I just came across an interesting feature in the Posten Sporing app of Posten Norge AS.
This app does the following (translated from the product description on Google Play):
Record tracking makes it easy to monitor packages on their way to you with the Post Office.
When you register with your mobile number and email we find automatically packages on the way to you. To achieve this, we rely on that the sender has registered your mobile number or email. We therefore constantly check if there are packages on the way to you and alert you via push when there is a new package. We will notify you when you can get it at the post office or possibly when it will be delivered to your home.
All good and well, of course. It also let’s you enter a package tracking number manually. Handy of course, should you have a package coming your way that didn’t make it into the system automatically.
But… here you can also enter some totally random number like… 12345
And then it suddenly gets interesting! I see a long list of packages, none of them mine (see screenshot, which I mutilated a bit on purpose). I can track their whereabouts, and it wouldn’t surprise me if I’d get a hentekode (pickup code) in the app when the package I selected makes it to the post office and is ready for pickup.
I wonder how long it will take before less honest people will start abusing this ‘feature’…
Their website on http://sporing.posten.no/ is even worse. There I can also search by phone number. This makes it very easy for anyone to track exactly where their neighbours, colleagues & family shop, and quite often it also gives a fair idea of what’s been purchased…
Continue reading »