Joe on the November 19th, 2007 Please note: It is not my intent to get everyone scared about Apple having information on your phone. This post is merely an attempt at discussing ways to keep certain information from Apple if you desire to do so.
Today, Uneasy Silence offered proof (also shown below) that Apple’s iPhone is sending your IMEI information back to Apple HQ.
Obviously, this raises concerns about what other data is being collected and what other phones handle your personal information in similar ways. This got me thinking about how to prevent it, and the solution, in this case anyway, seemed pretty simple.
Everyone who is concerned about this could change the program to send the data to one of your own domains (register a domain and do nothing with it if needed). I’m sure someone could release a sort of patch to make this easy for those suffering from technophobia. Then, they could send made-up data (maybe even more often than expected to overload Apple) to http://iphone-wu.apple.com/dgw in the format needed. Let Apple sift through junk data for a while. Those with a little more technical skill could even set up a script to collect their real data and store it in case it is needed.
The ultimate solution would be to set up a script that collects all the information your phone sends, stores it, passes it to Apple, and stores the response. After a little testing, just modify the script to pass fake data to Apple, but still return the correct data to your phone.
I don’t have an iPhone, and I don’t plan to, but it’s a thought. I’d try it if someone feels like sending me an iPhone to test it.
| 2.5 |
del.icio.us
Stumble it!
Powered by FireStats
on November 19th, 2007 at 12:49 am
If it makes them happy go for it. Yeah they can know if I like a stock who cares. But just in case you did not know if you are being tracked every time you use and web. Every site you visit knows more about you then you might think like your: IP#, ISP, Web Browser, Language and oh so much more.
on November 19th, 2007 at 1:03 am
Greg: True, but I don’t care so much if a site knows my IP or that I get online via COX at home. There’s “personal” and there’s “personally identifiable”. We sometimes worry about “personally identifiable” information being leaked because it can be used to track us. The real worry should be about “personal” information that tells more about us than Apple or anyone else deserves to know. Think about it this way. Where is the line drawn to determine what information is fair game for Apple to collect?
on November 19th, 2007 at 3:08 am
Isn’t that number a little (a lot) small for an IMEI, which is around 15 digits long? Did you do any further research and try to match the IMEI in the capture with your phone’s IMEI? Is it possible that what you’ve discovered is some sort of flag or switch saying IMEI=no (like, telling the receiving site that the IMEI is NOT being sent with the query)?
Please try to do a little more research before publishing your blog entries. Must try harder!
on November 19th, 2007 at 3:40 am
One legitimate reason Apple may be collecting IMEI numbers is because carriers are notoriously “inaccurate” on their accounting and reporting of activated phones. And since Apple gets a good amount of money for each phone activated, it makes sense that they’d want a way to validate IMEIs of activated phones.
Otherwise, they’d just have to trust ATT. And who would do that?
on November 19th, 2007 at 6:02 am
I don’t own an iPhone. But even if I had one, I doubt doing something like that.
on November 19th, 2007 at 6:22 am
Wayne: Please read more before posting. The purpose of my post was to tell you ways in which you could get around sending information to Apple. Perhaps I should have posted the parameter list instead of expecting you to read the article I referenced, so here it is now.
dgw?imei=%@&apptype=finance
A variable is being sent as the IMEI number. I don’t own an iPhone (as mentioned in my post), but I can only imagine that the value of that variable is a valid IMEI, although it COULD be a flag, too. I didn’t write the article and, again, I don’t own an iPhone, so I am unable to test it myself. Thank you, too for passing on the link to information about what an IMEI is. I am, however, familiar with IMEIs, as my company developed the software for a satellite phone and I was lead developer in this effort.
on November 19th, 2007 at 6:28 am
Rusty: Good point. I can see valid uses for information being sent and in no way am I proposing that Apple is going to start signing up for credit cards in your name or anything. There’s just a concern that if they are really collecting that much personal data, what are they using it for and how secure is it.
on November 19th, 2007 at 7:33 am
Joe, I have read more - which is why I’m criticising your article. I’m sorry, but your article is weak. Some examples
“Today, Uneasy Silence offered proof”
>> no, they reported on someone else’s proof. You couldn’t even credit or link the person that did provide the “proof”. Here it is http://www.hackint0sh.org/forum/showthread.php?t=16125
“obviously this raises concerns about what other data is being collected”
>> Yes, once you’ve shown or know that personal data is being sent. At the moment you have no idea what is being sent. The only concern raised is “is anything actually being sent”
“Then, they could send made-up data (maybe even more often than expected to overload Apple”
>> Are you serious. Are you really expecting a few characters of text to overload Apple?
“The ultimate solution…”
>> Step 1 in any solution is to find out what is being sent.
Calculator.app on Leopard uses the same URL encoding to send the super secret personal data string of “APPLE” (http://wu-calculator.apple.com/dgw?imei=APPLE) - is that an IMEI too?
This same “IMEI” encoding is used on the iTouch (how could an iTouch possibly have an IMEI, it’s not even a phone!)
The point I’m making is that you’re spreading rumour without facts. If your article title was “How to protect data from being sent to Apple (where that data could be anything, we don’t actually know what it is because we haven’t bothered to look at it yet)” then it would be good writing. As it is it’s just spreading chaff
on November 19th, 2007 at 12:15 pm
Joe, now that the truth is coming out will you be correcting your article to reflect those new facts?
NOTE: this is assuming you’re reading the articles that are clearly saying it’s NOT the IMEI after checking the data that is being sent - if not I’ll be happy to post links so you can
on November 19th, 2007 at 1:04 pm
Wayne: I added a note to the top. I will follow up with more information if someone sniffs packets and comes up with something definitive.
on September 15th, 2008 at 1:27 am
[...] How to Protect Your Private Information From Apple [...]