I decided to investigate which URLs the iPhone accesses when you use the various embedded applications. To capture the requests I simply setup a Squid proxy on the same local WiFi network and configured the iPhone to proxy all network connections through it.

Below are the results:

Safari – Yahoo! Search:

GET http://m.yahoo.com/apple/onesearch?pintl=en_gb&p=foobar&pcarrier=O2+-+UK&pmcc=234&pmnc=10

(note the carrier name and network code are included in the search request)

Safari – Google Search:

GET http://www.google.co.uk/search?q=foobar&ie=UTF-8&oe=UTF-8&client=safari

Yahoo! Weather:

POST http://iphone-wu.apple.com/dgw?imei=REMOVED&apptype=weather

Yahoo! Stocks:

POST http://iphone-wu.apple.com/dgw?imei=REMOVED&apptype=finance

Google Maps:

POST http://iphone-wu.apple.com/glm/mmap
CONNECT iphone-maps.apple.com:443

iTunes Store:

GET http://phobos.apple.com/bag.xml
GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/storeFront
GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/viewTopTensList

YouTube:

GET http://iphone-wu.apple.com/feeds/standardfeeds/most_viewed?start-index=1&max-results=25&format=2,3&client=ytapi-apple-iphone&time=all_time
GET http://iphone-wu.apple.com/feeds/standardfeeds/recently_featured?start-index=1&max-results=25&format=2,3&client=ytapi-apple-iphone
GET http://img.youtube.com/vi/ …
CONNECT http://www.google.com:443

It is interesting to note that most traffic is proxied via Apple’s servers – anyone say single point of failure? The reference to IMEI in the Weather and Stocks requests has been discussed at length in other forums before. This is a misnomer, the reference is believed to be just a GUID.

What is more interesting (or worrying!) is the mysterious encrypted connection to http://www.google.com (SSL port 443) whenever YouTube is accessed. I wonder what data is being shared here – and why?