« Previous post
Next post »

November 19, 2007

Whip Out The Tinfoil Hats, The iPhone Phones Home

Duncan Riley

37 comments »

iphone.jpgApple’s much loved iPhone has a hidden feature, and it’s not going to be welcomed by everyone: it phones home.

According to 9 to 5 Mac, the iPhone sends the users IMEI number, IP address and stock quote preferences amongst a number of things via a hidden string to Apple via the Weather and Stock apps. The information could be used by Apple to build user profiles that includes data on travel, financial and banking preferences, work details…even personal browsing information (if you’re using your iPhone to surf porn be warned).

Hackers are now apparently working on a way to block this functionality. In the mean time the only way of stopping data being sent to Apple is to delete the stock and weather applications via jailbreak.

  • Sphere It

This entry was posted on Monday, November 19th, 2007 at 5:55 am and is filed under Company & Product Profiles. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Trackbacks/Pings (Trackback URL)

  1. VitoNet

    November 19th, 2007 at 7:31 am

  2. iPhone is Phoning Home - BlackBerryForums.com : Your Number One BlackBerry Community

    November 19th, 2007 at 9:34 am

  3. iPhone News Blog - Apple iPod + Mobile Phone » iPhone backdoor for Apple, not good…

    November 20th, 2007 at 2:12 pm

Comments

RSS feed for comments on this post.

  1. Marc Fiszman

    November 19th, 2007 at 6:16 am

    Your “according to” link is screwed up.

    It exposes the site’s hidden admin section and could result in increased hacking / cracking activity.

  2. Duncan Riley

    November 19th, 2007 at 6:17 am

    Thanks Marc + apologies. Fixed.

  3. Hollywood Celebrity Pics

    November 19th, 2007 at 6:20 am

    its look Apple do good Market research

  4. MrGutts

    November 19th, 2007 at 6:22 am

    Marc,

    It’s only the wordpress login, every wordpress blog has that /wp-admin/ directory open to the world. Type this “inurl:wp-admin” in google and you will see.

    Anywho thanks for the story. :)

  5. Andy

    November 19th, 2007 at 6:33 am

    As I can remember some operators do that as well here in europe. I know from iMode that the webserver can request the IMEI when you vist an iMode website. Don’t know how this is working today - but it worked in the past.

  6. Chris

    November 19th, 2007 at 6:48 am

    Wow. This is a pretty horrifying invasion of privacy. What happened to owning something with no strings attached?

  7. damon

    November 19th, 2007 at 6:56 am

    Microsoft would be completely crucified if it was discovered to be sending info home to the mothership unknown to the users.

    Will be interesting to the see how the Apply fantards react.

  8. LiveCrunch

    November 19th, 2007 at 6:59 am

    Not bad post, I will probably mention something about it on my other blog http://ipodtouchtricks.blogspot.com

    Thanks!

  9. damon

    November 19th, 2007 at 7:00 am

    http://digg.com/security/Why_M.....Phone_Home

    Microsoft getting nailed for sending info back when trying to update windows, basically trying to make sure you have a licensed copy of windows.

    And then apple cripples phones if people update it, does not accept cash, and sends back continuous usage info to the mothership…

    sheesh

  10. Stefano Buliani

    November 19th, 2007 at 7:06 am

    This is yet another big misstep for Apple.

    Wrote an article about it just this morning with a screenshot of the “debugged” call.
    http://thebigdeal.wordpress.co.....customers/

  11. Eddy

    November 19th, 2007 at 7:41 am

    http://www.winandmac.com/mobil.....ones-imei/

    Commenter said I am wrong.

    What do you guys think?

  12. Tim F

    November 19th, 2007 at 8:04 am

    I am an Apple fan, but they have made a lot of mistakes lately. I used to sell macs, and when I go into an Apple store now, the salesmen start to annoy me. I understand now why some PC people get so sick of Apple fans. They are not the infallible company.

    Apple needs to wake up and get back to trying to help their customers not stalk and harm them.

  13. bob

    November 19th, 2007 at 8:09 am

    The iPhone redirects all RSS requests through http://reader.mac.com/ with a special URL : http://reader.mac.com/mobile/v.....TechCrunch
    (you need to spoof the User Agent to iPhone to view the reader)

  14. needlegun

    November 19th, 2007 at 8:15 am

    Lump sum up front.
    Monthly contract.
    Privacy.

    Any other ways Apple is going to make you pay for this phone??

  15. Vlad B

    November 19th, 2007 at 8:23 am

    Sending the IMEI is indeed questionable although I can imagine several non-evil satistical/authentication uses that involve it. Stock quotes / weather prefs on the other hand - how else are they supposed to know what data to send back to you?

    Using web services means you’re going to have to communicate with them. They’ll know your IP address as well as any necessary variables. Shocking as it is, it’s how things work on the internet.

  16. Paly

    November 19th, 2007 at 8:33 am

    Let’s see if we can’t whip up some moronic conclusions

    Yeeeeeeeehawwww Duncan, keep that brain off!

  17. Cavenger

    November 19th, 2007 at 8:39 am

    wow.

