Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Is Apple Tracking iPhone Users Through IMEI?

Posted by CmdrTaco on Mon Nov 19, 2007 09:54 AM
from the putting-on-the-foil-hats dept.
Cellphones Businesses Privacy Apple
ariefwn writes ""As I sit here applying a new layer of Reynolds tin foil to my international hat of conspiracy, its been proven that Apple tracks iPhone usage and tracks IMEI numbers of all their iPhones worldwide. Hidden in the code of the 'Stocks' and 'Weather' widgets is a string that sends the IMEI of your phone to a specialized URL that Apple collects. I wonder if there will be any implications to owners of hacked iPhones..."
+ -
story

Related Stories

Submission: Is Apple tracking iPhone user through IMEI? by ariefwn (130137)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Is Apple Tracking iPhone Users Through IMEI? 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Yes, and the problem is? (Score:5, Informative)

    by LiquidCoooled (634315) on Monday November 19 2007, @09:57AM (#21407033) Homepage Journal
    You signed an agreement when you bought the device.

    When you interact with Apple, we may collect personal information relevant to the situation, such as your name, mailing address, phone number, email address, and contact preferences; your credit card information and information about the Apple products you own, such as their serial numbers and date of purchase; and information relating to a support or service issue.

    However people will expect this to be at manual support time and not all the time.
    • And if someone got it off eBay?

      • Re:Yes, and the problem is? (Score:5, Funny)

        by wattrlz (1162603) on Monday November 19 2007, @10:11AM (#21407257)

        And if someone got it off eBay?
        In that case they can probably afford to sue.
      • Then sue the person who sold it to you, duh.

        Same sort of problem as if a computer OEM doesn't give you the Microsoft EULA to peruse before running the pc for the first time.

        Btw OEM can actually bypass all that and just present the box ready to roll, they just have to put a sticker with about 20 lines of legalese on the invoice and get you to sign it (stating that you will read the EULA prior to operation), but I am guessing said e-tailer didn't do anything remotely like this.

        *sigh* another reason to love my
    • Well, the EULA I signed when I got Windows also says they'll monitor whatever information they want out of me. So, it's good to know that all of these companies monitoring all of my information is *completely* okay, and nothing to worry about!

      Of course, I dont use Windows anymore because of the EULAs. So Ill *also* continue not buying an iPhone, and everything will be fine.

        • Re: (Score:3, Insightful)

          by cadeon (977561)
          But you're still contributing to Microsoft's installed base, which isn't helping to fix the problem.

    • Re: (Score:3, Insightful)

      by tha_mink (518151)

      You signed an agreement when you bought the device.
      I don't think anyone signed an agreement to publish their stock watching habits to Apple though. Name? Sure...Email? No problem...All the stocks I'm watching? Um...no.
      • Who said anyone signed anything? I know that my local reseller doesn't make me sign an agreement or anything- hand over the cash, put in the SIM, run Installer.app (iPhone comes pre-jailbroken for the user's convenience; I'll never buy Apple stuff anywhere else) to install what I want, and I'm good to go.

        One of the many upsides to buying an iPhone in China.

  • Just a few more minutes... (Score:5, Funny)

    by mattgreen (701203) on Monday November 19 2007, @09:57AM (#21407051)
    I'm waiting for someone to respond with an eight page analysis of why this isn't really a big deal, complete with immaculate formatting and excellent grammar. Then everyone simply looks at the length of the post and says, "aha! see, it ISN'T a problem! Not that I read it all, but I'm with *this* guy!"

    Don't let me down.

    • Re: (Score:3, Insightful)

      by Sparr0 (451780)
      Well, not 8 pages but...

      Has anyone verified that the IMEI is actually inserted into that field in the URL when the widget runs? The author says he tried to not send the IMEI, but maybe it just sends a placeholder value, or nothing at all, by default? I want to see traffic logs of the actual request including the IMEI before I get angry and [continue to] not buy an iPhone.

      • Re: (Score:3, Insightful)

        by ThirdPrize (938147)
        It is probably just to make sure that only iPhones use that service. Or registered iPhones at least.
        • And according to a German security site, the ID is the same for every phone that was tested. Conspiracy hats off. Case closed.

          Maybe now we can discuss if the Kindle knows which pages you're lingering over and transmits suspicous activity to the NSA...
    • daveschroeder is putting the finishing touches on his message. He'll post it shortly. : p

    • Re:Just a few more minutes... (Score:5, Funny)

      by ironwill96 (736883) on Monday November 19 2007, @10:03AM (#21407157) Homepage Journal
      Ok here goes.

      This

      isn't

      really

      that

      big

      of

      a

      deal.

      I'm feeling better already, what about you?
    • You could just read all the comments [slashdot.org] about Blizzard's Warden program for WoW, as they will likely be strikingly similar.

    • Re: (Score:3, Informative)

      by daveschroeder (516195) *
      Sorry, the idea of what is essentially a hardware device serial number being used to "track" anything at all, other than perhaps the fact the device is actually an iPhone, was to stupid for even me to grace with a response. ;-)

      This post [slashdot.org] sums it up quite nicely, though.

