Is Apple Tracking iPhone Users Through IMEI?

← Back to Stories (view on slashdot.org)

Is Apple Tracking iPhone Users Through IMEI?

Posted by CmdrTaco on Monday November 19, 2007 @02:54AM from the putting-on-the-foil-hats dept.

ariefwn writes ""As I sit here applying a new layer of Reynolds tin foil to my international hat of conspiracy, its been proven that Apple tracks iPhone usage and tracks IMEI numbers of all their iPhones worldwide. Hidden in the code of the 'Stocks' and 'Weather' widgets is a string that sends the IMEI of your phone to a specialized URL that Apple collects. I wonder if there will be any implications to owners of hacked iPhones..."

49 of 218 comments (clear)

Min score:

Reason:

Sort:

Yes, and the problem is? by LiquidCoooled · 2007-11-19 02:57 · Score: 5, Informative

You signed an agreement when you bought the device.

When you interact with Apple, we may collect personal information relevant to the situation, such as your name, mailing address, phone number, email address, and contact preferences; your credit card information and information about the Apple products you own, such as their serial numbers and date of purchase; and information relating to a support or service issue.

However people will expect this to be at manual support time and not all the time.

--
liqbase :: faster than paper
1. Re:Yes, and the problem is? by wattrlz · 2007-11-19 03:11 · Score: 5, Funny
  
  And if someone got it off eBay? In that case they can probably afford to sue.
2. Re:Yes, and the problem is? by jamar0303 · 2007-11-19 03:38 · Score: 2
  
  Who said anyone signed anything? I know that my local reseller doesn't make me sign an agreement or anything- hand over the cash, put in the SIM, run Installer.app (iPhone comes pre-jailbroken for the user's convenience; I'll never buy Apple stuff anywhere else) to install what I want, and I'm good to go.
  
  One of the many upsides to buying an iPhone in China.
  
  --
  OSx86 FTW
3. Re:Yes, and the problem is? by cadeon · 2007-11-19 03:51 · Score: 3, Insightful
  
  But you're still contributing to Microsoft's installed base, which isn't helping to fix the problem.
4. Re:Yes, and the problem is? by tha_mink · 2007-11-19 05:21 · Score: 2, Insightful
  
  You signed an agreement when you bought the device. I don't think anyone signed an agreement to publish their stock watching habits to Apple though. Name? Sure...Email? No problem...All the stocks I'm watching? Um...no.
  
  --
  You'll have that sometimes...
5. Re:Yes, and the problem is? by Worminater · 2007-11-19 06:10 · Score: 2, Insightful
  
  do you think possibly he has a different phone than you? an n95 possibly? Or maybe you already climbed back under your bridge.
6. Re:Yes, and the problem is? by Swift2001 · 2007-11-19 10:25 · Score: 2, Funny
  
  Yeah, and who cares about that totalitarianism stuff. At least your iPhone is free!
Just a few more minutes... by mattgreen · 2007-11-19 02:57 · Score: 5, Funny

I'm waiting for someone to respond with an eight page analysis of why this isn't really a big deal, complete with immaculate formatting and excellent grammar. Then everyone simply looks at the length of the post and says, "aha! see, it ISN'T a problem! Not that I read it all, but I'm with *this* guy!"

Don't let me down.
1. Re:Just a few more minutes... by Sparr0 · 2007-11-19 03:03 · Score: 2, Insightful
  
  Well, not 8 pages but...
  
  Has anyone verified that the IMEI is actually inserted into that field in the URL when the widget runs? The author says he tried to not send the IMEI, but maybe it just sends a placeholder value, or nothing at all, by default? I want to see traffic logs of the actual request including the IMEI before I get angry and [continue to] not buy an iPhone.
2. Re:Just a few more minutes... by ironwill96 · 2007-11-19 03:03 · Score: 4, Funny
  
  Ok here goes.
  
  This
  
  isn't
  
  really
  
  that
  
  big
  
  of
  
  a
  
  deal.
  
  I'm feeling better already, what about you?
  
  --
  "To strive, to seek, to find, and not to yield." - Tennyson
3. Re:Just a few more minutes... by ThirdPrize · 2007-11-19 03:22 · Score: 3, Insightful
  
  It is probably just to make sure that only iPhones use that service. Or registered iPhones at least.
  
