“What’s next, they read your email too? Now who thinks I’m crazy?” … “While some may see them as the crazy ones… we see genius!”

Personally, while I do value my privacy more than the average bear, there are too many companies/organizations that already track everything I do to truly care about Apple knowing which stocks I own.

Did you get a packet sniffer to confirm your suspicions? Would it be possible to use DNS on the iPhone to block access to the url without breaking the apps?

they know when you are sleeping, they know when you’re awake, they know when you’ve been bad or good, so be good for goodness sake…….. wow who knew Christmas songs were actually about big corporations? oh wait………. Christmas is the big shopping holiday……… damn where have I been………….

Okay, before this starts arguments, I’ll say “yes, I do wish companies didn’t track my every move. I value my privacy and will use most any tool/method to keep it”

That said, Dan, you’re right: what else do they track? But I’ll modify your question a tad, what else CAN they track? Moreover, what else can they track that isn’t being tracked already?

Yah but wait how could they track a hacked imei if you can’t access weather and stocks with it what dies it help them

I’m with Adam and Ian, I kinda assumed that Apple was tracking such information but it seemed to sting a bit when I saw this. As Apple does with OS X, they track how you use the operating system (install Little Snitch if you want to see how often bits of OS X phone home).

I would like to think that this is about usability in the spirit of making the OS better, it still sucks. Like Google, Apple can probably tell you just about everything I do online due to this kind of reporting. With GOOG, I can turn of cookies thanks to Safari. And with my Mac, I use Little Snitch, but with my iPhone, I can’t turn of privacy-invading things like this.

It bothers me, but I don’t know what I can do about it. I’m sure Apple knows that I’ve opened my iPhone to 3rd party apps….I just wish there was one that worked like Little Snitch. I’d definitely buy *that* 3rd party app.

Google already reads my email (and possibly yours). Don’t you trust Steve more than “the Google?”

If it makes them happy go for it. Yeah they can know if I like a stock who cares. But just in case you did not know if you are being tracked every time you use and web. Every site you visit knows more about you then you might think like your: IP#, ISP, Web Browser, Language and oh so much more.

This is a interesting article, its a little concerning that Apple is collecting this data although you may have agreed in their TOS however I cant see how this information relates to the service or the support of the device.

I’m sure we’ll see more code popping up soon where Apple is also collecting data from :(

This is the proof that will make me NOT get an iPhone. To those that use the excuse “my information is aready being tracked elsewhere so i don’t care what apple tracks”, are you kidding me? This is your privacy, you need to fight for it and only explicitly allow information about you to people/organisztions you trust! Im shocked that so many of you guys/gals are ok with this!

Shame Shame!

Why is it a privacy issue for them to theoretically know which cities you’re looking up the weather for? Or which stocks you are looking up? This is REALLY stretching to create an issue where there isn’t one. Even if you’re going to pretend (for the sake of argument) that Apple is evil and is doing something wrong here, what good could this information possibly do for them (or anyone else)? Nope. There’s nothing for a sane person to see here.

UHH, IMIE stands for “International Mobile Equipment Identity.” Isnt the entire reason why IMEI was built into both the physical and digital piece of GSM/UTSM phones so that companies could control service access? If you’re on a stolen phone or a phone that has not paid for the service, Apple has a right to know.

The only evidence you have hear is that Apple sends the IMEI number to their server when you are using the service. THATS HOW GSM/UTSM WORKS. There is absolutely no evidence to suggest that Apple keeps your IMEI number and stock viewing habits together and examines them.

If you want to try to be a legitimate investigator and not just go for the cheap Digg, maybe try shooting Apple an e-mail before making accusations? Or at the least try using an acronym reader or Wiki? Blogs have a lot of impact, and when you start carelessly stepping on peoples toes you’ll find yourself in trouble and I wont have much sympathy.

