The phone hacking story and discussion is great, but can we take a step back in this thread from the specifics of the SAS issue? It sounds frighteningly easy to gain certain kinds of control of someone's phone if you have access to some ID, but it's not clear to me how much and who can do it. I obviously don't want other game players to have such access, but more to the point I don't want anyone to have this kind of power over MY phone.
Can someone in the know (don't disclose how to do the attack obviously!) explain
a) What control precisely is gained? Is it over the CC app alone, or does it include e-mail/address book/browser etc? What about access to the phone hardware itself - calling, camera, GPS...
b) Is this issue iOS or Android specific? Is a Bluestacks app safe? In principle it should be sandboxed, but the consequences of a breach are that much more severe.
c) Is it possible (depending on whether the phone is rooted or jailbroken or as bought) to change permissions etc to limit the risk?
Depending on the answer to a) - c) I am considering uninstalling and cleaning Crime City from my phone/computer. Obviously Gree employees will have access/change rights over my game stats, but there's no way I'd want them or anyone else to be able to take over my phone.
Edit:
1. I would really like for some Gree admin to make clear what/how severe any security vulnerability is, and whether there's a patch upcoming. Cheating and hacking game stats is one thing; losing control of the phone to strangers is a whole 'nother level of dangerous.
2. What precisely is this ID? Is it a phone ID or something generated in-game? Why on earth is it being transmitted in plaintext in every support email if it can be misused?
3. I really hope Gree can do *much* better than their usual tardy response on this one. Most people, even (especially?) heavy spenders, won't want a dangerous application running on their phone.