11/19/2007, 9:35am, EST
Monday, November 19th
Apple secretly tracking iPhone IMEI numbers? [U]
(Updated with link to debunking claims)
Apple is keeping abnormal watch on the identity of iPhones making use of online services, some hackers suggest. Buried within the binaries for the Stocks and Weather widgets is code that hands over a user's IMEI number -- the unique identifier for each phone. While IMEI numbers are common to all GSM cellphones, and are regularly used to authorize presence on a network, they are normally unneeded for accessing individual web services. Furthermore, it is impossible to modify the binaries' URLs to omit IMEI data and still retrieve any data from the widgets.
Why the information would be needed is unknown, but proposed reasons include the likes of targeted advertising, consumer research, or guarding against unauthorized devices. It is reportedly very easy to spoof an IMEI number however, by using a hex editor to replace the variables in the URLs with any two-digit number, such as 00.
Unusually, a similar URL appears in code for iPod touch applications, and even the Mac OS X Leopard version of Calculator. Neither platform has an IMEI number to transmit, which suggests that Apple is sharing the same general code base between all recent versions of Mac OS. Those concerned about tracking desktop OS connections can reportedly keep watch with programs such as Little Snitch.
Update: A German publication now says that privacy concerns are unfounded.
Filed under: Apple
, 
, 14
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
I'm sure other phones and/or providers are doing the same thing.
But you wouldn't be saying that about Microsoft phoning home innocuous data with Windows, would you?
If the iPhone is really phoning home (hardy har), then Apple should make it clear and/or allow the user to turn it off.
What kind of info they'd be getting from the weather widget is just beyond me, though.
Use a hex editor to search for text string http in Applications/Calculator/Contents/MacOS/Calculator
http://slashdot.org/comments.pl?sid=364825&cid=21407515
"There's a substantial difference between receiving information and tracking people. Do the land-line phone companies "track" the calls you make? Sure, they use it to send you a bill, but most people don't seem to think it's a privacy violation. The author does not, as he claims, have "proof" that Apple track iPhone users, simply that they have the wherewithal to collate information about the services used by people if they could be bothered.
The IMEI number is there to facilitate identifying mobile devices to the Public Land Mobile Network (PLMN) for the purpose of charging for services. Your IMEI goes out every time you connect to the EDGE network or any GPRS service anywhere in the world, and is (and always has been) logged by the phone company, irrespective of what brand of phone you have. It's always been possible for the phone company, or anyone with the right data sharing relationship with the phone company (e.g. Apple), or the police with a court order, or the CIA/FBI/KBG/MI6, to link this to the IP address assigned to the mobile device, and from there to server logs. People who worry about this shouldn't just be wearing tin-foil hats, they should be putting tin foil around their phones too."
In short, this is a hardware device serial number, nothing more. What a stupid story. I'm sure it will cause a lot of outcry, though.
I can see the keynote now. “Super Implant Ti Pro, the only implant that acts like a credit card, cash, pay tolls, boarding pass, house key, car key, work id, web and email password, computer login, birth control and cell phone.” Hell I want one.
Uh Oh, time for my meds. Crap, where did I put that foil? . . .