        • Re:Just a few more minutes... (Score:4, Informative)

          by Anonymous Coward on Monday November 19 2007, @11:44AM (#21408673)

          The problem is the IMEI allows for SIM cloning, which is why you should *never* give it out.. it's unique to your SIM and used for billing etc.

          So iphone broadcasts it unencrypted via wi-fi.. and you're not bothered?
          The IMEI is unique to your phone, not your SIM, and isn't used for billing.

  • Well... (Score:5, Funny)

    by abaddononion (1004472) on Monday November 19 2007, @09:58AM (#21407059)
    At least it's Apple tracking you, not AT&T?

    Wait...

  • Tracking what? (Score:2, Insightful)

    by Anonymous Coward
    Exactly what are they tracking though? My location, my history, my music? What?!

    • Re:Tracking what? (Score:5, Informative)

      by tgd (2822) on Monday November 19 2007, @10:17AM (#21407345)
      Nothing, its a device serial number... not associated with your SIM and therefore not with your account. It proves its an iPhone to the webservice. Not much more.

      Bet I get modded down for saying it though :)
      • Well, they know who bought the handset, so they do know who owns the IMEI in question. And, unlike sim cards, you can't change your IMEI easily (or possibly at all - it's a crime to do so in some countries). So if they wanted to, they could trace pretty much everything you did. But then AT&T can do that (and much more), so people worrying about this when AT&T is poised to rape their data seems a bit silly :)

        • Re:Tracking what? (Score:5, Insightful)

          by DaggertipX (547165) on Monday November 19 2007, @12:46PM (#21409649) Homepage
          This just in - every time you make a call, AT&T knows what iPhone that call came from. EVERY. SINGLE. TIME.

          Oh wait... that's normal. Tinfoil hats are jumping at peoples heads these days like headcrabs in Half Life.

          • Re: (Score:3, Informative)

            by Lars T. (470328)

            heise confirmed that they are not sending the IMEI!!!!!
            http://www.heise.de/newsticker/meldung/99220 [heise.de]

            Errm, poor AC is still at 0 despite saying the truth. Mod up. Translated quote:

            The obvious suspicion that the IMEI of the phone is actually transmitted with each inquiry could not be confirmed by the tests heise Security did. Although a number actually was found in the HTTP requests to the Apple server they were not the IMEI of iPhones. Moreover, the weather applet sent a different "IMEI" in its query than the Exchange applet.

            IOW evil Apple sends an HTML request with the string "imei" in it, not the IME

  • iPod Touch (Score:5, Funny)

    by jolyonr (560227) on Monday November 19 2007, @09:59AM (#21407073) Homepage
    Of course, if I happened to be running the Stocks and Weather applications on my iPod Touch it wouldn't have an IMEI number to send, would it? Not that I am running those applications on my ipod, because that of course isn't allowed.

    Jolyon

    • Re: (Score:3, Funny)

      by rvw (755107)

      Of course, if I happened to be running the Stocks and Weather applications on my iPod Touch it wouldn't have an IMEI number to send, would it? Not that I am running those applications on my ipod, because that of course isn't allowed.
      Well it could send the serial number instead of the IMEI.
    • I don't know if it is an IMEI but when you sort things like stocks you want to watch or personalized weather as well as weather local to your direct vicinity, it has to send something to identify who your are and likely the your location. So I guess the question is, does this information need to identify the person, is there any way around that and does apple in fact store it? If so for how long and why?

      I'm not even sure this is a bad thing. It all depends on the stuff we don't know yet. To some, anything i
      • The weather sites and Stock site preferences could easily be set in your phone's preferences, or your phone could request a "local weather" forecast by sending the local zipcode (perhaps gleaned from the Cell-towers). There is no reason why they would need to know "User XYZ is in denver, and wants to know what the weather looks like" or "User ABC is in Hawaii, and wants to know his current stocks".

      • Re: (Score:3, Interesting)

        by jacksonj04 (800021)
        Stocks and weather (Along with Maps) don't self-localise, you need to tell them what you want. In addition, it'd be far easier for the phone to send its base station number(s) as position info, since sending the IMEI involves the application server contacting the network provider to ask where the phone is, rather than just looking up the base station number in a local table.
  • Most closed devices (e.g. consoles that have online stores), or phones, or pay-per-view boxes would be quite within their rights to send a device identifier with the request. In the case of a phone, that would be the IMEI.

    The moral here, is perhaps not to buy songs from Apple in the first place if it bothers you. Amazon.com sells music in MP3 format and you can use it any way and in any device you please.

  • AT&T could send Apple whatever they wanted to know about usage and location.

    What else is there to know about your iPhone? Oh yeah, software version, but that's trivial to find out.

    Just when I'm looking to replace T-Mobile as my GSM provider, I'm pretty well stuck with the competition that is eager to drop their shorts and give whatever is asked for to whoever asks for it. Except me, of course.

    Well, time to go 'negotiate' with T-Mobile. Bleagh.

