To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5.
We were able to independently verify that at the very least, references to Carrier IQ's servers do exist within iPhoneOS 3.1.3 in a file located at /usr/bin/IQAgent. What exactly that binary is able to access or how it may communicate with either carriers or Carrier IQ is not yet known, though there are references to an IQAgent log on the device as well as references to collector.sky.carrieriq.com.
For versions 4.0 and 5.0, Intell on MacRumors' forums has found similar references to the http://collector.sky.carrieriq.com location within /usr/bin/awd_ice2, although we have not independently verified that yet. Again, no clear word on just what is or is not being tracked or collected.
The story is developing, with chpwn promising a post providing as many details as he's been able to uncover thus far, including the possibility that the code wasn't enabled by default in iOS. We should emphasize that all we can say for sure at the moment is that iOS definitely contained references to Carrier IQ — but given how the story has progressed thus far, we expect there will be more to report on soon.
Update: chpwn notes that initial research indicated that Carrier IQ's software may only be active when the iPhone is in diagnostic mode. In a blog post, chpwn confirms that, based on his initial testing, Apple has added some form of Carrier IQ software to all versions of iOS, including iOS 5. However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default. Finally, the local logs on iOS seem to store much less information than what has been seen on Android, limited to some call activity and location (if enabled), but not any text from the web browser, SMS, or anywhere else. We'll let you know when more details arise.
Thanks, nandreetta
There are 211 Comments. Add yours.
OMG guys! DRAMA BOMB ! !
Posted on Nov 30, 2011 | 10:03 PM EST reply Recommend (19) Flag actions
https://twitter.com/#!/chpwn/status/142087789666770944
I’ll just leave this here.
Posted on Nov 30, 2011 | 11:01 PM EST reply Recommend (4) Flag actions
Of course, “Carrier IQ on iOS only enabled during Debug mode, and only logs limited call and location activity == Carrier IQ on Android enabled all the time logging all your key strokes, text messages, and passwords”.
Posted on Dec 01, 2011 | 11:54 AM EST reply Recommend (1) Flag actions
Not entirely true. It’s only enabled on android on devices running default roms produced by manufacturers who bundled it win their devices.
This is not an android problem. It’s a manufacturer/carrier problem. Also, Nokia and RIM are far more guilty since they’re the OS writers AND manufacturers of their devices.
Google themselves had nothing to do with this, and people need to stop slamming android in general over something that is not android’s fault or android’s problem.
Posted on Dec 01, 2011 | 1:09 PM EST reply Recommend (1) Flag actions
Posted on Nov 30, 2011 | 11:01 PM EST reply Recommend (25) Flag actions
That’s the Carrier IQ mascot.
Posted on Nov 30, 2011 | 11:18 PM EST reply Recommend (1) Flag actions
up until this broke, this “story story so far” was labeled “Carrier IQ tracking Android Phones” while it was clear that it’s not at all related to android (it was only on some phones/carriers, but also on Nokias and Blackberries)
Posted on Dec 01, 2011 | 1:09 AM EST reply Recommend Flag actions
Not to mention Nokia and RIM built the OS AS WELL AS the device. They’re the guiltiest parties here.
Posted on Dec 01, 2011 | 1:10 PM EST reply Recommend Flag actions
Isn’t Apple the same??? They are the OS builder and manufacturer as well.
Posted on Dec 01, 2011 | 5:45 PM EST reply Recommend Flag actions
True. Also doubly misleading since Carrier IQ is not a part of Android at all. It only appears on specific devices where the OEM has modified the open source code on their own or at the request of their customer (the wireless carriers – in the US).
Posted on Dec 02, 2011 | 10:13 AM EST reply Recommend Flag actions
Oh no.
Posted on Nov 30, 2011 | 10:07 PM EST reply Recommend Flag actions
Posted on Dec 01, 2011 | 12:42 AM EST reply Recommend (28) Flag actions
awesome.
Posted on Dec 01, 2011 | 1:30 AM EST reply Recommend Flag actions
What is that I don’t even.
Posted on Dec 01, 2011 | 5:43 AM EST reply Recommend Flag actions
Reference to a program which might be on a phone which might record your keystrokes which go to a log file which might be sent to Carrier IQ which might use it, maybe for something else than legitimate purpose.
It might be time to ask those cellphone companies about this, this story isn’t really going anywhere atm.
Posted on Nov 30, 2011 | 10:09 PM EST reply Recommend (2) Flag actions
There is no ‘mights’ here…. The program does do all these things you talk about.
As the iphone has no way to enable or disable the Carrier IQ software from the user interface, it has to be assumed that it would be shipped ENABLED on every device.
So all those mights you talk about is really a ‘will’
Posted on Nov 30, 2011 | 10:35 PM EST reply Recommend (6) Flag actions
There are plenty of ‘mights’ here. It might just record dropped calls, it might record everything. It might not even be turned on, who knows.
Posted on Nov 30, 2011 | 10:38 PM EST reply Recommend (9) Flag actions
On Iphone 4 IOS 5.0, You can check……automatically Send…….Or………Don’t Send. Go to Settings, General, About, Diagnostics & Usage and check………..Don’t Send. I hope this helps!
Posted on Dec 01, 2011 | 4:45 AM EST reply Recommend (5) Flag actions
Thank you for stating that. You are prompted during setup if you even want to participate. If you choose “Yes”, then you can always turn it off later. Also, it is not logging any personal information (except location IF you allow that).
Posted on Dec 01, 2011 | 3:48 PM EST reply Recommend (1) Flag actions
Your wrong pretty much on all points and +1’d 6 times. That’s terrible.
as it says right here in his blog post on the issue Firstly, carrier iq isn’t the same on iOS. it doesn’t see the UI layer, therefore has no idea what it’s typing. Second, in iOS 5, turning off diagnotstics data turns this off.
It was an issue with the HTC youtube video’s because he turned it off, and yet it was still tracking. From what chpwn has said in his blog, iOS devices are respecting their users wishes, and WP7 is the only platform completely free from it, but who knows. Maybe they run something else:D
Posted on Dec 01, 2011 | 9:38 AM EST reply Recommend (4) Flag actions
Replying to my post.
Verizon denies it installs Carrier IQ
Nokia denies it uses any form of Carrier IQ whatsoever: https://twitter.com/#!/jurthys/status/141856513542205440
Sprint DID admit it installed Carrier IQ on phones.
It seems to be carriers, not manufacturers.
Posted on Nov 30, 2011 | 11:19 PM EST reply Recommend (1) Flag actions
We know that they all do it. At least Sprint has the guts to stand up and admit it.
Posted on Dec 01, 2011 | 3:42 AM EST reply Recommend (2) Flag actions
The Death Star would rather use their planet destroying lazer then admit wrong doing.
Posted on Dec 01, 2011 | 10:50 AM EST reply Recommend Flag actions
Has anyone checked to see if it is on all iPhones or just on certain carriers?
