I decided to investigate which URLs the iPhone accesses when you use the various embedded applications. To capture the requests I simply setup a Squid proxy on the same local WiFi network and configured the iPhone to proxy all network connections through it.
Below are the results:
Safari – Yahoo! Search:
GET http://m.yahoo.com/apple/onesearch?pintl=en_gb&p=foobar&pcarrier=O2+-+UK&pmcc=234&pmnc=10
(note the carrier name and network code are included in the search request)
Safari – Google Search:
GET http://www.google.co.uk/search?q=foobar&ie=UTF-8&oe=UTF-8&client=safari
Yahoo! Weather:
POST http://iphone-wu.apple.com/dgw?imei=REMOVED&apptype=weather
Yahoo! Stocks:
POST http://iphone-wu.apple.com/dgw?imei=REMOVED&apptype=finance
Google Maps:
POST http://iphone-wu.apple.com/glm/mmap
CONNECT iphone-maps.apple.com:443
iTunes Store:
GET http://phobos.apple.com/bag.xml
GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/storeFront
GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/viewTopTensList
YouTube:
GET http://iphone-wu.apple.com/feeds/standardfeeds/most_viewed?start-index=1&max-results=25&format=2,3&client=ytapi-apple-iphone&time=all_time
GET http://iphone-wu.apple.com/feeds/standardfeeds/recently_featured?start-index=1&max-results=25&format=2,3&client=ytapi-apple-iphone
GET http://img.youtube.com/vi/ …
CONNECT http://www.google.com:443
It is interesting to note that most traffic is proxied via Apple’s servers – anyone say single point of failure? The reference to IMEI in the Weather and Stocks requests has been discussed at length in other forums before. This is a misnomer, the reference is believed to be just a GUID.
What is more interesting (or worrying!) is the mysterious encrypted connection to http://www.google.com (SSL port 443) whenever YouTube is accessed. I wonder what data is being shared here – and why?
Further analysis of the network traces reveals that after making the SSL connection to http://www.google.com the device is empowered with a new ‘GoogleLogin’ authorization string which it sends in subsequent HTTP requests:
GET /feeds/api/standardfeeds/GB/recently_featured?start-index=1&max-results=25&format=2,3&client=ytapi-apple-iphone HTTP/1.1
Authorization: GoogleLogin auth=(long_string_deleted)
Host: gdata.youtube.com
User-Agent: Apple iPhone v2.1 YouTube v1.0.0.5F136
As YouTube sends non-DRM protected content to iPhone devices, this could be the mechanism that they use to prevent non-iPhone devices from accessing the MPEG-4 content?