  --
  I have excellent Karma and I am not afraid to Troll it.
4. Re:Just a few more minutes... by daveschroeder · 2007-11-19 03:53 · Score: 2, Informative
  
  Sorry, the idea of what is essentially a hardware device serial number being used to "track" anything at all, other than perhaps the fact the device is actually an iPhone, was to stupid for even me to grace with a response. ;-)
  
  This post sums it up quite nicely, though.
5. Re:Just a few more minutes... by mattgreen · 2007-11-19 04:07 · Score: 4, Funny
  
  You, sir, win, by not only failing to bite at my semi-troll, but actually having a laugh yourself.
  
  Well-played.
6. Re:Just a few more minutes... by bolo1729 · 2007-11-19 04:21 · Score: 2, Informative
  
  Has anyone verified that the IMEI is actually inserted into that field in the URL when the widget runs?
  From the article: Any attempts to modify the URL to exclude the IMEI information will not allow you to retrieve any information in the "Stocks" and "Weather" apps.
  It seems that the author did...
7. Re:Just a few more minutes... by Valiss · 2007-11-19 04:42 · Score: 5, Funny
  
  I didn't read the whole thing, but I'm with that guy.
  
  --
  
  -Valiss
8. Re:Just a few more minutes... by Anonymous Coward · 2007-11-19 04:44 · Score: 4, Informative
  
  The problem is the IMEI allows for SIM cloning, which is why you should *never* give it out.. it's unique to your SIM and used for billing etc.
  
  So iphone broadcasts it unencrypted via wi-fi.. and you're not bothered?
  The IMEI is unique to your phone, not your SIM, and isn't used for billing.
9. Re:Just a few more minutes... by naetuir · 2007-11-19 05:22 · Score: 2, Insightful
  
  Before I say this: I am an apple fanboi. I own an iPhone, iPod and my main computer is a MacBook Pro.
  
  That said..
  
  If M$ did this, there would be a shitstorm of the century.
  
  Apple isn't much (if any) better than M$. It's all in the perception of the people.
  
  I'll take the cute and cuddly overlords over the sharp and harsh ones anyday.
  
  --
  Use what works.
Well... by abaddononion · 2007-11-19 02:58 · Score: 5, Funny

At least it's Apple tracking you, not AT&T?

Wait...
1. Re:Well... by Typoboy · 2007-11-19 03:28 · Score: 2, Funny
  
  Right, AT&T has no possible way of tracking you, where you are, which cell tower you are talking to, etc.. oh wait </sarcasm>
Tracking what? by Anonymous Coward · 2007-11-19 02:58 · Score: 2, Insightful

Exactly what are they tracking though? My location, my history, my music? What?!
1. Re:Tracking what? by tgd · 2007-11-19 03:17 · Score: 4, Informative
  
  Nothing, its a device serial number... not associated with your SIM and therefore not with your account. It proves its an iPhone to the webservice. Not much more.
  
  Bet I get modded down for saying it though :)
2. Re:Tracking what? by dave420 · 2007-11-19 03:43 · Score: 2
  
  Well, they know who bought the handset, so they do know who owns the IMEI in question. And, unlike sim cards, you can't change your IMEI easily (or possibly at all - it's a crime to do so in some countries). So if they wanted to, they could trace pretty much everything you did. But then AT&T can do that (and much more), so people worrying about this when AT&T is poised to rape their data seems a bit silly :)
3. Re:Tracking what? by DaggertipX · 2007-11-19 05:46 · Score: 4, Insightful
  
  This just in - every time you make a call, AT&T knows what iPhone that call came from. EVERY. SINGLE. TIME.
  
  Oh wait... that's normal. Tinfoil hats are jumping at peoples heads these days like headcrabs in Half Life.
4. Re:Tracking what? by Lars+T. · 2007-11-19 08:22 · Score: 2, Informative
  
  heise confirmed that they are not sending the IMEI!!!!!
  http://www.heise.de/newsticker/meldung/99220
  Errm, poor AC is still at 0 despite saying the truth. Mod up. Translated quote:
  The obvious suspicion that the IMEI of the phone is actually transmitted with each inquiry could not be confirmed by the tests heise Security did. Although a number actually was found in the HTTP requests to the Apple server they were not the IMEI of iPhones. Moreover, the weather applet sent a different "IMEI" in its query than the Exchange applet.
  IOW evil Apple sends an HTML request with the string "imei" in it, not the IMEI (of the phone). That's all the "proof" TFA needed - see sig for more info.
  
  --
  Lars T.
  To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
iPod Touch by jolyonr · 2007-11-19 02:59 · Score: 4, Funny

Of course, if I happened to be running the Stocks and Weather applications on my iPod Touch it wouldn't have an IMEI number to send, would it? Not that I am running those applications on my ipod, because that of course isn't allowed.