  18. FakeSportsBlogs

    November 19th, 2007 at 8:41 am

    If they wanted to do this they should prompt the user for approval. Even though 99% of people would say no, I guess a few might now.

    http://www.fakesportsblogs.com

  19. Christian Nussbaumer

    November 19th, 2007 at 8:42 am

    In my opinion there’s not one valid reason why to send an IMEI back to Apple than to track customers. Authentication can be accomplished by various ways and there’s no absolute need to use an IMEI number for a customer.

    IP adresses are often assigned temporarily (most providers use shared ip’s for xDSL, Dial-Up and other connection techniques) so you’ll never have an exact trail of the customers machine (thats’ why we have cookies which you can block). Additionally, IP adresses can be spoofed or you can surf using anonymisation services such as TOR and the like. IMEI numbers on the other hand are unique for every phone, so it would be easy, to track every customer from A to Z. All you need in addition is the subscriber data which Apple surely has (they’re working with AT&T and they shipped/sold every phone, just note the IMEI on every phone sold and you have it).

    This is a shame and I am looking forward to have this functionality blocked. Not because I have a cracked iPhone (one of 250′000 more or less) but because I do not like any company know too much about me. Google knows already too much about me (I use Gmail)…

    This is a shame for such a valued and well-known company. Let’s hope that the bloggers react well and that the company takes this into account (”lessons learned”)…

  20. Handsome Logic

    November 19th, 2007 at 8:46 am

    I have yet to jailbreak my iPhone, but this hack would definitely be one I’d be happy to use. Bring it on!

  21. ZuckThis

    November 19th, 2007 at 9:28 am

    Oh noes apple phone home!
    Sell the stock now!
    Burn the laptops in a pire!

    M$ never touches the wire!
    M$ is the new ethics role model!
    M$ has a better phone… wait, they don’t even have a fvcking phone!

    Whiners!

  22. James Thomas

    November 19th, 2007 at 9:29 am

    via.

    via via via. via via. via via via, “via via via via!”.

    via? via.

    (Duncan found a new word… lol)

  23. Dean Steadman

    November 19th, 2007 at 9:43 am

    Why do people always use pr0n as an example for privacy issues? We all surf for porn, let’s move along to real privacy issues now.

    I’m much more concerned with people collecting my surfing habits without my knowledge; or contact information out of my profiles; or my friends contact info.

    Trust me, my porn surfing is the least valuable bit of information out there.

  24. HonestMall.com

    November 19th, 2007 at 10:57 am

    *wonders if steve will release a press-release or letter on apple.com to combat the recent bad press

  25. Tech Narf

    November 19th, 2007 at 11:11 am

    you all worry too much and for nothing! do you think anyone will be interested to find out your fav porn sites?

  26. Steve Ballmer

    November 19th, 2007 at 11:13 am

    1984!
    Apple is over the top with this!
    Protest people, destroy all of those iMacs you have been buying and get a Vista PC!

  27. Michael Baron

    November 19th, 2007 at 11:15 am

    There is another potential use for this … shutting down the phones of off-network users. Whenever you make a call on a cellular network all of your data is saved by the carrier, including IMEI. All Apple has to do is run a scan to correlate data requests with network usage and create an exception report listing all data requests received when the phone wasn’t registered on an AT&T network. Next they simply send out a brick signal to all phones on that list the next time a data request comes through.

    What I don’t understand is the fierce loyalty that Apple users have to a company that treats them so poorly. True, the iPhone is much sexier and thinner than my 2 year old MDA. But the MDA does much more. Even though it’s thicker I wouldn’t trade the slide out real keyboard for less bulk. The evil Microsoft encourages people to write programs for it and there are thousands. I like taking videos. And working on spreadsheets. And being able to change memory cards when I fill one with video or want different music or to view other PDFs. I always carry an extra battery in my car for those times when I don’t make it home and still want a full charge. And I never have to worry about messing it up with software; if I ever do I can always do a hard reset and the phone goes back to the way it was when I first took it out of the box.

    Yes, think different. Think restricted. Think less useful. What are they thinking?

  28. Scott

    November 19th, 2007 at 12:08 pm

    Not sure about the IMEI number, but VPN services like http://www.Hotspotvpn.com and http://www.witopia.net will prevent them from tracking your IP address, browsing, and location.

  29. Jurado

    November 19th, 2007 at 12:52 pm

    itampon, from apple invisble string!

  30. Chris

    November 19th, 2007 at 1:29 pm

    I am in your iPhone watchin all your p0rns!

  31. Lee C.

    November 19th, 2007 at 1:38 pm

    Oh, that’s evil.

  32. Steve Jobs

    November 19th, 2007 at 1:40 pm

    NO! I am on the server watchin everyones pr0ns!

  33. Jacob

    November 19th, 2007 at 2:05 pm

    I’m with the people who point out that it’s normal. You are trackable. No avoiding that.

    Your Google searches are recorded, and (while I don’t know) your searches at other engines are too. A server-side program needs to know what you’re looking for in order to respond.

    Would anyone give a damn if it turned out Weather.com or AccuWeather recorded your weather searches, or Yahoo! Finance recorded your stock quote searches? Nope.

    Your ISP knows your router’s MAC address. Oh no! Let’s have a major national scandal!

  34. www.CARversation.com

    November 19th, 2007 at 9:18 pm

    damn damn damn that is insane and stupid.

« Previous post
Next post »