Is Line able to associate e-mail accounts with phone numbers?

[blue_leaf77]

So here is the situation, I just got to know a certain person and I was recently notified through my Line that he added me as his friend. I have his phone number but he doesn't have mine. All he has about my contact is my e-mail. However, when making a Line account I was not asked to input my e-mail. How can he find me in Line then? The only explanation I can come up with is that this app is able to associate any e-mail accounts registered in the smartphone in which this app is installed with the number used by that phone. But if that's true, then if I purposely enter someone else's phone number to make Line account using my own smartphone in which my e-mail is registered that will cause this app to falsely identify the phone number as mine.

 

[Greg Bernhardt]

What is Line? :)

 

[blue_leaf77]

Ah I see why I haven't been getting any answer. Seems like Line is not quite popular in the west. Line is a free calls and messages application for smartphones using internet instead of mobile network provider, another popular rival is WhatsApp. I guess this one is more popularity there.

 

[shadowshed]

There's a possibility that he might have gotten your number or perhaps asked a third person to share your contact information. There's also a feature where you can add people that appear in your timeline, but I guess it'll need your permission first to accept them.

But if that's true, then if I purposely enter someone else's phone number to make Line account using my own smartphone in which my e-mail is registered that will cause this app to falsely identify the phone number as mine.

Nope. There's a number verification code to make sure that doesn't happen that easily.

After all, according to my experience, I've never felt they're using email data to connect users beside of logging in from PC.

 

[Psinter]

So here is the situation, I just got to know a certain person and I was recently notified through my Line that he added me as his friend. I have his phone number but he doesn't have mine. All he has about my contact is my e-mail. However, when making a Line account I was not asked to input my e-mail. How can he find me in Line then? The only explanation I can come up with is that this app is able to associate any e-mail accounts registered in the smartphone in which this app is installed with the number used by that phone. But if that's true, then if I purposely enter someone else's phone number to make Line account using my own smartphone in which my e-mail is registered that will cause this app to falsely identify the phone number as mine.

I cannot answer your question completely because I don't work with their software and therefore I don't know how their search works, but still. What OS are you using: Android or iOS? Do you have an ID with similar characters to your email address? In the case of Android here are some technicalities:

The application in question uses PHONE permission which allows it to get the device's phone number using either of the respective methods of these classes:

• https://developer.android.com/reference/android/telecom/TelecomManager.html
• https://developer.android.com/reference/android/telecom/PhoneAccount.html

It also uses the Identity category of permissions (probably with GET_ACCOUNTS permission) which allows it to get the device's email address and other information (depending on the authenticator):

• https://developer.android.com/refer...ager.html#getAccountsByType(java.lang.String)

As of recent changes, that method requires now the user's explicit permission before allowing it to access the information. With those two together, they can store both, the phone number and email in a database and do exactly what you mentioned. Nothing too weird about it. Maybe the user entered your email and while your phone number was not made available to the user, since the keywords more or less matched your email address in the database, the user was shown your account and given the option to add you as a friend. That's usually how applications that relate to communication work. This is assuming they actually stored the email in a database by making use of the Identity category permission.

So the above information of the API makes what you mentioned perfectly possible as well as your other suspect of making a wrong association of phone number and email address. I think that last one would be harder, but not impossible.

Also, onto the third question I asked you, if your ID and email have similar characters, then he could have found you that way. Because they have a search by ID and searches usually return IDs by matching the input characters.

Finally, similar to what shadowshed said, there are third party services in which you can pay to obtain a lot of another person's personal information. Like when you hire a detective, but digital.

Nope. There's a number verification code to make sure that doesn't happen that easily.

You are right, not easily, but that code is sent through SMS. So if OP has access to the friends phone he can just verify it once and be done with it. Unless the verification code is sent on every login, what OP says is possible. Another way the developers of the app could make it harder is that since they have access to phone number and email address, verify that the phone has the same the email account and number it was registered on and if it is not, then send a verification code before allowing login.

By the way, I like your avatar.

 

[blue_leaf77]

Also, onto the third question I asked you, if your ID and email have similar characters, then he could have found you that way. Because they have a search by ID and searches usually return IDs by matching the input characters.