Posted on Dec 01, 2011 | 12:37 AM EST reply Recommend Flag actions
ok. So is anybody left? Is Windows Phone the only one clear so far?
Posted on Nov 30, 2011 | 10:10 PM EST reply Recommend (4) Flag actions
Probably, since they’re pretty strict on what a phone maker can and can’t throw on there.
Posted on Nov 30, 2011 | 10:14 PM EST reply Recommend (6) Flag actions
Apple is strict too and here we are. Wouldn’t surprised for the US phones is something was there. Carriers and OEMs are limited to what they can do to WP, but they can add stuff.
Posted on Nov 30, 2011 | 10:20 PM EST reply Recommend (10) Flag actions
More strict than…um.. APPLE THEMSELVES? Honestly, at first I thought it was the ‘Android’ hardware partners… now I’m totally baffled as to who’s doing this.
Posted on Dec 01, 2011 | 1:09 AM EST reply Recommend Flag actions
XDA has instructions on disabling the service on Android phones. Some phones don’t even have to be rooted to kill the service.
Posted on Nov 30, 2011 | 10:44 PM EST reply Recommend Flag actions
“Rafael Rivera has just twitted back that Windows Phones do not have Carrier IQ.”
From XDA: http://forum.xda-developers.com/showthread.php?t=1370112
Another good reason to switch ;)
Posted on Dec 01, 2011 | 5:42 AM EST reply Recommend Flag actions
Um, if Carriers are allowed to install bloatware on and customize several aspects on WP7, there’s no reason to think it’s not on Windows Phones. Google and Microsoft play no part in the decision to include this on phones or not. It’s between the Carrier and the phone manufacturer.
Posted on Dec 01, 2011 | 9:10 AM EST via mobile reply Recommend Flag actions
Google also doesn’t include it on Android.
Posted on Dec 02, 2011 | 10:16 AM EST reply Recommend Flag actions
No way.
Posted on Nov 30, 2011 | 10:13 PM EST reply Recommend (2) Flag actions
Yes way. Apple is just another company. They aren’t magical, they aren’t God, and they still want to track their users.
Posted on Nov 30, 2011 | 10:49 PM EST reply Recommend (15) Flag actions
It works both ways, Apple were practically crucified for the non-issue that was “locationgate”. But it’s ok I get it, you’re another one of those people just itching to spread enlightenment and inform others about the correct way to view Apple.
Posted on Dec 01, 2011 | 2:46 AM EST reply Recommend (4) Flag actions
I actually agree with the majority of Jeremy’s statement. At the end of the day, Apple are just another company, They do create very good products, but they are just another company really.
Posted on Dec 01, 2011 | 3:43 AM EST reply Recommend (2) Flag actions
while i agree there just another company, i personally don’t think he feels the same way about all companies.
He’s also one of those kids who posts, “that’s retarded” in siri threads, and “CyanogenMod FTW!” etc. As well as publicly saying you don’t like apple. It’s of relevance here.
Posted on Dec 01, 2011 | 8:31 AM EST reply Recommend (3) Flag actions
apple is just another company. Still, the verge is obviously following the same iOS hackers i am, and from the get go he was saying the code probably wasn’t enabled on shipping iOS devices without debugging on.
Posted on Dec 01, 2011 | 8:27 AM EST reply Recommend (2) Flag actions
Carrier IQ should leave the insides of our smartphones. It’s just not welcome at ALL!!!!
Posted on Nov 30, 2011 | 10:13 PM EST reply Recommend Flag actions
Not tracking it right, etc.
Posted on Nov 30, 2011 | 10:14 PM EST reply Recommend Flag actions
Everything is a fucking privacy issue, Streetview vans steal your router information, Slingplayers probably pedo everything you watch, your voice gets sent to the cloud, your face unlocks your ICS phone…
They’re making Skynet people .
Posted on Nov 30, 2011 | 10:14 PM EST reply Recommend Flag actions
Protip: If you don’t want them to collect your wifi information, append _nomap to your wifi hotspot ESSID.. They won’t index your hotspot if you have that… or so they claim
Posted on Nov 30, 2011 | 11:16 PM EST reply Recommend Flag actions
Or hide your ESSID, which is one thing you should be doing if you’re actually serious about people not seeing your router.
Posted on Nov 30, 2011 | 11:46 PM EST reply Recommend (1) Flag actions
Anyone who knows anything about wireless networks knows that is false. Your router still broadcasts the SSID. It’s very easy to see a “hidden” SSID.
Posted on Dec 01, 2011 | 12:48 AM EST reply Recommend (4) Flag actions
Protip: get my permission before scanning my network beyond seeing it’s SSID, or die in a fire
Posted on Dec 01, 2011 | 9:40 AM EST reply Recommend Flag actions
Uh oh.
Posted on Nov 30, 2011 | 10:15 PM EST via mobile reply Recommend Flag actions
Apple has Siri anyway and with it they can collect a lot more then CIQ
Posted on Nov 30, 2011 | 10:17 PM EST reply Recommend (1) Flag actions
Siri wouldn’t collect your passwords sent my HTML, or Credit card numbers, this thing can.
Posted on Nov 30, 2011 | 10:18 PM EST reply Recommend (4) Flag actions
i hope the blog wasn’t up when you wrote that. (chpwns)
This is what it scans if it were on. Apparently the toggle about collecting information apple provides actually works, unlike HTC’s as we’ve seen on video.
Posted on Dec 01, 2011 | 9:42 AM EST reply Recommend (2) Flag actions
A lot more is more than everything?
Posted on Nov 30, 2011 | 10:18 PM EST reply Recommend (8) Flag actions
Oh noes! My carrier knows the number I dialed … uh oh. They know the contents of the text message I just asked them to send … oh the humanity!
What a violation of my privacy that the provider of my service knows the contents of the service I am paying them to deliver.
Will it never end?
Next you will say Credit Card companies track when, where and how much you spend.
Posted on Nov 30, 2011 | 10:17 PM EST reply Recommend (5) Flag actions
It’s not so much that that they are doing it, it’s that they are doing it secretly, even denying it.
Posted on Nov 30, 2011 | 10:18 PM EST reply Recommend (12) Flag actions
Yah no kidding! I mean, why should I care if they keylogged my banking pin? It’s fine.
Posted on Nov 30, 2011 | 10:19 PM EST reply Recommend (10) Flag actions
And what if the BANK new your PIN too? Then they could spend all your money!
If you don’t want your carrier knowing everything you do then turn off your phone.
Posted on Nov 30, 2011 | 10:21 PM EST reply Recommend (1) Flag actions
Sorry, but what you just said makes no sense to me.
Posted on Nov 30, 2011 | 10:22 PM EST reply Recommend (17) Flag actions
There is a legitimate privacy concern. I don’t see any reason to dismiss other’s concerns so quickly.