Jolyon

--

Please read my Canon EOS tech blog at http://www.everyothershot.com
1. Re:iPod Touch by rvw · 2007-11-19 03:08 · Score: 2, Funny
  
  Of course, if I happened to be running the Stocks and Weather applications on my iPod Touch it wouldn't have an IMEI number to send, would it? Not that I am running those applications on my ipod, because that of course isn't allowed. Well it could send the serial number instead of the IMEI.
2. Re:iPod Touch by sumdumass · 2007-11-19 03:10 · Score: 2, Funny
  
  I don't know if it is an IMEI but when you sort things like stocks you want to watch or personalized weather as well as weather local to your direct vicinity, it has to send something to identify who your are and likely the your location. So I guess the question is, does this information need to identify the person, is there any way around that and does apple in fact store it? If so for how long and why?
  
  I'm not even sure this is a bad thing. It all depends on the stuff we don't know yet. To some, anything is a bad thing. But then again everyone is out to get them.
3. Re:iPod Touch by Culture20 · 2007-11-19 03:43 · Score: 2
  
  The weather sites and Stock site preferences could easily be set in your phone's preferences, or your phone could request a "local weather" forecast by sending the local zipcode (perhaps gleaned from the Cell-towers). There is no reason why they would need to know "User XYZ is in denver, and wants to know what the weather looks like" or "User ABC is in Hawaii, and wants to know his current stocks".
4. Re:iPod Touch by jacksonj04 · 2007-11-19 04:03 · Score: 2, Interesting
  
  Stocks and weather (Along with Maps) don't self-localise, you need to tell them what you want. In addition, it'd be far easier for the phone to send its base station number(s) as position info, since sending the IMEI involves the application server contacting the network provider to ask where the phone is, rather than just looking up the base station number in a local table.
  
  --
  How many people can read hex if only you and dead people can read hex?
That's not IMEI... by Rastignac · 2007-11-19 03:05 · Score: 2, Funny

That's iMEI !
Like all others Apple iThings.

--
-- Rastignac was here.
apple the broker? by erikkemperman · 2007-11-19 03:09 · Score: 3, Interesting

While I'm not an economist or stockbroker, it seems to me that if apple knows which shares iphoners are most interested in, at a given time, this is extremely valuable information, e.g. to spot trends. Can't be bothered to read the user-agreement (have no iphone) but curious to know whether it gives apple the right to sell this data on to large brokers or even act upon the intel themselves?

--
Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
1. Re:apple the broker? by bleh-of-the-huns · 2007-11-19 03:29 · Score: 2, Insightful
  
  I am pretty sure that would be illegal, and probably falls under laws that prohibit pump and dump stock scams....
  
  --
  I came, I conquered, I coredumped
more benign? by datapharmer · 2007-11-19 03:11 · Score: 4, Interesting

Ever think maybe there was a more benign reason for this? Like to perhaps help in the retrieval of a stolen phone? Granted, it is probably not great for privacy, but if explicitly disclosed a savvy phone stealer could just disable or modify the apps. *This by no means excuses apple's privacy violations.

--
Get a web developer
1. Re:more benign? by jdc180 · 2007-11-19 03:21 · Score: 2, Insightful
  
  IIRC the carriers in the US could care less about retrieving a stolen phone. They could use GSM to lockout stolen phones, but don't. I'm sure apple doesn't either.
2. Re:more benign? by jimicus · 2007-11-19 04:05 · Score: 2
  
  Maybe not in the US, but they certainly do in the UK. Stolen IMEIs are put on a blacklist and the blacklist is checked when the phone attempts to register with the network. The same blacklist is shared amongst all the network operators.
  
  There was talk about extending this blacklist to other countries, but I don't know how far it is down the line.
Tinfoil... by Notquitecajun · 2007-11-19 03:13 · Score: 2, Funny

So, should people start wrapping their iPhones in tinfoil?
While you're waiting... by Huntr · 2007-11-19 03:13 · Score: 2, Informative

You could just read all the comments about Blizzard's Warden program for WoW, as they will likely be strikingly similar.
Get your facts straight... by LWATCDR · 2007-11-19 03:16 · Score: 4, Funny

"As I sit here applying a new layer of Reynolds tin foil to my international hat of conspiracy,"
Reynolds doesn't make tin foil. They make aluminum foil! There is a big difference between Tin and Aluminum!