Both my e-mail and ID contain part of my name but they are not identical. However, setting up ID in this app is optional and by the time that acquaintance of mine added me I haven't established my ID. Anyway, your explanation rings a bell in my head, before every installation of application in Google Play, we are asked our permission for the app to be installed to access certain details in our phone. So, I agree with you they must have associated my phone number and e-mail in their database.

 

[Psinter]

I see.

I found something more interesting in their FAQ:

https://help.line.me/line/android/pc?lang=en

Search there for the question titled: "Why does LINE utilize the contact information on my smartphone?" and you will find it.

Resuming that, it says that if certain step criterias are met, they access the information on your contact list or address book together with your phone number to populate friend recommendations, although they protect it. So with the answer they wrote to that question (check it out, they provide the details), it could be deduced, although not with 100% certainty (I find the information a little vague), that your email was in his phone and was used by the app when he was presented with friend recommendations. Had it been this way, according to the FAQ, he still shouldn't have your phone number as they do not disclose it.

Case probably solved.

 

[Psinter]

But if that's true, then if I purposely enter someone else's phone number to make Line account using my own smartphone in which my e-mail is registered that will cause this app to falsely identify the phone number as mine.

Before I leave this thread, just a mini note. I know that what says there is just an if-then statement, but I do not condone that or anything of anything. To anyone who reads this, always read and abide by the TOS of anything you use.

That was it, bye.

 

[shadowshed]

The application in question uses PHONE permission which allows it to get the device's phone number using either of the respective methods of these classes:

• https://developer.android.com/reference/android/telecom/TelecomManager.html
• https://developer.android.com/reference/android/telecom/PhoneAccount.html

It also uses the Identity category of permissions (probably with GET_ACCOUNTS permission) which allows it to get the device's email address and other information (depending on the authenticator):

• https://developer.android.com/refer...ager.html#getAccountsByType(java.lang.String)

I wonder how you'd know that the app use Phone permission. Do you mind explaining it to me?

You are right, not easily, but that code is sent through SMS. So if OP has access to the friends phone he can just verify it once and be done with it. Unless the verification code is sent on every login, what OP says is possible. Another way the developers of the app could make it harder is that since they have access to phone number and email address, verify that the phone has the same the email account and number it was registered on and if it is not, then send a verification code before allowing login.

By the way, I like your avatar.

I'm aware of having control over the friend's phone situation. And for checking the same email account... I haven't really experienced any checking over it, since not every LINE account has registered their emails anyway, but I guess there's a possibility for that.

Btw thanks. She's Youmu from Touhou. The avatar is. :P

 

[Psinter]

I wonder how you'd know that the app use Phone permission. Do you mind explaining it to me?

Yes.

Short answer: Here and there mostly. No particular method. (◠‿◠)

Medium sized answer: In Google Play. There is a section that shows the permissions.

Long answer:
Two ways, but there are more. In Google play, you scroll down past the description, reviews, changelogs, etc... and there is a link text in a very light font that says: "View Details" right below a bold text that says "Permissions" under the category of "ADDITIONAL INFOMRATION". You click the "View Details" link and see the permissions it uses.

The other way is by installing it. Everytime one installs something from Google Play, it shows the user the permissions the application uses and unless one accepts, one cannot install.

There is a third way that depends on the operating system in question. In most current versions of Android, if not all, there is included some part in Application Management settings that allows you to see the permissions an installed application uses.

A fourth way is by installing a third party application that tells you which permission each of your installed applications use.

And so on and so on .

As for how I know what each permission can be used for, that data is more scrambled in different places. It can be found in the framework API documentation on their respective places where they are used. Here is a specific set of android versions example not from the API: https://support.google.com/googleplay/answer/6014972?hl=en

But as you can see, the description of permissions here is vague and not technical. With Phone permission you can actually get the device's phone number through the methods of the link I posted in my first post of this thread. And it doesn't state in this page that one can do so. Although the second bullet in my first post won't appear in this link because it was introduced in the API 23. Not that it matters much anyway. One can do what one can do regardless of whether it is properly documented or not. It has always been like that and anything relating to Android permissions have always being vaguely documented .

Btw thanks. She's Youmu from Touhou. The avatar is. :P

Oh I see.

 

[shadowshed]

I see. That's very observant of you! :)