Posted on Nov 30, 2011 | 10:22 PM EST reply Recommend (8) Flag actions
it’s not your carrier, it’s a 3rd party
it also doesn’t go encrypted over to your carrier like a normal online transaction, it goes UNENCRYPTED into a log file
it’s also
Posted on Nov 30, 2011 | 10:22 PM EST reply Recommend Flag actions
can’t edit and pushed post
Posted on Nov 30, 2011 | 10:23 PM EST reply Recommend Flag actions
The data goes to your carrier. They are the ones installing it, and using it to collect data. The data isn’t going to CarrierIQ.
Posted on Nov 30, 2011 | 10:25 PM EST reply Recommend Flag actions
The data is transferred unencrypted. This is a security concern as well as a privacy concerns.
Posted on Nov 30, 2011 | 10:27 PM EST reply Recommend (8) Flag actions
“data isn’t going to Carrier IQ”
bullshit, they are specialised in analyzing the data, I’m pretty sure they get a whole bunch of data and anything they want, it’s also unecrypted
Posted on Nov 30, 2011 | 10:28 PM EST reply Recommend Flag actions
There is no proof the data is going anywhere. Just that it MIGHT be tracked. We know the Carrier put the data in. Do you think the carrier wants anyone other than themselves knowing the data?
Plus on Android phones you can kill the service and stop any monitoring at all.
Posted on Nov 30, 2011 | 10:35 PM EST reply Recommend (2) Flag actions
I don’t find this to be comforting at all. There is proven market value in consumer behavior data, hence these firms have motive to use the data.
The universal default should be that no data gets transmitted anywhere without knowledge of the user of the device. I don’t mean one of these “sometimes we anonymously use your data to improve your user experience” clauses. If my data is going anywhere that I don’t explicitly send it (through a text message, the browser, etc) then I should know in advance the name, and contact information of the company to whom the data is going. That would mean that Carrier IQ should be in the EULA for any piece of software that sends data to them.
Why is this not the default?
Get off my lawn?
Posted on Nov 30, 2011 | 10:45 PM EST reply Recommend Flag actions
I wouldn’t be surprised to see a “we can do anything we want when you use our phone, or network, you have no privacy” clause in every carriers terms of service.
Does anyone actually read those?
Posted on Nov 30, 2011 | 10:48 PM EST reply Recommend Flag actions
Yes. Privacy advocacy groups read them as a public service to the world. They are the ones, for example, that catch it when Facebook changes their privacy policy in douchy ways.
I am certain that the words Carrier IQ are not anywhere in the AT&T branded Android phone that I have.
Posted on Nov 30, 2011 | 10:50 PM EST reply Recommend Flag actions
Its not on my Phone – Galaxy S II – besides the fact I am running MIUI. But regardless on android phones you can kill the service running for CIQ, and on some phones you don’t even have to be rooted. I don’t know what service, as I can’t disable what isn’t on my phone, but XDA has the info.
Posted on Nov 30, 2011 | 10:53 PM EST reply Recommend Flag actions
It’s my phone.
Posted on Nov 30, 2011 | 10:51 PM EST reply Recommend Flag actions
On THEIR network.
Has the “It’s my device” argument ever deterred carriers from identifying and charging for tethering? Has that ever deterred any service provider interfering in how you use their service?
Posted on Nov 30, 2011 | 10:56 PM EST reply Recommend Flag actions
Tethering is in the license agreement. Sending your private data without your permission to a third party is not. If it were, I would reconsider my purchase.
In these gray areas of what a company is allowed to do with your data the default should be “nothing”.
Posted on Nov 30, 2011 | 11:35 PM EST reply Recommend Flag actions
Why are you arguing on behalf of carriers? Who fricking like carriers? Is your dad’s last name Verizon?
Posted on Dec 01, 2011 | 12:17 AM EST reply Recommend (2) Flag actions
I can hate the carriers with the best of them. But, it bugs me when people say “I’m paying for service, I bought my phone, I will tether if I want, and you can’t do anything about it.” Followed by “:( got charged for tethering WTF?!” Plus I hate that my service is impacted by people doing things they shouldn’t be, it’s not victimless.
The carriers are evil, money hungry, soul crushing companies. But, what they are not, is stupid.
They will have plenty of legal teams that can prove you agreed to let them do it because of something you signed in the store 5 years ago, or shift the blame elsewhere until you give up and move on.
Posted on Dec 01, 2011 | 12:28 AM EST reply Recommend Flag actions
Tethering is an “issue” only in the states. Nokia E series phones could tether the hell out of any data connection. It was the original Ios that gave the carriers control and billing powers on tethering. You choose to agree with it, I don’t, but then again I am not in the USA so I don’t have to. :)
Posted on Dec 01, 2011 | 4:55 AM EST reply Recommend Flag actions
Yes, the data must go to CIQ as they are the ones providing their customers (the carriers, phone OEMs) access to the data. They show screenshots on their site!
Posted on Nov 30, 2011 | 10:33 PM EST reply Recommend Flag actions
even if this were running on an iphone, no it wouldn’t do that. Go read the blog, as chwpwn explains it well.
Posted on Dec 01, 2011 | 9:43 AM EST reply Recommend Flag actions
what are you talking about
would you like a third party to know your code to your online bank account each time you type in your password and code?
what about NFC payments, what about Google wallet, what about anything you type in your phone to buy on Amazon, Ebay, whatever
You would be ok if everyone knew this.
Ok start typing your bank account, your code and your name below my post for all to see
Posted on Nov 30, 2011 | 10:20 PM EST reply Recommend Flag actions
Did Carrier IQ even think of the privacy implications when developing their software? After seeing how worked out people got with the Apple tracking and HTC tracking (to a lesser extent), you think that they would have done some preemptive PR measures.
Personally, I hope these guys go down hard for these secretive practices.
Posted on Nov 30, 2011 | 10:20 PM EST reply Recommend Flag actions
when you say “these guys” who are you talking about? Sprint/Verizion/ATT/TMobile?
Posted on Nov 30, 2011 | 10:21 PM EST reply Recommend Flag actions
Carrier IQ mostly. As a developer, it is helpful to get certain metrics from your users to improve your products. However, it is NOT ok to do it without notification and an opt-in process.
Posted on Nov 30, 2011 | 10:24 PM EST reply Recommend (1) Flag actions
I meant worked up.
Posted on Nov 30, 2011 | 10:22 PM EST reply Recommend Flag actions
So when Carrier IQ is found on Android it’s “monitoring every single key you press on your smartphone, reading your SMS, and logging much of the personal data you transmit, too”
When Carrier IQ is found on iOS there’s “no clear word on just what is or is not being tracked or collected.”
Interesting.
