Dailey News

Techmeme is all abuzz from this post talking about Apple sending the IMEI when you ask for the stock or weather. Without focusing on the fact that people happily get their stock and weather quotes from Microsoft and Google all day long using their userid’s there, my critical mind was set off by the fact that not a single person, not even the original poster, had looked at the packets on the wire.

It took me literally 60 seconds to capture traffic. Here’s how I did it:
- Set up internet connection sharing on my iMac to share my wired connection onto a temporary open wireless access point.
- Used tcpflow to capture the packets.

So here’s a request for stocks:


010.000.002.002.50987-017.254.032.016.00080:
POST /dgw?imei=BA650B95-F00A-499B-8953-EC7F096C11AB&apptype=finance HTTP/1.1
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Apple iPhone v1.1.2 Stocks v1.0.0.3B48b
Content-Type: text/xml
Content-Length: 467
Connection: keep-alive
Host: iphone-wu.apple.com


010.000.002.002.50987-017.254.032.016.00080: < ?xml version="1.0" encoding="utf-8"?>
<request devtype="Apple iPhone v1.1.2" deployver="Apple iPhone v1.1.2" app="YGoiPhoneClient" appver="1.0.0.3B48b" api="finance" apiver="1.0.0" acknotification="0000">
.<query id="1" timestamp="0" type="getquotes">
..<list>
...<symbol>%5EDJI</symbol>
...<symbol>AAPL</symbol>
...<symbol>GOOG</symbol>
...<symbol>YHOO</symbol>
...<symbol>T</symbol>
...<symbol>DELL</symbol>
...<symbol>QQQX</symbol>
..</list>
.</query>
</request>


and here’s a request for weather


010.000.002.002.50989-017.254.032.016.00080:
POST /dgw?imei=BFBCC984-744C-4A85-A3D5-BC0AF74A09AD&apptype=weather&t=2 HTTP/1.1
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Apple iPhone v1.1.2 Weather v1.0.0.3B48b
Content-Type: text/xml
Content-Length: 357
Connection: keep-alive
Host: iphone-wu.apple.com


010.000.002.002.50989-017.254.032.016.00080: < ?xml version="1.0" encoding="utf-8"?><request devtype="Apple iPhone v1.1.2" deployver="Apple iPhone v1.1.2" app="YGoiPhoneClient" appver="1.0.0.3B48b" api="weather" apiver="1.0.0" acknotification="0000"><query id="30" timestamp="0" type="getforecastbylocationid"><list><id>USCA1018|2488836</id></list><language>en</language><unit>f</unit></query></request>

So what do we know from this?

• The “imei” field being sent to Apple isn’t your actual IMEI in plain text.
• The weather and the stock widget both contain different values for the imei field, so there must be some sort of encoding or salt added to the actual IMEI value for each one.
• At this point there’s no empirical data that the imei field data being sent has anything to do with your actual IMEI, but it does appear to be some sort of identifier.
• Also, I tried a reboot and the data in the imei field is persistent, it stays the same after a reboot. (Edit: it’s now known that the identifier identifies the app, not the phone, so every phone’s stock widget sends the same identifier.)

Worst comment of the bunch comes from Duncan Riley at Techcrunch, who says “if you’re using your iPhone to surf porn be warned.”

Uh, no Duncan. First, this is only the stock and weather widget. Second, if you’re surfing porn at your house, for example, the porn site knows where you came from, your rough geographic location, and using a variety of trackers probably knows other porn sites that you visited from that IP. In fact, since TechCrunch uses google analytics every single person visiting TechCrunch while logged into their Google account has their entire TechCrunch browsing history logged at Google. But just to be clear, Apple isn’t appending the imei identifier to your porn search requests in Safari.

Your computer has a similarly unique, not-easily-changed identifier called a MAC Address. You’d also be surprised how little your IP at home likely changes. You also probably have doubleclick cookies that are set to expire in 2029 that have been on your system for years. So, meh.

Best comment summarizing my opinion on this comes from Gizmodo

“Holy s*** I just got my phone bill!

THEY KNOW EVERY NUMBER I CALLED!!!

TORCHWOOD”