Late last night, we got word that Dan over at Uneasy Silence had discovered a URL embedded into two iPhone programs. The URL, which is formatted to include your iPhone's equipment ID (IMEI), apparently contacts Apple when you use the weather and stocks programs.
TUAW took a look at these programs and can confirm that the URL appears in both. When we tried connecting to Apple, the URLs did not return any data, further supporting Dan's concern that these were used for tracking purposes. We tried with both valid IMEI numbers and spoofed ones.
So is Apple using this data for nefarious tracking purposes? That point remains less clear. It's possible that Apple added this URL for future use to restrict data access to those iPhones with valid AT&T accounts--your IMEI gets registered with your phone number. It's also possible that Apple uses this URL to track activity, i.e. how much use per account for internal auditing.
One thing that is very clear, as Dan points out, is that active iPhone users have consented to data collection in the end user agreement. Beyond that, what data is collected, and how it is used remains fuzzy. Perhaps Apple will now issue a statement clarifying the situation and put user fears to rest.
Update; Gizmodo reports that sniffers detect no actual IMEI data being sent at this time. If you'd like to personally confirm the two URLs we found, you can easily do so by copying the two executables to your computer and issuing the strings command.