Just exactly how is this spying? An application that is designed to give you information specific to what you request would seem to me to be operating normally if it told the server what phone, account, and number to send that information to. This is just silly, a lame attempt to create controversy where there is none. Far worse things than this happen when a web browser or advertising server places cookies that track your surfing habits.

Of course, Apple already promised to spy in the Terms of Service.

Consent to Use of Non-Personal Data: You agree that Apple and its subsidiaries may collect and use technical and related information, including but not limited to technical information about your iPhone, computer, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to you (if any) related to the iPhone Software, and to verify compliance with the terms of this License. Apple may use this information, as long as it is in a form that does not personally identify you, to improve our products or to provide services or technologies to you.

Looks like Apple stopped reading the ToS a little early.

@ggore: when you are surfing the web, you don't provide a unique identifier that connects your name and personal information to the information you access. Sending the IMEI, which is NOT required to access this data, is a breach of privacy.

Storing cookies, which can be eliminated and avoided, is not even in the same universe as this.

When you use the iPhone's widgets, like Stocks or Weather, you are accessing the data via Apple's servers. Apple checks your IMEI number to try and ensure its a genuine and activated iPhone making the request, and that you are permitted to use its servers.

Is that really so nefarious? Christ, some of you really need to get a grip.

The question is how is it regulated by the law in the countries where Apple is selling the iPhone, for example, you know that here in Spain, they should announce that they are gathering personal data from you and they should offer you an adress where you can cancel this if you don't want Apple to have your data... isn't it?

The point is not that Apple knows if you are surfing for the weather or stocks, the question is should I be warned? or, can I officialy cancel it?

Valis

...Of course if you consider IMEI as a personal data...

Valis

This actually could be really helpful. this can prevent people from stealing iphones now =o.

@valis: IMEI is a unique identifier which is tied to your personal information in Apple's databases (and AT&T). Unless you are not in Apple's databases (like people using the iPhone without iTunes activation.)

@Tommo_UK: No, it's not like that. First, you are making that explanation up. Then, apparently this happens when you try to access more information on any stock using Safari.

It may or may not be for nefarious purposes -I don't care about their reasons- but there will be people who won't like Apple knowing what they are looking at or storing that information for later datamining. Knowing what your user base is looking at, cross-referenced with specific income, address and other personal information gathered at the iTunes registration, is an extremely powerful combo for data mining applications (and marketers.)

Now, myself or you may not give a damn about this, and nobody knows what this information is used for or even if it's stored or not. I don't care.

The questions is: is this right? I think not. And is it necessary (from a technical point of view)? Nope.

Amazing picture btw, Diaz!

@jesusdiaz:
You got this one right. They CAN know who you are and what you are doing. This is outrageous and even fan boys should be up in arms about it. Don't roll over and play dead on this issue, especially now that it is known! If you do, others will follow their lead and it is one more privacy barrier gone!!!
Your supposed i-life becomes i-known and no matter how small, that is wrong for everyone.

Meh, who really cares? I mean, sure, Apple really has no real reason to check the IMEI numbers of whoever uses their weather gadget. Evidently, they don't do anything with the information, because plenty of us with jailbroken iPod Touches are able to use the weather app just fine. And besides, checking the weather or stocks is hardly personal information.

"and Apple covers his back with their license"
Interesting choice of grammar!

I do have a question. If someone's sole purpose is to buy an iPhone and hack it to use on another network other than AT&T, isn't this stealing?

I know Apple makes money on the sale but they are also sharing the revenue with AT&T. This revenue is now being redistributed to another wireless carrier.

Any thoughts?

Haha nice photoshop job there.

I don't own an iPhone if the TOS pasted by omg-ponies is real, then I don't think Apple is doing anything illegal since they stated that data from the application software may be used by them. So basically, everyone who bought the phone and agreed to the TOS already agreed to this. It's just all too common in this day and age.

Just to keep it in perspective...

You can be certain other phones are doing the same thing... especially if you're using Verizon CDMA... at that point, everything that you do on the Internet is being recorded, and the IP address assigned to you can be matched to the time for which it was leased to you. A unique identifier isn't really necessary if the phone doesn't have WiFi. If your phone DOES have WiFi, then the question becomes... how do they support services to you if they don't know that you're an active customer?

I guess they could have gotten round this differently by encrypting the IMEI number, but ultimately, that number sits on the back of your phone no matter what, so encrypting it doesn't really do much security-wise, and... as Apple needs to match it against their database in the interests of providing service, once "matching" is necessary, it wouldn't take much for them to decode the IMEI string based on an encrypted match with their clear-text IMEI (like any MD5 lookup available on the web).