Posted on Nov 30, 2011 | 10:23 PM EST reply Recommend (1) Flag actions
Give it time. They just found it, let’s see what happens after more research is done…
Posted on Nov 30, 2011 | 10:24 PM EST reply Recommend Flag actions
Harder to get access to an integrated or closed (take your pick) system. They’ll have more details soon, I’m sure
Posted on Nov 30, 2011 | 10:25 PM EST reply Recommend (3) Flag actions
This has nothing to do with open or closed systems. The code is at the kernel level.
Posted on Nov 30, 2011 | 10:29 PM EST reply Recommend Flag actions
My bad. I was under the impression that this was in between the user and the OS. I clearly need to read more.
Posted on Nov 30, 2011 | 10:53 PM EST reply Recommend Flag actions
No problem, There’s a lot of confusion about this issue. And the fanboy rants some people are making just cloud the issue more.
Posted on Dec 01, 2011 | 8:21 AM EST reply Recommend Flag actions
This is potentially a serious case of privacy violation and all you can deduce from it is iOS vs Android bias?
Intersting.
Posted on Nov 30, 2011 | 10:32 PM EST reply Recommend (1) Flag actions
Clearly its a apple product, how could a apple product do wrong. Apple would never track you, that was a ‘bug’……….
Carrier IQ will offer the same features, regardless of the phone.
Posted on Nov 30, 2011 | 10:42 PM EST reply Recommend Flag actions
And you know this how?
Posted on Nov 30, 2011 | 10:45 PM EST reply Recommend Flag actions
It’s the same software, just on a different platform. However, the same software could work differently on iOS…
Posted on Dec 01, 2011 | 3:45 AM EST reply Recommend Flag actions
Not really.
Right now there is still a lot of doubt as to what exactly it does (if anything) on iOS. What strikes me as odd were the comments made by the Carrier IQ guy stating that not only was it on Android phones but it was also on Nokia and Blackberry devices. But no mention of iOS. If it was on iOS (and actually running) why wouldn’t he have said it was on iPhones. It would have been an obvious submission if you’re going to bring up BB and Nokia.
Posted on Nov 30, 2011 | 10:47 PM EST reply Recommend (1) Flag actions
Hide yo kids, hide yo wife, and hide yo husband ‘cuz they rapin’ e’rybody out here.
Posted on Nov 30, 2011 | 10:28 PM EST reply Recommend (6) Flag actions
Class. Action. Lawsuit.
CarrierIQ better get on top of this. According to my IP Law Professor: High possibility of a felony charge.
Posted on Nov 30, 2011 | 10:32 PM EST reply Recommend (6) Flag actions
From his twitter: “If Carrier IQ/cellphone rootkit story is accurate, this is a clear, massive, felony wiretap. Not a close case.”
Felony Wiretap is a 5 year offense.
Posted on Nov 30, 2011 | 10:34 PM EST reply Recommend (1) Flag actions
Have you read that 20 page contract you signed for your phone service? I’m sure they covered it off in there, and basically they are allowed to do this.
Posted on Nov 30, 2011 | 10:41 PM EST reply Recommend (1) Flag actions
I doubt the boilerplate language in a carrier contract would provide an adequate defense to a felony charge.
Looking into it further, the only language relevant to Carrier IQ in the Sprint “terms and conditions” form available at: http://shop2.sprint.com/en/legal/legal_terms_privacy_popup.shtml
“Call Monitoring: To ensure the quality of our Services and for other lawful purposes, we may monitor or record calls between us (for example, your conversations with our customer service or sales departments).”
There is no mention of key logging or SMS recording in the boilerplate contract.
Posted on Dec 01, 2011 | 3:10 PM EST reply Recommend Flag actions
Now I need a tin-foil hat… and my BlackBerry…
Posted on Nov 30, 2011 | 10:32 PM EST reply Recommend Flag actions
carrier IQ was found on blackberries too….go sell your BB to make more tin-foil hats imo
Posted on Nov 30, 2011 | 10:34 PM EST reply Recommend (4) Flag actions
It’s also clear that this is not an Android issue. This is carriers. I have checked my wife’s Desire HD on Telus in Canada and it is clear. My Nexus One and my friend’s Nexus South are also clear. Carrier IQ has also been found on BlackBerry and Nokia devices.
Posted on Nov 30, 2011 | 10:34 PM EST reply Recommend (1) Flag actions
Dear Carrier IQ,
Pleaase, go out of business.
Sincerely,
Everyone
Posted on Nov 30, 2011 | 10:34 PM EST via mobile reply Recommend (7) Flag actions
There is a easy way to find out if your iPhone or android device has Carrier IQ installed.
Start texting all your friends, Tell them you are strapped up with the bomb and ready to get on the bus, these bastards won’t know whats going to hit them, I’ll kill them all. Call me a terrorist will they! Death to all!"
Posted on Nov 30, 2011 | 10:40 PM EST reply Recommend Flag actions
I’m fairly sure that text message would be flagged regardless of Carrier IQ.
Posted on Dec 01, 2011 | 8:22 AM EST reply Recommend Flag actions
I’m fairly sure that post WAS flagged regardless of Carrier IQ… would’nt be surprised if that dude got rolled up in his sleep last night.
Posted on Dec 01, 2011 | 11:00 AM EST reply Recommend Flag actions
Well, this is depressing.
Should be interesting to see what’s found out of this.
Posted on Nov 30, 2011 | 10:40 PM EST reply Recommend (2) Flag actions
What the **** has been going on recently. Why didn’t anyone figure this **** was on everyone’s phones two years ago. Next they’ll figure out it was in iOS 1.0 and that dumb phone OS you used too. When will this madness end?
Posted on Nov 30, 2011 | 10:45 PM EST reply Recommend Flag actions
I’m puzzled because last I checked all cell phone transmissions go through towers and satellites and under the Patriot Act you can be wiretapped without ever being notified. I think what carriers do with the information is nothing but the tip of a much bigger iceberg and i’m not talking conspiracy theories here. Scrap the Apple vs Android argument on this one because this is an issue all of us have to face.
Posted on Nov 30, 2011 | 10:46 PM EST reply Recommend Flag actions
Exactly.
The carriers already have access to everything you do on your phone. If they really WANT your data you have handed it to them on a silver platter. Encryption aside.
This only represents a change in how they get the data.
Posted on Nov 30, 2011 | 10:51 PM EST reply Recommend Flag actions
From that MacRumors thread:
Posted on Nov 30, 2011 | 10:47 PM EST reply Recommend Flag actions
Well, this topic went about as well as expected.
Topic: “There’s a file in iOS that mentioned CarrierIQ, but it’s unclear what it does, if anything”
Response “OH MY GOD APPLE KNOWS EVERYTHING YOU DO ALL THE TIME”
Posted on Nov 30, 2011 | 10:51 PM EST reply Recommend (6) Flag actions
I agree completely. References to Carrier IQ don’t mean anything except that at some point, someone was thinking about integrating it into iOS. I’ll follow where this goes but so far, this is really thin.
