(At 1st, I am not good at writing English language. I sometimes write unusual expression.)
NTT Docomo is #1 mobile phone career in Japan. (almost 50% share) NTT Docomo's Android phones send IMEI always by pre-installed video/ audio player in HTTP User-Agent header and custom header named "x-dcmstore-imei". Every web server can get IMEI via User-Agent header if a web server has audio/video contents. In hitorycal reason, Japanese mobile content provider often use IMEI as authentication key. I think this spec is a security problem. How dou you think ? See also: "Music, Video | Service, Function | NTT Docomo" HTTP header information (written in Japanese language) http://www.nttdocomo.co.jp/service/developer/smart_phone/service_lineup/music_movie/index.html -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