Clearly, in order to get Stock or Weather information on your iPhone, you need to:
1. Send the town whose weather you are interested in, or the stock codes you want data for
2. Have access to a source of data. This data is supplied by a third party (Yahoo?) who presumably charges Apple for access to this data (after all, normally you’d be served banner ads when you looked this up on Yahoo’s site).
So the only question is — why the IMEI?
Possibly because their licensing deal with Yahoo is per-customer, and they need a unique customer ID to determine how much Apple pays Yahoo?

Still, that’s not as exciting as OMGAPPLESTEALSYOURBRAINMEATSLULZ! which, you know, probably ranks higher on Digg.

BS

Apple can do what ever the hell they want, the made an awesome phone!

also imei could mean anything your just surmizing!

I dont get it?

You guys are actually surprised by this?

Well you obviously didn’t read your License Agreement, which informs you about that!

Oh Yeah, if Apple even tells you about it, which it did its not Secret!! So change the Headline

“The imei=%@ is just a placeholder”…

So really we need to see the contents of @ on the phone (or a packet capture of the GET request, with the IMEI in it) and compare it with the phones actual IMEI to conclude that they send the IMEI

Before you start worrying about what info they’re taking from your phone, why don’t you try and see what the “IMEI” field is actually being filled with first? Even so, it’s not THAT big of a deal. If they were sending the contents of your address book or your most frequent contacts then you might have something to worry about.

Now, I HAVE to put my email address in to leave a comment. I’ll put my aluminum hat on…..

Who F-ing cares. If you’re dumb enough to save your stock trading habits on yahoo.com, who cares if Apple has the IMEI of your phone. Jackasses, its all or nothing. You think yahoo doesn’t know who you are and where you live?

Think about it.

Do you REALLY think Apple cares about you as an individual user? It’s just usage statistics, guys. Every website on the planet gathers them. Whenever you visit Yahoo! Finance or Google Finance to look up tickers, those sites are very, very likely logging your IP address and what page you’re on.

Apple doesn’t give a crap what stock tickers you’re looking up. They’re not keeping some massive database of IPs and ticker symbols associated with user’s iPhones so that they can narc you out later.

You certainly have a big ego if you think that you, as a customer, are so important that Apple cares about you as an individual. They only care about their entire customer base as a whole - just like any other company.

People are so damn paranoid. It’s ridiculous.

Umm.. An IMEA is a International Mobile Equipment Identifier which is used by networks to identify valid devices. If your phone is stolen, the network provider can block the phone from the network using this IMEA. Maybe working out why it’s being used would be wise, rather than creating FUD with headlines such as this one.

really? this totally sucks, I’m never buying an iPish now!

A rule of thumb that was introduced years ago, when the internet was just starting to become popular with the hoi polloi:

“Never do anything on the internet that you don’t want the whole world to know.”

Somewhere, out there in cyberspace [cliche], there is an archive of that little sniglet you uttered twelve years ago, on some usenet newsgroup, concerning sex and sock-puppets. I won’t mention names — you know who you are. :)

So, how does Apple collecting information about your stock picks stack up to the trail of debris that you’ve already dropped.

Another way of looking at it: A-How often do you drop a figurative bread-crumb (it’s probably way more than you think)? B-How many other users are doing the same?

AxB = unmanageable amount of individual datapoints

This type of info is only useful for measuring trends. There are too many streams of information for Apple to be concentrating on at any single one.

“But what about filtering the data for ‘red-flag’ items?” Well, yeah, there is that. But, if “they” were really interested in prying into your personal affairs, they could have amassed an encyclopedia sized dossier of your personal info already — from other sources — and “they” probably have. (note: see first sentence) Unless, of course, you’ve never used an internet connected device before — then it’s only a dictionary-sized dossier. ;) If you really had anything to worry about, you’d already be seeing unmarked helicopters over your house and car by now. Or visited by men in dark suits, with big guns, at 3 in the morning.

Does that mean you shouldn’t be concerned about invasion of privacy? Heck, no! I’m saying you should always watch what you do on the internet, because the whole show is being recorded for posterity.

Just don’t sweat the “normal” stuff.