Considering Apple’s track record, I strongly doubt that Carrier IQ is active on iPhones. Apple aren’t saints, but they 1) know they’re under intense scrutiny as far as privacy goes, 2) have a strong corporate ego, and 3) have a ton of leverage against carriers with their sales figures.
Posted on Nov 30, 2011 | 11:32 PM EST reply Recommend Flag actions
They don’t have a strong corporate ego, they want you to think they have a strong corporate ego and social responsibility; it’s in Apple’s best interests if you don’t think of them as a bunch of dicks.
Who remembers this one – http://www.guardian.co.uk/technology/2011/apr/20/iphone-tracking-prompts-privacy-fears
Posted on Nov 30, 2011 | 11:46 PM EST reply Recommend Flag actions
Yes, I remember it. It turned out that Apple wasn’t tracking anyone, the phone kept track of the location of various cell towers and this data never left the owners possession. So what’s your point?
Posted on Dec 01, 2011 | 12:56 AM EST reply Recommend (2) Flag actions
My point is your phone was logging something you didn’t know about, someone found out about it, Apple got rid of it.
That one might have been an error, this is different as there is a bit more intent in this one, they can’t argue they left it in by mistake.
I don’t quite understand why they would install third party tools at all though?
Posted on Dec 01, 2011 | 1:13 AM EST reply Recommend Flag actions
Apple didn’t get rid of it, it still does what it does but they had to tweak a few things and clear up some issues for people too ignorant understand what it was doing.
Posted on Dec 01, 2011 | 2:50 AM EST reply Recommend Flag actions
OK, so what is the purpose of Carrier IQ? Or am I just being ignorant?
I understand the need to collect diagnostic data, that’s fine, and you can turn the collection off or on in the settings of the phone but according to the blog by the chpwn it he found logs of recorded data on his phones even though the setting was off and he had never turned it on. See http://blog.chpwn.com/post/13572216737.
Also I don’t quite understand why the amount of data recorded makes a difference, the point is they are recording data without your authorisation. Even if this is software added by the carrier I very much doubt Apple didn’t know about it.
Posted on Dec 01, 2011 | 4:26 AM EST reply Recommend Flag actions
Yeah, he also said;
which was the obnoxious thing about the HTC video. As he went through great lengths to let the phone he didn’t want to be tracked for network performance reasons, and it did anyway.
you also make it out like were even talking about the same software; he’s also said he doesn’t think the iOS version, if ever used outside of debugging, even had the ability to log keystrokes.
The way you took a sentence, and twisted it to be the exact opposite of what chpwn meant, is quite evil.
Posted on Dec 01, 2011 | 11:10 AM EST reply Recommend Flag actions
I didn’t twist it, you did.
I already acknowledged that iOS records less information when I said in my post “I don’t quite understand why the amount of data recorded makes a difference, the point is they are recording data without your authorisation”.
In the blog post by Chpwn he goes through how to enable/disable CID for each version of iOS then he says “despite those restrictions and never enabling the above checks, I do see Carrier IQ log files stored on all of the devices I tested”. That seems pretty clear to me.
I am assuming that iOS records what you do but you can opt out of sending it – read the settings screen, it asks for permission to send data to Apple, not for permission to log it.
Posted on Dec 01, 2011 | 10:24 PM EST reply Recommend Flag actions
i’m actually impressed that you only read the parts that agree with your view point. It’s incredible in a cartman way, but incredible none the less.
He said he didn’t think it was on ever, unless diagnostics mode was on ~ you didn’t get that? Or that the on off button works? Or that the iOS “version” doesn’t record keystrokes like the android one?
you got none of that? because it all works against your og post. Should i just start calling you bill o’riely?
Posted on Dec 02, 2011 | 8:18 AM EST reply Recommend Flag actions
Are you honestly telling me I don’t know how to read?
Read this again for me.
despite those restrictions and never enabling the above checks, I do see Carrier IQ log files stored on all of the devices I tested
I read the article and I understood it. Apple used Carrier IQ in a stripped back capacity for diagnostics, it’s not doing the same things it did on HTC, no-one really knows for sure what it does. The article says you can turn it off; it also says logs exist on the phones he tested even though he had never turned it on, which is the bit I quoted.
My question is why are there log files if he’s never turned diagnostics on?
I didn’t only read the parts that agree with my viewpoint, I formed a viewpoint from reading the article.
Posted on Dec 03, 2011 | 11:18 PM EST reply Recommend Flag actions
Is this a good time to yell FUCK!?
Siriously, I got my 4s a week ago. I bet my old ore wouldnt have any of this.
Posted on Nov 30, 2011 | 10:53 PM EST via mobile reply Recommend Flag actions
Pre" hahaha not ore
Posted on Nov 30, 2011 | 10:53 PM EST via mobile reply Recommend Flag actions
It doesn’t do ANYTHING unless you switch on diagnostics, the results of which you can view.
Posted on Dec 01, 2011 | 2:51 AM EST reply Recommend Flag actions
From Chpwn’s Twitter:
Posted on Nov 30, 2011 | 10:54 PM EST reply Recommend (4) Flag actions
Probably worth noting that iOS5 lets you actually view those files as well.
Posted on Nov 30, 2011 | 10:56 PM EST reply Recommend (3) Flag actions
I recall some Apple fanatic telling me that this could never happen with an iPhone because only Apple is allowed to modify the firmware and carriers cannot touch it.
Guess he was wrong.
Posted on Nov 30, 2011 | 10:58 PM EST reply Recommend Flag actions
Well, the carriers didn’t go in there THEMSELVES, but I know what you’re trying to say. The carriers have SOME amount of leverage in what Apple does with their tech. Assuming otherwise would be ignorant.
Posted on Nov 30, 2011 | 11:00 PM EST reply Recommend Flag actions
I was holding out hope that Apple was the one company that had the balls to tell Carriers NO when they asked to put this BS on their phones. Since they have a history of preventing carriers from spraying their phones with their poisonous diarrhea full of bloatware and carrier branding I was really hopeful, but after reading this i’m afraid none of us are safe from these D-bags (except Verizon customers who opt out, of course). Things like Carrier IQ make me so happy that the AT&T-Mobile deal is getting shot down. Just what we need…. larger carriers with more data.
Posted on Nov 30, 2011 | 11:00 PM EST reply Recommend Flag actions
https://twitter.com/#!/chpwn/status/142087789666770944
Seems it’s just diagnostic stuff at this point.
Posted on Nov 30, 2011 | 11:01 PM EST reply Recommend (2) Flag actions
Whew… I’m crossing my fingers over here. I really hope this Carrier IQ thing makes it further into the stream of mainstream media. I would love to see some major backlash against the carriers for this kind of behavior.
Posted on Nov 30, 2011 | 11:10 PM EST reply Recommend (1) Flag actions
Now that Apple are involved it’s almost guaranteed to be.
