O2 Privacy Flaw Sends Users' Mobile Numbers to Visited Websites
As noted by think broadband, a privacy flaw in the way UK carrier O2 handles web traffic on mobile devices has resulted in users' mobile numbers being sent to any website visited from the device as part of the headers in the HTTP requests. While O2 is apparently still investigating the situation, it appears to have the potential for significant privacy-related issues.
If you're reading this news article using your O2 mobile phone, you'll be pleased to know that O2 have already sent us your mobile phone number within the HTTP headers which normally contain information about how content can be displayed on your device. These headers are not normally seen by users, and usually not logged by most websites, but the flaw allows malicious sites to get more personal information about you than you may be willing to share.
For example, if you open an e-mail which includes references to external images, the mere action of opening the e-mail would divulge your phone number. This could be used by anyone undertaking a phishing attack or other scam to get more information from you. The opportunity to abuse this is potentially endless.
The issue was discovered by Twitter user @lewispeckover, who then set up a website to allow users to see what headers are being sent as part of their HTTP requests to websites.
He now notes that the headers coming from his device appear to have stopped showing his mobile phone number, although O2 has yet to issue an official statement on the matter. The company's Twitter account is continuing to blast out responses to concerned users, noting only that the company is looking into the situation and will issue an update when it knows more.
The issue is not exclusive to the iPhone and has the potential to affect all mobile data on the second-largest carrier in the UK, although some users have reported that they are not seeing their mobile numbers appearing in their HTTP request headers. The issue has the potential to for a significant impact on UK iPhone users, as O2 has proven to be a popular choice for iPhone users dating back to its status as the exclusive iPhone carrier in the UK when the device originally launched back in 2007.
Those familiar with the UK's privacy laws have indicated that mobile phone numbers are not considered protected information, but the disclosure of such numbers as part of standard HTTP requests does have the potential to carry implications for users.
Popular Stories
Apple does not approve of the "Hot Tub" pornography app that was released for the iPhone in the EU using alternative app distribution, Apple said in a statement to MacRumors. Further, Apple is concerned about the potential user safety risks with a pornography app, and says that it undermines consumer trust in the Apple ecosystem.
We are deeply concerned about the safety risks that hardcore...
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices.
iPhone 17 Pro concept based on rumors
Below, we recap key changes rumored for the iPhone 17 Pro models as of January 2025:
More aluminum: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models ...
Apple previously teased that Powerbeats Pro 2 would be released in 2025, and now an announcement date has leaked. Bloomberg's Mark Gurman today said Apple plans to unveil the wireless earbuds on Tuesday, February 11.
Powerbeats Pro 2 will be priced at $250 in the U.S., he said.
Powerbeats Pro are a sportier, fitness-focused alternative to AirPods Pro with built-in, adjustable ear hooks...
Starting next week, Apple's retail stores will no longer offer AppleCare+ plans as a one-time purchase, according to Bloomberg's Mark Gurman.
Instead, he said the stores will only offer AppleCare+ as a subscription. For example, AppleCare+ for the iPhone 16 Pro Max costs $9.99 per month, or $199 upfront for two years. The latter option would no longer be available at Apple's stores....
As early as this week, Apple plans to introduce a new iCloud-based service for event invites, according to Bloomberg's Mark Gurman.
In his Power On newsletter, Gurman said the new service is codenamed "Confetti" within Apple. He said the service will offer users a "new way to invite people to parties, functions, and meetings." He did not say if this functionality would be available through a ...
January has come to a close, with Apple pushing out iOS 18.3 and related software updates in the final week of the month to deliver some refinements for Apple Intelligence, security fixes, and more.
We're looking ahead to more substantial updates with iOS 18.4, while we also shared news and rumors about AirPods and the upcoming "iPhone 17 Air," so read on below for all the details!
iOS...
On this week's episode of The MacRumors Show, we talk through all of the latest rumors about the iPhone SE 4 as it nears launch.
Subscribe to The MacRumors Show YouTube channel for more videos
The fourth-generation iPhone SE is widely rumored to feature an iPhone 14-style all-screen design with a 6.1-inch OLED display, Face ID, and USB-C. Images of dummy models showcasing the new design were ...