So... YES, I can see how Apple would need to do this. Going off of EDGE network access would be stupid with WiFi. The only thing they could have done is gone out of their way to HIDE what they were doing, by note using tokens called "IMEI" or some such. The main question, is whether they are simply using a valid IMEI to provide service, or whether they cross-matching your personal data using your IMEI.

This is more a QUESTION than an INDICTMENT.

Tin foil hats.

@hughjass:
"Meh, who really cares? Evidently, they don't do anything with the information"

It is this kind of "weak stream" attitude that will let them get away with whatever they want. Really now, should you make the assumption that since you have no evidence or knowledge that they "do anything" with the information, that this means they don't, or won't? Or should you make the assumption that since they HAVE it and a hacker has figured out how they got it (a rather hidden from view method), that it is possible it is not being used correctly within the constraints of the ToS? The phone's unique identifier is easily linked to YOU, a person. The temptation is THERE to do things outside the constraints of the ToS! They only have to do it. It would be better if they couldn't link anything to a person because they don't have data to do it with! The temptation to do so would not exist.

The real question is... how would some of you respond if Microsoft had done this?

@secretasianmang:
They most likely will if it isn't stopped before hand.

Hey, guess what? Your IMEI is know with every GRPS data connection established. So big eff'en deal. You think your anonymous or something? Time to get in touch with reality and just who's wireless network your on.

This probably got one because some manager said to some programer,
Boss: 'Hey, I only want people that have official iPhones using our widgets.'
Programer (to himself): 'Crap, what can I use to uniquely identify these phones...Ah! the IMEI!'

Same discussion probably took place right before a MAC address was used to tie a computer to a serial number, however MAC's are easily changed (programmer didn't think about that at the time), IMEI's are not.

@secretasianmang:
Serously? Apple has been going through a string of "duh" accusations for the basic act of releasing a highly desireable phone. Microsoft already has phones (running its software), and next to NO ONE chatters on scrutinizing every detail of how they provide service. --So, if the question is good/bad is Apple being defended/picked-on more than Microsoft would... the answer is already evident. I'd say Apple is getting MORE than their fair share of teeth inspections. I mean, Oh, no! Early-termination fees??? GASP!!! Battery life??? Good lord, price drops during the holiday season??? Is Unlimited Internet REALLY UNLIMITED??? DAMN Apple for all of these *new* concerns... Damn them to HELL! LOL.

Back to the topic though... Its funny... someone could do a rather amusing article titled "How our phones phone home." And delve into completely ignored nature of network privacy in the mobile industry. No one points out the fact that until recently AT&T was giving people itemized records of ALL their network activity. Pssst... they know it was you, isn't that scarey? Now, people are wetting themselves that in the event one is using WiFi, and accessing Apple's domains servicing the stocks and weather widgets... that somehow Apple has more data than they wanted Apple to know.

It sounds quite retarded.

@stickystyle:
Regarding the manager anecdote... Exactly. Sigh.

@secretasianmang: Google does far 'worse' than this - but you rarely hear a whimper about it. Most of the people freaking out will be Apple-haters who don't even own the damn thing.

I agree with Stickystyle - time to get in touch with reality.

@bitfactory: how does Google make worse than this?

So basically, Apple tracks what app is being used to access what type of data, whether they use the buttons or the browser. Why is that a problem? Shouldn't they be trying to figure out what buttons people use and what buttons they don't? It takes research and feedback to make interfaces that work. And unless the write-up is wrong, it's not like the data itself is being transmitted.

Also, if they used a personal ID, like name or SSN, that would violate your privacy. But using the ID they assigned to your device, not the user, does not. The same is true of credit card companies re: your purchases. True, they could use the IMEI to identify you personally, but there's no evidence of that.

@Cleverboy: Everyone does it? Who does exactly? Are you speculating or do you know for sure? Could you provide hard data rather than speculation? And if everyone does it, does it make it right?

Jesus, I think that is a very good likeness - quite appropriate illustration too - one of your better ones!

Wow... I still don't understand why when Apple jerks the shit out of their cutsomers and fanboys, you guys still go so much out of your way to defend them? Jobs has you suckers brainwashed and on his nuts. Hop off fellas

Wow, I have to say cheers to whoever made that Image. That is the best photoshop job ever!

Yes, uber props on the photoshop, Gizmodo.

Holy shit I just got my phone bill!

THEY KNOW EVERY NUMBER I CALLED!!!

TORCHWOOD

Jesus, that's a great Photoshop job - should get an award!

Actually better than the story - sure it'll be useful on another posting sometime.

Who cares if they can "monitor" us while we use the iPhone, no different from Verizon or Cingular... overly paranoid geeks on the loose, seeing bad guys and black hats everywhere...