Posted on Nov 30, 2011 | 11:11 PM EST reply Recommend Flag actions
I think the bigger story here is Blackberry. They are supposed to be the ‘go-to’ device for enterprise. Considering the privacy issues I would expect those kinds of corporate users to be the most irritated.
Posted on Nov 30, 2011 | 11:14 PM EST reply Recommend (3) Flag actions
BlackBerry still makes phones? I thought they went the way of the dinosaur already…
Posted on Nov 30, 2011 | 11:18 PM EST reply Recommend Flag actions
Yeah I know BB sucks the big one, but the point is: They focus on security and all that stuff to make their super-secretive corporate users comfortable when they accidently kill a hooker and text for help to ditch the body.
Posted on Nov 30, 2011 | 11:20 PM EST reply Recommend Flag actions
I thought Siri was the answer to that.
oh the perks of being an executive… high class body disposal
Posted on Nov 30, 2011 | 11:21 PM EST reply Recommend (2) Flag actions
LOL yeah they have special services offered via the company I bet. On your first day they give you a key to the executive washroom and a 1800 number for hooker disposal
Posted on Nov 30, 2011 | 11:22 PM EST reply Recommend (1) Flag actions
The question is, is SBNation/Vox Media is big enough to have hooker disposal for Josh and Nilay?
Posted on Dec 01, 2011 | 12:02 PM EST reply Recommend (1) Flag actions
And since I can’t edit I just want to add that if AT&T has been reading my sexts… I am actually hoping to bang my ex GF FOR REAL when she gets home for Xmas.
Posted on Nov 30, 2011 | 11:02 PM EST reply Recommend Flag actions
“If” AT&T reads your texts? How do you think they send them, if they don’t know what they say?
Posted on Nov 30, 2011 | 11:03 PM EST reply Recommend Flag actions
Of course they COULD see them if they wanted to since, yes, they do send them, but I would assume they don’t have some guy sitting there reading them like Santa Clause and a Christmas list. No one really knows where the Carrier IQ data is being utilized at the moment. Especially the text messages, Google searches, etc.
Obviously I was sort of joking… did I need a /s for that one?
Posted on Nov 30, 2011 | 11:09 PM EST reply Recommend Flag actions
I like how you’d rather believe there is a Santa Claus reading Christmas lists instead of AT&T employees reading users texts.
Posted on Nov 30, 2011 | 11:25 PM EST reply Recommend (1) Flag actions
They read them to proof read them and prevent drunk-texting your ex
Posted on Nov 30, 2011 | 11:28 PM EST reply Recommend Flag actions
class action lawsuit?
Posted on Nov 30, 2011 | 11:10 PM EST reply Recommend (1) Flag actions
I do think this Carrier IQ drama is being blown out of proportion by some paranoid people. Has there been any evidence of the service transmitting personal data back to the carrier? I know we’ve seen debugging output, but that’s just typical debug statements when the phone is put into debug mode to help developers diagnose issues on the phone. Until it is proven that personal data IS BEING TRANSMITTED back to the carrier I think we need to step back and wait for the full story to develop instead of trying to file “internet” lawsuits or storm their corporate building.
Posted on Nov 30, 2011 | 11:15 PM EST reply Recommend (1) Flag actions
There’s an easy solution to all of this.
We put Scott Forstall, Mike Lazaridis and Andy Rubin on “New Thing” and give them 15 seconds to explain themselves.
Posted on Nov 30, 2011 | 11:18 PM EST reply Recommend (1) Flag actions
Seconded. I wonder what they would say? Hmmm
Mike Lazaridis: “That’s just not fair. It’s because we’re so successful”
Scott Forstall: “We do not collect any non Korean information”
Andy Rubin: “We have no idea what those clowns put on their phones”
Posted on Nov 30, 2011 | 11:27 PM EST reply Recommend (4) Flag actions
Steven Elop: “PLEASE BUY OUR PHONES!”
Posted on Dec 01, 2011 | 12:01 AM EST reply Recommend (1) Flag actions
Uhh yeah…. that’s what it’s for. Hence the name “Carrier IQ” It collects data for carriers. Where do you think it all goes? Into the abyss?
Posted on Nov 30, 2011 | 11:18 PM EST reply Recommend Flag actions
There’s a difference between snooping your data and sending it back to the carrier and analyzing usage patterns, collecting crash reports, capturing phone metrics, measuring phone performance and sending clean diagnostic data back to the carrier to help them optimize their network or track down potential problems.
Posted on Nov 30, 2011 | 11:35 PM EST reply Recommend (1) Flag actions
So CarrierIQ tells our carrier what we are texting… and what dumpers we are dialing… and what URLs we are typing over 3g…..
THE CARRIERS ARE SUPPOSED TO KNOW THIS
Posted on Nov 30, 2011 | 11:15 PM EST reply Recommend Flag actions
Not over 3G… over WiFi as well… with Airplane mode on.
Posted on Nov 30, 2011 | 11:17 PM EST reply Recommend Flag actions
http://www.youtube.com/watch?v=T17XQI_AYNo
Posted on Nov 30, 2011 | 11:17 PM EST reply Recommend Flag actions
Glad I’m not the only one seeing the obvious.
Posted on Nov 30, 2011 | 11:17 PM EST reply Recommend Flag actions
Why does the keylogging and data mining also occur when on a wifi network and not connected to any cellular network?
Posted on Nov 30, 2011 | 11:21 PM EST reply Recommend Flag actions
If you aren’t using your SIM card where does it send the data, if not the carrier?
Posted on Nov 30, 2011 | 11:22 PM EST reply Recommend Flag actions
Logging keystrokes IS NOT THE SAME THING as encrypted data.
Keystrokes in that log file are unencrypted.
Posted on Nov 30, 2011 | 11:23 PM EST reply Recommend Flag actions
Everything I can find says “Might” log keystrokes, yet to see proof of actual keystrokes being transmitted or saved. There is evidence the program is capable, but every keyboard app is capable of logging keystrokes .. doesn’t mean they do
Posted on Nov 30, 2011 | 11:26 PM EST reply Recommend Flag actions
http://www.youtube.com/watch?v=T17XQI_AYNo
skip to 8:40
Posted on Nov 30, 2011 | 11:29 PM EST reply Recommend Flag actions
I don’t use a combo of vol keys and home keys in my password or PINs. Am I safe?
Posted on Nov 30, 2011 | 11:31 PM EST reply Recommend Flag actions
or the dialer
Posted on Nov 30, 2011 | 11:32 PM EST reply Recommend Flag actions
it checks the on screen keyboard too
Posted on Nov 30, 2011 | 11:34 PM EST reply Recommend Flag actions
The video jumped to a SMS after the dialer. I didn’t see on screen keyboard. I didn’t watch the first part of the movie either. Is that window he has open a log file, or just “current” activity?
I see your point, the capability is scary, but still any malware could track your keyboard use for passwords, and even the apple app store has had malware uploaded and downloaded to uses without being caught immediately.
