Can I Steal Your Email Address?

If you are running Mac OS X Leopard or Snow Leopard, the answer is almost certainly yes. Software that you download from the Internet and run on your computer can almost certainly obtain your email address without you knowing. And send it anywhere to the Internet. Again without you knowing.

Does Poker Copilot do this? No. But it could. Is your main email address a Gmail address? Do you use Poker Copilot’s feature to scan your Gmail account for PokerStars tournament results? Then you may have noticed that the first time you used this feature, Poker Copilot automatically determined your Gmail address.

It would be a trivial task to send this email address to a website that is waiting to gather email addresses.

When you get started with a new Mac, part of the setup process involves you specifying your email address. Your Mac then stores this in your Address Book. Leopard introduced a new feature in Cocoa’s ABAddressBook API that allows applications to access this info.

If this worries you, then you should install Little Snitch or similar software. This informs you of all communication a specific program has with the Internet. Or you could go into your Mac’s Address Book and remove your own email records.

I don’t want you to think I am paranoid. I’m not, I think. I simply find this situation interesting. The first time that software (Transmit 4) I downloaded told me my own email address I was somewhat surprised. And being a curious type I just had to know how it was done.

Finally, for for the techies, here’s how to do it: Use ABAddressBook’s sharedAddressBook method, then the me method, then valueForProperty:@”Email”, then valueForIdentifier: primaryIdentifier