Controversial checks of stock prices with iPhone

A number of online sources are reporting that iPhones transmit a unique device ID indirectly linked to the user's name and address to Apple whenever the user looks for stock prices. heise Security was not, however, able to confirm these claims in its own tests.

Most of the articles are citing a blog entry which in turn cites a comment posted in the forum Hackint0sh. There, a user writes that the Stocks iPhone application transfers requests that look like

http://iphone-wu.apple.com/dgw?imei=%@&apptype=finance

to Apple, with the "%@" being replaced by the device's serial number. The International Mobile Equipment Identity (IMEI) is a unique device number that some network providers use, for example, to block stolen cell phones. During the activation process with iTunes, this ID is also sent to Apple so that the manufacturer can assign it to an iTunes account, and hence to a single person. And indeed, this string is included in the Stocks program file, which displays stock prices.

However, heise Security was not able to confirm the obvious suspicion that the cell phone's IMEI is transmitted directly with every request. While there was a number in the HTTP requests sent to the Apple server, it did not correspond with the iPhone's IMEI. In addition, a weather query contains a different "imei" parameter than the one from the Stock applet. On the other hand tests with a second iPhone showed a different set of "imei" again.

A captured real request.

But without further background information, it remains unclear whether the ID transmitted really contains personal data. In general, speculation about whether Apple is using this information to monitor the stock interests of their customers is somewhat far-fetched. More likely, Apple collates general usage statistics and underestimated the importance of privacy issues involved when a request that documents interest in certain stock prices could possibly be traced back to individuals.

(ju)