  • That's iMEI !
    Like all others Apple iThings.

  • apple the broker? (Score:3, Interesting)

    by erikkemperman (252014) on Monday November 19 2007, @10:09AM (#21407223)
    While I'm not an economist or stockbroker, it seems to me that if apple knows which shares iphoners are most interested in, at a given time, this is extremely valuable information, e.g. to spot trends. Can't be bothered to read the user-agreement (have no iphone) but curious to know whether it gives apple the right to sell this data on to large brokers or even act upon the intel themselves?

  • more benign? (Score:5, Interesting)

    by datapharmer (1099455) on Monday November 19 2007, @10:11AM (#21407259) Homepage
    Ever think maybe there was a more benign reason for this? Like to perhaps help in the retrieval of a stolen phone? Granted, it is probably not great for privacy, but if explicitly disclosed a savvy phone stealer could just disable or modify the apps. *This by no means excuses apple's privacy violations.

    • Re: (Score:3, Insightful)

      by jdc180 (125863)
      IIRC the carriers in the US could care less about retrieving a stolen phone. They could use GSM to lockout stolen phones, but don't. I'm sure apple doesn't either.
      • Maybe not in the US, but they certainly do in the UK. Stolen IMEIs are put on a blacklist and the blacklist is checked when the phone attempts to register with the network. The same blacklist is shared amongst all the network operators.

        There was talk about extending this blacklist to other countries, but I don't know how far it is down the line.
  • So, should people start wrapping their iPhones in tinfoil?
  • After all, they do share the same code base. So it won't shock me if Apple is doing something similar there via the MAC address of the WiFi chipset.

  • Get your facts straight... (Score:5, Funny)

    by LWATCDR (28044) on Monday November 19 2007, @10:16AM (#21407337) Homepage Journal
    "As I sit here applying a new layer of Reynolds tin foil to my international hat of conspiracy,"
    Reynolds doesn't make tin foil. They make aluminum foil! There is a big difference between Tin and Aluminum!

  • Tracking? (Score:5, Informative)

    by nickovs (115935) on Monday November 19 2007, @10:29AM (#21407515)
    There's a substantial difference between receiving information and tracking people. Do the land-line phone companies "track" the calls you make? Sure, they use it to send you a bill, but most people don't seem to think it's a privacy violation. The author does not, as he claims, have "proof" that Apple track iPhone users, simply that they have the wherewithal to collate information about the services used by people if they could be bothered.

    The IMEI number is there to facilitate identifying mobile devices to the Public Land Mobile Network (PLMN) for the purpose of charging for services. Your IMEI goes out every time you connect to the EDGE network or any GPRS service anywhere in the world, and is (and always has been) logged by the phone company, irrespective of what brand of phone you have. It's always been possible for the phone company, or anyone with the right data sharing relationship with the phone company (e.g. Apple), or the police with a court order, or the CIA/FBI/KBG/MI6, to link this to the IP address assigned to the mobile device, and from there to server logs. People who worry about this shouldn't just be wearing tin-foil hats, they should be putting tin foil around their phones too.

    • Re:Tracking? (Score:5, Informative)

      by kybred (795293) on Monday November 19 2007, @10:58AM (#21407949)

      The IMEI number is there to facilitate identifying mobile devices to the Public Land Mobile Network (PLMN) for the purpose of charging for services.

      No, that would be the IMSI [wikipedia.org]. The IMEI [wikipedia.org] just identifies what equipment you are using.

  • simple solution (Score:5, Funny)

    by eck011219 (851729) on Monday November 19 2007, @10:33AM (#21407583)
    Just use your phone in a Faraday cage, and they can't track you at all.

  • Just change it... (Score:4, Interesting)

    by javab0y (708376) on Monday November 19 2007, @10:40AM (#21407693)
    The Apple IMEI is TEA encrytped according to the phone's hardware ID and NOR ID. Both of these numbers can be found with a few tools found at iphone-elite.org. The IMEI lives at 0xA003FAB00 address. All you need to do is write out your seczone (0xA003FA000), TEA encrypt a nice Motorola RAZR IMEI number at offset 0xB00, and write it back to your NOR...and voila...your iPhone now looks like a Motorola RAZR.

  • do you think just maybe it's not all bad news (Score:3, Interesting)

    by Locutus (9039) on Monday November 19 2007, @10:48AM (#21407811)
    Maybe they just mesh the IMEI number with location data provided by the GPS and/or AT&T to give you weather information based on where you are located at the time. Ever seen the ad where Google is used to find local eating joints? Don't know about you but I did not see any kind of location information getting entered and so some kind of location info is getting used.

    And you know that every ISP keeps records on what phones ping what cell towers and your ISP( AT&T ) already is known to have been very willing to hand out cell records.

    So get a pre-paid phone at Walmart if you want to limit your track-ability. After all, getting a "smart" phone from Apple with all the locked down and tied to Apple features isn't a clue that they just might track things? I hope you don't touch anything running Microsoft code.

    LoB

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.