This is on topic, but not exactly about Apple and IMEI. In fact it is not about IMEI at all, but I thought for some who are posting on this thread, they may find this interesting if they already don’t know.

For those that are doing this, cool, but for those who are not, look into it.

Look into HOST files and HOST file managers.

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, when the computer checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

I am not anything close to a security expert, and I am not an iPhone owner, but it seems to me, that in general, we need to start taking back control over what our computers/accessories do.

I currently have it that no ads/banners/google ads are showing up and feel somewhat confident that my actions are not being monitored by the standard culprits. If the NSA wants me, I realize that is something totally different, but as of now, I’m pretty sure they’re not interested in me.

I’m totally aware that there is a lot more that I need to learn/figure out, but we have to start somewhere.

This seems pretty benign. The info on the iPhone is just a stock symbol. It does not say if I own the stock or how much I own. Yahoo and Google Finance have the same info.

It seems this is being blown way out of the water.

I am very surprised to hear this. Why would they do this?

Oh, brother. See, there are true, legitimate concerns of invasions of privacy that we SHOULD be worried about. And then there are paranoid schizos who freak out over things like this, and make the rest of us who go after legitimate privacy concerns out to be paranoid schizos, too.

So Apple knows my IMEI. Like they don’t already know the IMEI of the phone I bought when I paid with my credit card at their store? And what are they going to do with this sacred information? Track my sleeping habits? Determine whether or not I’m truly patriotic and loyal to the state? Does having a specific IMEI mean I could be a terrorist?

As for the widgets passing along what stocks I’m interested in… well, duh. The app is contacting a web page and retrieving the specific info I’m asking for, and to do that, it has to TELL the server what stocks to retrieve information from. Calling this an invasion of privacy is tantamount to accusing uneasysilence of invading my privacy every time I ask it to display an article, and my browser passes along the article ID to the server… it HAS to do this so that the site knows what information I want to see.

Make sure your foil hat is on secure, buddy. You need it, so the pilots of Steve Jobs’ black helicopters can point, and laugh.

Let the Apple fanboys come out of the cage now.!!!
I wonder what all you apple fanboys would have said if it were Microsoft doing this. I am pretty sure it will definitely not be “In Apple’s defense, …………”.(replace apple with microsoft)
Wake up and smell the roses people, Apple isn’t worth the pedestal that you’ve put the company and its products on.

Ha! Wait until you hear about what EFI on IntelMac’s can do!

It’s a powerful firmware level that can contact the internet all by itself, download/upload, read hard drives and record keystrokes and passwords. Your OS doesn’t even know!!!

Apple is very bad when it comes to privacy.

Just about every app Apple makes contacts them for some “reason” or another for data mining purposes. For instance every time you launch iTunes to “check for purchases?”‘ Really? is that necessary? What happened to the menu command to search manually? How about AddressBook checking for a .Mac account when you don’t even have one? Oh yea baby you better believe it. Sure LittleSnitch can stop the OS level outcalls, but how about EFI?

One has to install the rEFIt toolkit to keep a eye on whats installed in EFI.

Apple assumes because the internet is tracking everything we do and we come to accept that because so many people are ignorant to stop the tracking parasites with privacy software or a hosts file that they can do that too.

Really, who the hell teams up with NSA/Cisco and NSA/AT&T and Intel/EFI/TPM anyway unless they are one of them too?

Oh, wait! I need to supply my name and email address in order to post a comment on this weblog. Invasion of privacy!

Killeroid, if Microsoft did this I’d have the same concern that I have with Apple doing it — very little. The fact that an application interacts with a server at Apple is par for the course — if you want to use web apps you give up some data. It’s what sort of data they collect and how they use it that counts and no one knows the answer to this question. Does anyone seriously think that your cell phone usage isn’t tracked by Verizon, Sprint, AT&T, etc.?

Privacy is dead.