I’m still waiting for proof this data goes anywhere, to CarrierIQ or the carrier at all.
Posted on Nov 30, 2011 | 11:38 PM EST reply Recommend Flag actions
quarlow is deliberately trolling but I’ll provide an answer as to what the real issue is with all of this carrieriq stuff. the real problem is that no non-os application should have that level of access to the system. it’s a major flaw in google’s design; hard to overcome since the kernel by nature is open source so of course carriers can modify it to add in hooks completely bypasses the security design in the layers above and that makes it yet another attack vector.
the fact remains that carriers are not trustworthy; if they have the means to collect data, they are and more likely than not, they’re using it. I don’t think this is part of any “big brother” scheme either. it would not surprise me if carriers are selling that plus location info to doubleclick and similar targeted ad agencies.
also, commenting on a video you’ve admittedly not watched in full is poor form and blatant trolling.
Posted on Nov 30, 2011 | 11:57 PM EST reply Recommend Flag actions
You keep using that word – I don’t think it means what you think it means.
I went back and re-watched the whole video, as the commented suggested I skipped to 8:40 before. tl;dw
That is not a saved file on the phone, an active debugging log. Maybe the app that calls the services saves this information in a file somewhere, but there is no proof of that.
There is no on-screen “keyboard” logging. When he says it’s “possible” to capture your username and password that would only be if it appeared the address bar. I’ve never seen that myself, even without “s” sites. Username maybe, password never. Again no evidence this data is retained anywhere, only that something noticed it.
Posted on Dec 01, 2011 | 12:23 AM EST reply Recommend Flag actions
Your point seems to be that until someone proves to you that the data that is being collected is used maliciously, you are not going to worry about.
I find this to be a curious worldview.
On a side note, I have a bridge to sell you. It has never been proven to be structurally unsound.
Posted on Dec 01, 2011 | 12:30 AM EST reply Recommend Flag actions
My point is that the sky isn’t falling.
The poster on the video shows this on a device that is a year old, so this isn’t new.
Is this a media thing, to sell advertising? If this was a real issue why didn’t the sky fall months ago?
Posted on Dec 01, 2011 | 12:33 AM EST reply Recommend Flag actions
you’re either being deliberately naive or trolling again…regardless, the issue isn’t some Orwellian catastrophe as I’ve already pointed out.
information like that is worth money. it won’t just be discarded into a “debug log,” especially by what essentially is a startup company.
on a sidenote, these findings have only happened in the past few weeks. but if you want some doom & gloom, now it’s another information source law enforcement will subpoena or search on the phone itself without warrant. we really need laws to catch up with technology.
Posted on Dec 01, 2011 | 12:40 AM EST reply Recommend Flag actions
No one is saying the sky is falling. However, your argument that if this was a real issue something would have happened months ago is not compelling.
What is occurring right now (discovery and investigation by a third party) is exactly what needs to happen to discover whether this is an issue or not. If this was to have been discovered months ago then this exact same process would have transpired. Would you have then said, “If this was a real issue why didn’t the sky fall months ago” then, too?
Posted on Dec 01, 2011 | 12:42 AM EST reply Recommend Flag actions
sorry, wrong. the fact something even “noticed” it means it’s being sent somewhere.
Posted on Dec 01, 2011 | 12:35 AM EST reply Recommend Flag actions
The video doesn’t show the “system” recognizing the keystrokes, only the malware. How does the system respond to keypresses if it doesn’t know it happened?
Posted on Dec 01, 2011 | 12:38 AM EST reply Recommend Flag actions
Brainwave … maybe we don’t have 100% of the facts. Wait … that sounds vaguely like the point I have been trying to make for a while.
Posted on Dec 01, 2011 | 12:44 AM EST reply Recommend Flag actions
this isn’t malware at all. the carrier explicitly modified the kernel to make that information freely available to their app. that’s what is the most “frightening” thing about all of this. carrieriq has no control over writing the kernels. only the carriers and device manufacturers. so someone consciously put the hooks in. essentially, carrieriq is a full input logger that is implemented with explicit consent of the carriers and/or handset manufacturers. that’s kind of a big deal whether or not you think your brilliant assessment of lacking “100% of the facts” is relevant or not.
Posted on Dec 01, 2011 | 12:48 AM EST reply Recommend Flag actions
The brilliance of google’s design is that the kernel is open source and we can see what is going on and take appropriate action, up to and including installing alternate firmware, unlike the other platforms where everything is hidden.
I can’t believe that you think that is a flaw. In fact if it wasn’t for the fact that android is open source, we may never have found out about Carrier IQ.
Posted on Dec 01, 2011 | 1:06 AM EST reply Recommend (1) Flag actions
http://www.youtube.com/watch?v=T17XQI_AYNo
skip to 8:40
Posted on Nov 30, 2011 | 11:27 PM EST reply Recommend (1) Flag actions
Simple enough…don’t buy their handsets…
Posted on Nov 30, 2011 | 11:38 PM EST reply Recommend Flag actions
At this stage it’s more like “Don’t buy any handset”…
Posted on Nov 30, 2011 | 11:42 PM EST reply Recommend (1) Flag actions
Vote with your wallets.
Also the best response to Occupy movement. I love seeing those protestors with their iPhones in one hand and Starbucks coffee in the other.
Posted on Nov 30, 2011 | 11:42 PM EST reply Recommend Flag actions
It looks like it also applies to the iPad and Touch
Posted on Nov 30, 2011 | 11:45 PM EST reply Recommend Flag actions
I wonder if they do anything there. Could just be a biproduct of shared code to me, unless it’s just diagnostic stuff.
Posted on Nov 30, 2011 | 11:48 PM EST reply Recommend Flag actions
If you have an iPhone 4S you can tell Siri to disable it for you.
Posted on Nov 30, 2011 | 11:47 PM EST reply Recommend (1) Flag actions
As long as the carrierIQ app is on your iPhone how can you be sure what it does??? Just DUMP the iSPY iPhone and get the ONLY phone that does NOT even have the carrierIQ app in it. Google’s Galaxy Nexus or any of the other Google Nexus phone. And unlike the iCRAP where you have no choice to install a ROM, CM7/CM9 puts a pure Android ROM on Android phones and carrierIQ disappears. But every iPhone will always have carrierIQ spyware/trackware in it.
Posted on Dec 01, 2011 | 7:48 AM EST reply Recommend Flag actions
chpwn just did a post up: http://blog.chpwn.com/post/13572216737
TL;DR:
- It’s there
- It’s not on unless you’re in diagnostics mode, which iOS devices don’t appear to be by default.
- It doesn’t have nearly the access the HTC devices did, so no keylogging or anything ridiculous like that
- There’s /so far/ no evidence that anything is actually sent off anywhere
- Carriers suck for demanding this sort of crap
Posted on Dec 01, 2011 | 12:07 AM EST reply Recommend (2) Flag actions
I’m not sure what it is about HTC, but they sure like to log information. They ‘fixed’ a bug not related to this not too long ago that also involved logging information that it shouldn’t have.
