Monday, December 3, 2007

Is Apple collecting your iPhone usage data?

Edit: Now there is a conflicting story saying that IMEI information is NOT being sent.

It looks like Apple is tracking iPhone users data including IMEI number, IP address and stock quote preferences (amongst other things) through a hidden string in the Weather.app and Stocks.app iPhone applications.  This information is sent to "http://iphone-wu.apple.com/dgw?imei=%@&apptype=finance" (IP resolved "17.254.32.16").  See screenshot below for details.


From this information, Apple could build a profile on users.  Where they travel, where they spend their free time, where they work, where they invest their money, what they browse, etc etc.  Obviously most users would like to be able to control who has access to this information.  If they connect this data with the credit card that you used to purchase the iPhone (remember, you can't use cash anymore), they could build an even bigger profile on you.


Unfortunately, it doesn't look like you can doanything about it - though hackers are working on it now.  According to Uneasysilence.com, if you use an iPhone, you've already forfeited this right to privacy (from the Apple Terms of service):



When you interact with Apple, we may collect personal information relevant to the situation, such as your name, mailing address, phone number, email address, and contact preferences; your credit card information and information about the Apple products you own, such as their serial numbers and date of purchase; and information relating to a support or service issue.




Whether or not the backlash from this will cause Apple to change its policy remains to be seen.  However, there are alreadly lots of people deleting the Stocks.app and Weather.apps from their iPhones and donning their tinfoil hats. 



EDIT: IT looks like some Leopard applications behave in this manner as well.  A digg commenter found:



This is interesting to hear -- and I noticed something similar in OS 10.5 (Leopard):


For those of you who don't know what Little Snitch is, it tracks connections that any software makes to the internet (i.e. to "phone home") and allows you to block those connections. Imagine my surprise when I opened Calculator.app the other day and Little Snitch popped up asking if I wanted to block a connection that Calculator.app was attempting to make to "wu-calculator.apple.com". After looking through Calculator.app's source code, I figured out that it shares a little bit of code with the iPhone stuff... I'm seeing:


http://wu-calculator.apple.com/dgw?imei=APPLE&appt ...


Does anyone else notice the word IMEI in there? Yeah. That's what I thought. This could have bad implications -- but I believe that wu.apple.com may not be tracking us; I think that it may be providing support to applications needing dynamic conversion with changing ratios. Right below that IMEI line I found:


X-Client-ID%iApplication SupportCalculatorFinancialRates.xmlUpdate of currency conversion rates failed: %@


Which makes it look like apple is using it to do conversion stuff. But the fact that they use an IMEI is strange... unless they use it to determine where your phone is registered to give you the default conversion in your currency... Eh, or they could just be evil.







source

No comments:

eXTReMe Tracker