Ugly bug in Android

It is already known for a while that some Android based devices do not only support the “official” USSDs (Unstructured Supplementary Service Data), also known as “GSM codes”, like *#06# to display the IMEI, but also accept much more powerful commands this way – like resetting the device including a total erasure of all data or modifying the PIN/PUK of the SIM card!

Please also mind the update at the end of this article.

Since the Android browser will pass URLs automatically as a phone call to the system, if they start with tel:, it is also possible to embed such USSDs in web sites and therefore make many devices execute an action without further affirmation by the user – for example by using an IFRAME element which is loaded automatically by the browser. Besides devices by Samsung also many devices by HTC, Sony, Huawei and probably other manufacturers as well are concerned by this problem.

Also see

Until the manufacturers provide suitable updates, you can help yourself with the app “NoTelURL”. See or as QR code:


Update 2012-09-29: Meanwhile there is also an alternative app, which does not just block everything completely but shows the number and allows to forward the number to the dialer, so you can still use “good” numbers, see or as QR-Code:


Leave a public comment

Your email address will not be published. This is not a contact form! If you want to send me a personal message, use my e-mail address in the imprint.

You can use the following HTML tags in the comment:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>