Below is the ARS Technica article published in January concerning this very Real and Serious Security Breach.
W7 W8
W7 W8
There's a secret to recovering user phone numbers that does not involve the address book. Use Apple's shared global preferences. Read on to learn how.
One of the most common questions I get these days has to do with retrieving a user's phone number on the iPhone. It's a shockingly easy thing to do and yet a fairly undocumented task. That's because in every application deployed to the iPhone, Apple sneaks in a hidden symbolic link between the app's sandboxed preferences and a global preferences property list.
If you're on a jailbroken iPhone, this is easy to find. Peek in Library/Preferences with "ls -a". You'll find a symbolic link to /private/var/mobile/Library/Preferences/.GlobalPreferences.plist, which is where (among other items), you'll find a preference called SBFormattedPhoneNumber.
This preference provides exactly what the name implies: the user's phone number formatted to the current locale. For my iPhone, the format is along the lines of "1 (xxx) xxx-xxxx" but it will vary by your country and settings.
To retrieve the number, just use your standard user defaults as follows:
You can also read in the entire property list as such. Notice that I do not perform any checks to see whether the plist exists, but you can easily add those using NSFileManager:
For those wondering whether this opens up a security hole that allows unapproved access to your phone number, don't worry. Or rather, if you're worried, you probably shouldn't be using an iPhone. It's important to remember that perfectly legit applications can reach your phone number plus your entire address book as well. Applications can also obtain personal information from most of the iPhone file system, which remains readable despite Apple's developer sandbox. Just like any platform, the iPhone relies on a certain level of developer integrity (plus community policing) to stop security intrusions and overstepping information gathering.
source:arstechnica