Establishing Digital Trust: Don't Sacrifice Security for Convenience
Hardware hackers and security experts are claiming that the Apple iPhone might be secretly tracking some user activity. Yet even if those allegations are correct, what exactly it tracks and how much information it discloses remains a mystery.
A user first raised the issue in a posting on Hackint0sh.org. In the post, the hacker said a hex editor revealed that when iPhone users request stock quotes or a weather forecast, their phone allegedly sends the user's International Mobile Equipment Identity (IMEI) number to Apple.
The IMEI is a number unique to every GSM and UMTS mobile phone and serves as an identifier for the phone.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iBut the nature and amount of information it's divulging remains in question.
"It's a matter of how 'tinfoil hat' you want to get," said Dan Dorato, publisher of Uneasy Silence, a blog that picked up the item from Hackint0sh. "If it's a matter of tracking how many apps are opened or what we do, we don't know where these lines of code are, and because the iPhone is a closed system, we don't know how far it goes."
Apple's offices are closed for the Thanksgiving week holiday and spokespeople did not respond to requests for comment from InternetNews.com.
The story became further muddied when German security firm Heise Security ran its own tests and found the iPhone is, indeed, sending some number back to Apple -- but not the IMEI identifier.
"While there was a number in the HTTP requests sent to the Apple server, it did not correspond with the iPhone's IMEI," the firm said. "In addition, a weather query contains a different 'imei' parameter than the one from the Stock applet. On the other hand tests with a second iPhone showed a different set of 'imei' again."
Heise Editor-in-Chief Juergen Schmidt told InternetNews.com in an e-mailed statement that his best guess is that the number in question is akin to the UUID [Universally Unique Identifiers] that can be used to track application usage but is not related to personal data.