I was reading about a missed call scam just now where the user gets charged even if they don't call the number back. It occurred to me that a malicious iPhone app could make calls to premium numbers to scam users out of money – indeed, it appears this has happened in the past.
According to Apple's own documentation:
When a user taps a telephone link in a webpage, iOS displays an alert asking if the user really wants to dial the phone number and initiates dialing if the user accepts. When a user opens a URL with the tel scheme in a native app, iOS does not display an alert and initiates dialing without further prompting the user.
It seems to me that an apparently benign iPhone app could, say, wait until the phone was left on charge (and hence likely not being attended by the user) and then initiate a call to a premium rate number to net the developer a tidy bonus. There doesn't appear to be any permission in iOS I can change to prevent this behaviour, since this is opening the phone app with a URL rather than accessing any phone data.
Can anyone confirm if my understanding is correct and, if so, why on earth Apple haven't closed such a gaping hole?
Best Answer
I've experimentally checked the iOS behavior by trying to initiate a phone call from one of my apps.
Here are the results:
So answering your questions, the only way to start a phone call without the user noticing it, is by somehow convincing the user to leave the malicious application running in the foreground, and then start the phone call, as iOS won't allow this operation if the app is backgrounded.
Currently iOS does not provide any mechanism to block starting phone calls from a particular app, but it can only happen if the app is in the foreground.