As detailed by Apple, Siri works by communicating with a remote server: You speak into your phone, it sends your query to a server that deciphers what you said, and it sends instructions or information back to your iPhone.
But the French app developer Applidium managed to decipher the protocol the iPhone 4S uses to communicate with Apple’s servers. This means that the voice-command service, which up until now has been an exclusive to the iPhone 4S, could possibly find its way onto other devices, including–you guessed it–Android products.
Applidium achieved this crack by using its very own HTTPS server and faked SSL certificates (which sounds like a nasty security issue to us). And along the way, the French software makers found out a few tidbits about how the voice service works. Applidium claim that Siri sends compressed audio data over the network to the server. The voice data you send to Apple gets used in few ways beyond that of just answering your queiries: Apple gives text-to-voice data a “confidence” score and even a timestamp for each word you say.
According to Applidium, theorhetically, “anyone could now write an Android app that uses the real Siri”. That said, there is one technical roadblock: In order to get Siri playing on another device, Apple’s servers need to be tricked into thinking that they’re communicating with an iPhone 4S–to get this working you need a spare iPhone 4S unique deice identifier key (UDID), and they don’t come easy.
So, lets see your guesses for how long it will take Apple to patch this security flaw?