That pix almost made me spit my coffee all over my desk - love the eyebrow

@jesusdiaz:
Let's not be disingenous and pretend I need "proof" that the sky is blue.

Isn't the question NOT about "proof" that phones record the websites you access, but whether or not the networks (whether CDMA or EDGE) will hand that data over to the government without a court order OR whether they send the records to us in large booklets without being asked to? I thought we were past the question of whether cellphones record activity that is personally identifiable to the account holder. Did I miss something? I'm banging my head here.

Moreover, if you're visiting Apple's website for stock quotes and the weather, and Apple is refusing service to non-iPhone requests, that seems an altogether different argument than "spying". The accusation makes little sense without proof that Apple is actively pooling the data (which Google also claims not to do). None of this is new. That's the whole point.

@MINI Driver: Agreed. VERY nice composite, J.

@Cleverboy: Of course AT&T knows all your network activity; they own the network you're using.

Apple doesn't know. Or at least it shouldn't know.

@sumocat: Not ONLY is the IMEI no guarantee of personal identification... oh, actually that's my whole point. If the device is NEVER registered or activated... what's the arguement here? What happens when you sell it? Silly silly argument.

@Cleverboy:
So NOBODY registers or activates their phone? Whats the point here? None!

To everyone complaining about Apple having the ability to see what you are doing and watching your every move, you gave them the right to do it when you bought their phone. If you don't like this then you should have protested when it came out and not bought the iphone. One thing we all should give Apple credit for is having the balls to tell everyone that they are using your IMEI. There are other companies out there that aren't as straight forward about this, yet we criticize the company that tells us about it, that is the true crime.

I think it's GREAT!
Now local/federal law enforcement, can not only know when someone is accessing illegal kiddy pRon, but now know exactly who is watching it, even in the privacy of their own bathroom... And be at your job early the next morning before you even get to clock in.

I have to side with Cleverboy on this. Every company has been doing this. Well not every but most. Hell Sony has been caught doing similar activity, Microsoft has done similar activity, Google recently over the past year has been under huge scrutiny about what they are doing with consumers information. If anyone remembers there was even a huge website that hosted a video explaining what Google had been doing. Its no big surprise. Hell your AIM messages are most likely being watched. Thats just how it is.

This isn't at all surprising. It's little different from Amazon tracking their customers buying, browsing and searching habits. It doesn't constitute spying (that's just to sensationalize the topic), since there's no wholesale monitoring of all local activity on the device.

The key here is what Apple's iPhone privacy policy says. I haven't seen it since I don't have an iPhone. But assumedly the policy would state what information Apple tracks and what they do with it. Such privacy policies are required by law.

I'm sure that Apple would first use the data from this sort of tracking to look for trends that would allow optimization of the network and back-end systems. That'd be the engineering department. Then someone in marketing will go "Wait, we can tell every stock an individual customer checks?" and have a financial orgrasm and demand engineering hand-over absurdly detailed reports for every customer.

@Penchum: "If the device is never", does not mean "nobody registers". Does that help you? Whereas, you're talking about something bizarre, I'm referring to the fact that well over 250,000 iPhone owners have activated there phones "unlocked". Did they register their phone and IMEI with Apple? Who knows, but odds are that without any such communication, the IMEI doesn't really say much. Get me? REMINDER: We're only talking about those people that can't get enough weather and stock quotes.

Personally, I think the "clear text" username/password issue with Apollo and MobileChat should get much much more coverage than Apple ok'ing a weather request using a mobile mac address. But, that's just me. The idea that some poor folks still have their Google or AOL username/passwords open to the world to grab, seems far more chilling whether on the iPhone or on the users' desktop sync folder.

My iPod's serial number is registered with my full contact information, and on message boards people have signature banners that display my ISP and Operating System. DOOOOOOOOOMED!

And I agree, this is by far the best photoshop job on Giz..ever.

Just me, or does that photochop look a lot like Patrick Stewart, as well?

The problem is not that Apple is doing it. The problem is that they did not come out and tell everyone they are doing it. Having a general statement that 'we can' is not the same was 'we are', and Apple really should know better.

That said, if you already bought a device that (supposedly) requires service with AT&T, clearly you are a person that is not concerned about these sorts of ethics.

Bottom line, does Apple keep that information once the request is transmitted to the iPhone? Could it be this is like a username to authenticate that it's really an iPhone calling? Until the tinfoil hat brigade answers that question, this is the paranoid ravings of a fringe group.

Apple did something like this not long ago and learned their lesson to make sure people understood that any information transmitted is not retained. So it's likely now this is out, they will clarify. If they don't, then one has to wonder.