Creating a JSON web service API for Find My iPhone


Creating a JSON web service API for Find My iPhone

One of the really cool features of MobileMe and the new iPhone 3.0 OS is the ability for it to reach out and locate your iPhone at any time if you have that feature enabled. Right now Apple only makes this available on their MobileMe website however and does not offer a programmatic way to get a hold of the information.

Since the iPhone doesn’t have background processes to update your location for third party applications I thought that it would be great to have the ability to do this anyway by leveraging their website. The first thing you need to do whenever you are going to scrape a sophisticated service like MobileMe is to collect all the relevant packets going over the wire. Since this service is entirely behind HTTPS the easiest way to do this is within the browser client itself. To that end I found what I believe to be the best Firefox plugin for the job, Tamper Data.

Some critical things that you need to watch for when you are scraping:

  1. Cookies need to be tracked very closely
  2. URL parameters need to be analyzed to determine which ones are relevant
  3. Other headers can also have a role in any web based API
  4. Data may actually be within the page or within an API call of their own

The Apple MobileMe service has all of these factors:

  1. MobileMe authentication is transferred via cookies and cross-site redirects
  2. Destination URLs are BASE64 encoded within the URL for some unknown reason
  3. The X-Mobileme-Isc header transfers further authentication data
  4. The device ids owned by the user are within HTML transferred via a JSON request and must be extracted with a regular expression
  5. Finally Apple has some strange idiosyncratic choices that you need to be aware of like transferring JSON to the server as a form parameter rather than a raw payload

I chose not to use the standard Java URLConnection but instead to use the latest http-client from Apache. This library is great and easy to use and it handles things like cookie management. For JSON output I could have just written this myself but wanted to get familiar with Jackson, a very nice high performance streaming JSON parser and generator from Codehaus. All in all, the vast majority of the time was not writing the code but reverse engineering the protocol itself. You can download the source code and contribute changes back to the findmyiphone git repository on github.