Yer an idiot dude. Did you ever consider getting a clue before publishing stupidities? Did you consider the fact that maybe, just MAYBE if this is actually true, that the IMEI information could be used to send back where you are to the phone so that it displays the weather where YOU are correctly, or maybe it relays things back to the phone in the proper context such as what time zone you are in? All the IMEI does is identify the phone and that can be used to link to the cell tower you are currently calling from to get that time/date/location info. So if this were in fact the case, Apple did it to increase the usability of the phone and do things the “right” way rather than the half-assed way. Get a clue man…

Has anyone actually seen this code being called? Any packet captures to prove that it runs every time you open the Stocks app? Is it possible that it’s debugging code or crash QA code?

Yea, they might be tracking your usage, but again you all did agree to it when you accept the EULA. So either deal with it or dont use it.

Could you please remove the word “proof” from your headline or sniff the traffic and show that your IMEI of your particular iPhone is sent out to Apple?

Big stink about Apple, but you think it’s OK to ask me for my email address on your blog comments?

Look, Apple already have all my details, and far more of them than my stocks - when I signed up, I was required to give them my credit card, address, phone number, blah blah blah.

This is stupid. Get a life.

Or maybe they simply use the IMEI to validate that a request is coming from an iPhone, so other people don’t “steal” their datafeeds.

I can confirm that this is ACTUALLY sending your IMEI over the wire to Apple. A simple tcpdump or wireshark packet capture will show you this :

10:38:47.462773 IP (tos 0×0, ttl 64, id 15523, offset 0, flags [DF], proto TCP (6), length 339) 10.0.2.2.50071 - wu.apple.com.http: P 1:300(299) ack 1 win 65535
E..S.@.@…
….. ….P…9h.coP….x..POST /dgw?imei=XXXXXX-XXXX-XXXX-XXXX-XXX

(Obviously I blocked out my IMEI with X’s)

Actually Its very simple. Most webservices like this use some kind of authentication. Same as google that Uses an App Key for you to access their Webservice.
In apple’c case they have decided to use the IMEI number. If they dont do that I can tomorrow Create a Java app for any phone that accesses stock quotes from Apple’s server. By getting the IEMI Number Apple can ensure that a particular phone is accessing their service is an Iphone.

There is another potential use for this … shutting down the phones of off-network users. Whenever you make a call on a cellular network all of your data is saved by the carrier, including IMEI. All Apple has to do is run a scan to correlate data requests with network usage and create an exception report listing all data requests received when the phone wasn’t registered on an AT&T network. Next they simply send out a brick signal to all phones on that list the next time a data request comes through.

What I don’t understand is the fierce loyalty that Apple users have to a company that treats them so poorly. True, the iPhone is much sexier and thinner than my 2 year old MDA. But the MDA does much more. Even though it’s thicker I wouldn’t trade the slide out real keyboard for less bulk. The evil Microsoft encourages people to write programs for it and there are thousands. I like taking videos. And working on spreadsheets. And being able to change memory cards when I fill one with video or want different music or to view other PDFs or whatever. I always carry an extra battery in my car for those times when I don’t make it home and still want a full charge. And I never have to worry about messing it up with software; if I ever do I can always do a hard reset and the phone goes back to the way it was when I first took it out of the box.

Yes, think different. Think restricted. Think less useful. What are they thinking?

I’m a apple user, but I must say this practices are very Micro$oft style… apple should be more carefull with the way they treat their users. They starting to have the same monopolic dreams. Also, I hate the iphone and every phone that allows my clients to reach me every time they wat, so this is another excuse for me to avoid having one.

“What’s next, they read your email too? Now who thinks I’m crazy?”

Well Gmail already read your email and everyone is pretty satisfied about it.

And ATT has the list of all the websites you’re visiting, which certainly worth more marketing money than the weather in your city.

