user that this is being done. The suit also points out that there's no reason for this to occur since playing an iPhone game doesn't require the developer to have access to this sort of personally-identifiable information.
While initially Storm8 claimed the harvesting of these phone numbers was due to a "bug" in their code, attorneys for the plaintiff were quick to point out that specific software code was required in order to retrieve the numbers - no bug could have done that. In other words, the collection was intentional.
Storm8's Response: We Erred, We Fixed It, Lawsuit is Meritless
Now the company is changing its tune - well, a bit. Instead of calling it a "bug," they're claiming that the phone number collection was due to legacy code that was put in place very early on in the software development process as a way to identify specific devices. Later, the company decided to use the iPhone's Unique Device ID (UDID) instead - a much more common and accepted practice for developers needing an identification method. UDID's aren't associated with a person's name or phone number - they just identify the iPhone itself. However, even though the company changed methods, they didn't remove the old code that performed the phone number collection.
Storm8 claims that they did nothing with those phone numbers nor did they provide them to any other company. They also say that the database housing the numbers was destroyed in August after they were alerted to the issue. At that time, they took voluntary actions to update their applications to new versions with the legacy code removed.
The company states that they plan to ask for a dismissal of the suit because no user "has incurred any damage or loss" as a result of their actions. Unfortunately, they may be right. As despicable as those actions were, the law may be on their side. According to legal news site FindLaw, the law requires that not only was a personal computer accessed, but that the computer was also damaged. Turner's lawyer then will have to prove that Storm8 caused damage because it "impaired the integrity of the data stored on a protected computer." Additionally, cell phone numbers are not considered "protected data" in the same way that social security numbers or bank account numbers are. In other words, despite how icky this privacy violation makes you feel, it may not actually be illegal.
In our opinion, that's terrible news. Of course we wouldn't want this to start some sort of "sue the programmer" trend, but we do need to have more control over who's doing what with the personal data stored on our mobile phones - especially if Apple isn't going to look out for us in this case. Shouldn't there be some way to punish developers who go after this private info without our knowledge - whether intentionally and maliciously or not? It seems like we have enough concerns over privacy issues these days, we shouldn't have to worry if our iPhone apps are spying on us, too.