IOS – What are api.smoot.apple.com and other hosts the iPhone is secretly talking to

Looking through some log files today I found something strange :

TCP_MISS/200 4931 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.253 -
TCP_MISS/200 4656 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.253 -
TCP_MISS/200 4656 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.253 -
TCP_MISS/200 4931 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.253 -
TCP_MISS/200 4629 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.253 -
TCP_MISS/200 4656 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.250 -
TCP_MISS/200 4930 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.250 -
TCP_MISS/200 4656 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.250 -
TCP_MISS/200 4931 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.250 -
TCP_MISS/200 4656 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.248 -
TCP_MISS/200 5206 CONNECT api.smoot.apple.com:443 - HIER_DIRECT/17.252.11.248 -
TCP_MISS/200 6959 CONNECT bookkeeper.itunes.apple.com:443 - HIER_DIRECT/23.217.226.217 -
TCP_MISS/200 6959 CONNECT bookkeeper.itunes.apple.com:443 - HIER_DIRECT/23.217.226.217 -
TCP_MISS/200 1041 CONNECT bookkeeper.itunes.apple.com:443 - HIER_DIRECT/23.217.226.217 -
TCP_MISS/200 6959 CONNECT bookkeeper.itunes.apple.com:443 - HIER_DIRECT/23.217.226.217 -
TCP_MISS/200 1057 CONNECT bookkeeper.itunes.apple.com:443 - HIER_DIRECT/23.217.226.217 -
TCP_MISS/200 22836 CONNECT init.itunes.apple.com:443 - HIER_DIRECT/23.217.226.217 -
TCP_MISS/200 22868 CONNECT init.itunes.apple.com:443 - HIER_DIRECT/23.217.226.217 -
TCP_MISS/200 5155 CONNECT xp.apple.com:443 - HIER_DIRECT/17.154.66.107 -
TCP_MISS/200 5155 CONNECT xp.apple.com:443 - HIER_DIRECT/17.154.66.107 -

Apparently api.smoot.apple.com is used for Spotlight search suggestions in Yosemite, except during the timeframe the log was taken I didn't even pull down on my home screen to open the search, and the spotlight suggestions are disabled in the phone's search settings – for the other hosts they are linked to iTunes but no info on what they do exactly…

I did some testing and it seems like every time I unlock my phone after a bit of inactivity, or shortly after I lock it again a request to that host is fired and gets a response with an average size of 5kb…

All these URLs were called when the device was idle, freshly unlocked and on the home screen with no apps in background.

Can anyone shed some light on this ?

Best Answer

Regarding api.smoot.apple.com, from Hacker News. Note this is regarding Yosemite, but I would imagine it similarly applies to Mobile Safari on iOS, especially since the hostname is the same (emphasis mine):

There are two "Spotlight Suggestions":

"Spotlight Suggestions" in Safari

"Spotlight Suggestions" in Spotlight

Both query the same servers, both use the same name, and both return the same information.

A reasonable person might believe that, having followed Apple's instructions for disabling "Spotlight Suggestions" (the Spotlight kind), they'd disabled "Spotlight Suggestions" (the Safari kind) -- especially if you didn't actually see any suggestions appear in Safari (I didn't!).

Mark Rowe, Safari developer at Apple: "That’s probably a fair complaint." https://twitter.com/bdash/status/524005838743035904

...

The network query posted here is actually a search metrics POST, not a live search query, and it's used as metrics for local and remote search performance.

Best Answer

Related Solutions

IOS – Are the Carrier IQ daemons installed on iOS devices other than iPhones

IOS 5 for iPhone secretly contains iPad calendar features

Related Question