Start Tracking Microsoft stocks on IPhones with Weather In Seattle

For those who asked: the name of the hex editor is 0xED. You can find it here:

http://www.apple.com/downloads/macosx/development_tools/0xed.html

Bye :)

Hex Editor appears to be 0xed ( http://www.apple.com/downloads/macosx/development_tools/0xed.html )

How exactly are “corporations” supposed to provide goods and services that people actually want if they don’t have metrics and some sort of tracking measures to narrow down selections?

Simply loading any URI gives a wealth of info to the server, and log analysis tools, and maybe some data mining via cookies/user agents/IP address, platform choices et al. How else will a company know to target Mac browsers that are the majority of their viewers without studying who is connecting?

How do you figure out what to improve on if you don’t know what people are really doing with your site/service?

If you hate corporations so much STOP BUYING THINGS, UNPLUG. Geeze.

“We dodged a bullet on 9-11 by electing a war president instead of an Apple fanBoy, and now we can all rest easy knowing just how safe we are. Lucky us.”

is this guy serious?? lol, what a clown.

this whole thing is just ridiculous.

Why, hell Digg! Welcome to UNEASY.

Meh - dont care. By the way I own some LVLT and IEGAX.

This is just the TCM chip that they denied was in their hardware until people in Japan and Germany took it apart and proved it was there.

Then they claimed that it was part of the Intel Reference Design and that OSX did not access it. Until people in the x86 project disassembled the code that proves that OSX most certainly does access it and reports your information to Apple and hooks to allow execution of code, regardless of your settings.

Then Apple said, well it’s all in the EULA and you all agreed to it.

Just like Vista reporting the sites you visit, the programs you have installed, your unique ID and installing remote code regardless of you settings.

The answer is clear - open source.

After all, Jobs won’t let me read *his* bank account info.
Bill Gates won’t let me install code on *his* computer.

Demand the same rights rich people have.

“Now all we know is that information is being exchanged and we are not sure exactly what.”

Wow, way to go champion! So, information is being exchanged between Apple servers and Safari on iphones? You big meanies Apple boys. Guess what? I just found that when i performed a research on Google, my browser actually sent information to Google servers : http://www.google.com/search?q=dumb
OMGZ!! I have the feeling that the web just… exchanges info between servers and browsers… That’s creepy by design!!

Well I don’t know where uneasysilence is located, but in most countries, what this article is doing is called slandering, and it is not quite legal. You can’t go and hit a company’s reputation based on variable names found in the query part of a URL. This article is a whole piece of garbage. I hope you’re enjoying the major traffic bump it led to, though.

How many of you own a store card? Now that’s big brother, not apple.

F*** THAT, I’m going to pay money to my phone company so they can “monitor” what I do? He’ll no!! Why are so many people ok with this? So sad to see we have accepted the fact that other people can know our personal business , and are so used to it , they think it’s normal and just accept it. Wake up and reprogram your brain!!!! What I do in my home on my phone or PC, that I paid for, is my business and It should be PRIVATE!!!! Does anyone agree or disagree?

For the record, Apple doesn’t know about Safari browsing done on an iPhone. I verified this with a packet sniffer. It seems that only the built-in apps (stocks, weather, etc.) communicate with an Apple server (wu.apple.com) on port 80.

Regarding the string called “imei”, sent via POST. It is not sending the 16-digit decimal IMEI number, at least not in the clear. It appears to be sending 16 bytes of hex. Maybe it’s an encrypted IMEI, but it’s hard to know.

To me, it’s interesting from an application standpoint to see how these apps work. The tin foil conspiracy angle is oh so silly.

It’s understandable that concern exists about what is done with ‘gleaned’ data that potentially identifies individual users. That information is being harvested for some purpose. I would figure, that’s the intent behind the name, “Knowledge Ventures.”
I think the fear is of arbitrary actions taken in individual cases and determinations that could introduce prejudice to privately undertaken projects.

Time to setup a cron that pings that URL until they get sick of you and block your IP!

what a shame i thought only microsoft is acting like this. is this legal? i don`t think that this is legal in the EU for example.

I would like to trace the imei no of cell phone no 00923003476173 persons name ayesha khawar in karachi Pakistan