--
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Tracking? by nickovs · 2007-11-19 03:29 · Score: 4, Informative

There's a substantial difference between receiving information and tracking people. Do the land-line phone companies "track" the calls you make? Sure, they use it to send you a bill, but most people don't seem to think it's a privacy violation. The author does not, as he claims, have "proof" that Apple track iPhone users, simply that they have the wherewithal to collate information about the services used by people if they could be bothered.

The IMEI number is there to facilitate identifying mobile devices to the Public Land Mobile Network (PLMN) for the purpose of charging for services. Your IMEI goes out every time you connect to the EDGE network or any GPRS service anywhere in the world, and is (and always has been) logged by the phone company, irrespective of what brand of phone you have. It's always been possible for the phone company, or anyone with the right data sharing relationship with the phone company (e.g. Apple), or the police with a court order, or the CIA/FBI/KBG/MI6, to link this to the IP address assigned to the mobile device, and from there to server logs. People who worry about this shouldn't just be wearing tin-foil hats, they should be putting tin foil around their phones too.

--
If intelligent life is too complex to evolve on its own, who designed God?
1. Re:Tracking? by kybred · 2007-11-19 03:58 · Score: 5, Informative
  
  The IMEI number is there to facilitate identifying mobile devices to the Public Land Mobile Network (PLMN) for the purpose of charging for services.
  No, that would be the IMSI. The IMEI just identifies what equipment you are using.
simple solution by eck011219 · 2007-11-19 03:33 · Score: 4, Funny

Just use your phone in a Faraday cage, and they can't track you at all.

--
It is pitch black. You are likely to be eaten by a grue.
Just change it... by javab0y · 2007-11-19 03:40 · Score: 4, Interesting

The Apple IMEI is TEA encrytped according to the phone's hardware ID and NOR ID. Both of these numbers can be found with a few tools found at iphone-elite.org. The IMEI lives at 0xA003FAB00 address. All you need to do is write out your seczone (0xA003FA000), TEA encrypt a nice Motorola RAZR IMEI number at offset 0xB00, and write it back to your NOR...and voila...your iPhone now looks like a Motorola RAZR.
1. Re:Just change it... by dave420 · 2007-11-19 03:55 · Score: 4, Informative
  
  ... and go to jail! It's illegal to change your IMEI in the UK, fyi, so this isn't the best advice for anyone in the UK.
2. Re:Just change it... by kybred · 2007-11-19 04:01 · Score: 2, Interesting
  
  All you need to do is write out your seczone (0xA003FA000), TEA encrypt a nice Motorola RAZR IMEI number at offset 0xB00, and write it back to your NOR...and voila...your iPhone now looks like a Motorola RAZR.
  Would you try that and let us know if your visual voicemail and widgets still work? Thanks!
  (That seems like a really bad idea. Maybe substitute a fake iPhone IMEI, but not a RAZR one).
3. Re:Just change it... by javab0y · 2007-11-19 04:13 · Score: 2, Informative
  
  Yep...they work peachy. The service is off your SIM, not the IMEI. As for illegality...yep...I live in the USA...so no laws preventing it here. Yes...those who do this should probably examine their own countries' laws.
Re:well by Chyeld · 2007-11-19 03:43 · Score: 2, Funny

I, for one, welcome Steve Jobs as our new overlord.
New? When did he stop?
do you think just maybe it's not all bad news by Locutus · 2007-11-19 03:48 · Score: 2, Interesting

Maybe they just mesh the IMEI number with location data provided by the GPS and/or AT&T to give you weather information based on where you are located at the time. Ever seen the ad where Google is used to find local eating joints? Don't know about you but I did not see any kind of location information getting entered and so some kind of location info is getting used.

And you know that every ISP keeps records on what phones ping what cell towers and your ISP( AT&T ) already is known to have been very willing to hand out cell records.

So get a pre-paid phone at Walmart if you want to limit your track-ability. After all, getting a "smart" phone from Apple with all the locked down and tied to Apple features isn't a clue that they just might track things? I hope you don't touch anything running Microsoft code.

LoB

--
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Re:Play It Off by pyr3 · 2007-11-19 04:06 · Score: 2, Interesting

Ah, but which quotes I'm looking at is another can of worms. It implies that I either own stock in that company, or plan to. I realize that I could just be watching the stock "for fun," but aggregating this type of information to have the "big picture" is the problem.
Conspiracy hats off... by shmlco · 2007-11-19 13:28 · Score: 2, Interesting

And according to a German security site, the ID is the same for every phone that was tested. Conspiracy hats off. Case closed.

Maybe now we can discuss if the Kindle knows which pages you're lingering over and transmits suspicous activity to the NSA...

--
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.