Also, we should not rule out that the carrier could turn this ‘feature’ on or off at their discretion.
Posted on Dec 01, 2011 | 12:11 AM EST reply Recommend Flag actions
I’m just glad to hear that it doesn’t have keylogger-level access like the HTC devices did. Mainly so I can continue to take the moral high ground in the issue.
Posted on Dec 01, 2011 | 12:14 AM EST reply Recommend Flag actions
I think it’s too early to definitively know what it does or what it sends back or if it wakes up or whatever else. iOS is a closed platform so you’re sort of limited in what you can do from a system debugging perspective. I’m sure people with a lot more technical knowledge on the inner workings of the iPhone will eventually get to the bottom of this and issue a definitive analysis of what it does.
Posted on Dec 01, 2011 | 12:27 AM EST reply Recommend Flag actions
It’s one thing to say Apple don’t use it for as much stuff as HTC, or that it only works when you turn it on or whatever… but ask yourself why it is there at all?
If there is any Carrier IQ code in the kernel of iOS then Apple let it in there.
Posted on Dec 01, 2011 | 12:29 AM EST reply Recommend Flag actions
That’s a good point. The CarrierIQ code is part of iOS and developed by Apple in probable partnership with the carriers. We also need to be looking at HTC and Samsung for their role in placing CarrierIQ on Android. You can blame the carrier if you want, but I bet HTC and Samsung have their fingerprints all over this. In fact, if you look the HTC Android debug statements you can see CarrierIQ package names with HTC in them so this tells me HTC actually did the coding.
Posted on Dec 01, 2011 | 12:35 AM EST reply Recommend Flag actions
The carriers probably demand it.
This is what we get to put up with until the dream of an Apple wifi-powered phone carrier are realized.
Posted on Dec 01, 2011 | 12:36 AM EST reply Recommend Flag actions
Or until you just switch to a Nexus phone or install a custom rom.
Posted on Dec 01, 2011 | 1:08 AM EST reply Recommend Flag actions
Why is there a diagnostics setting that will send back bug reports and usage information to Apple? I would have thought that would be obvious, to fix problems.
I can completely see as a developer why I would want something like CarrierIQ in devices that I sent out. It would make my task fixing problems far easier, because I’d have a far better chance of reproducing exactly what the user did to produce them. However that doesn’t mean that there is a blank cheque.
Diagnostics should be limited to anonymous information. The developer doesn’t get to know the contents of my SMS, or what numbers I called for example. And the developer doesn’t get to turn on tracking by default. And the developer absolutely doesn’t get to make diagnostics something that can’t be disabled.
If chpwn is correct and this is an opt-in service on iOS with far more limited data access, then that’s fine – though I would like Apple to confirm that in a press release.
Posted on Dec 01, 2011 | 7:27 AM EST reply Recommend Flag actions
It is – when you first set up iOS 5.0 it explicitly asks you “Do you want to send diagnostic reports to Apple”. You can even view the contents of those logs within settings → about → diagnostics
Posted on Dec 01, 2011 | 7:29 AM EST reply Recommend Flag actions
I know, and I actually choose to enable diagnostics – because I’m a developer and I appreciate how useful it is to improving the service. However, we’re entering what is sure to be a PR sh*t-storm. If Apple’s diagnostic system wasn’t using CarrierIQ they would be fine, but they are – so rightly or wrongly they are going to get caught up in mess.
The best thing for them to do right now is issue a press release explaining exactly how they use CarrierIQ, explaining exactly how to turn it off, exactly what data it logs, etc. Not only will that allay any fears among Apple users but it will help put pressure on other OEMs to release the same data – which is good for everybody.
Posted on Dec 01, 2011 | 7:39 AM EST reply Recommend Flag actions
Just DUMP the iSPY iPhone and get the ONLY phone that doesn’t even have any traces of the carrierIQ app in it. Galaxy Nexus (or any of the other Google Nexus phones). Apple is EVIL for including that app in their phones.
Posted on Dec 01, 2011 | 7:43 AM EST reply Recommend Flag actions
Erm, I don’t remember seeing you post that HTC was evil for including it, and on HTC we know for sure it can’t be disabled and we know for sure it logs keypresses.
Posted on Dec 01, 2011 | 8:10 AM EST reply Recommend Flag actions
Has Sprint been the only carrier identified that’s doing this?
Posted on Dec 01, 2011 | 12:07 AM EST reply Recommend Flag actions
“It also noted that as of 2008, Carrier IQ was “working with seven of the top ten major OEMs, as well as Verizon Wireless, AT&T, and Sprint.”
Source http://www.geek.com/articles/mobile/how-much-of-your-phone-is-yours-20111115/
No mention of T-mobile but Carrier IQ has been found on their phones.
Posted on Dec 01, 2011 | 4:59 AM EST reply Recommend Flag actions
The story was never that Carrier IQ was on Android. But that because Android is open source, everyone can see what’s going on.
So now the customer has to decide if they want to buy an Android and remove Carrier IQ by rooting,
or do you buy an iphone and wait for Steve Jobs to send an email to a random customer denying that spyware exists?
Posted on Dec 01, 2011 | 12:59 AM EST reply Recommend Flag actions
And on top of that, Galaxy Nexus doesn’t have carrierIQ. If there was a reason to DUMP the iPhone and get the Galaxy nexus, this is it.
Posted on Dec 01, 2011 | 7:41 AM EST reply Recommend Flag actions
Where’s that government regulation when you need it? Heads should roll for this.
Posted on Dec 01, 2011 | 2:00 AM EST reply Recommend Flag actions
It’s probably NSA or some other three letter agency who’s responsible for this.
Posted on Dec 01, 2011 | 2:13 AM EST reply Recommend Flag actions
I personally couldn’t care less. Yea, I’m from Austria (Europe), does it even affect me? And if so:
Carriers need to know where their signal sucks. Hence the location data. They need to know if it’s only their network sucking, hence the number because of the carrier. They need to know, when it happened, due to a possible overload of the network. It was never a problem, we all were happy with our signals getting better and better over the years (remember signals 5-10 years ago?). What now? Damn.
Posted on Dec 01, 2011 | 6:21 AM EST reply Recommend Flag actions
At least you are asked if you want to send any debugging data on iOS and opt out later. Isn’t android about choice?
Posted on Dec 01, 2011 | 7:14 AM EST reply Recommend Flag actions
NONE of the Google Nexus line even has carrierIQ app in it. But every iPhone does.
There were a thousand reasons to dump the iPhone before all this for the Galaxy Nexus. Now there are a thousand more. DUMP your iSPY devices and get the only phones that don’t do evil. GALAXY NEXUS.
Posted on Dec 01, 2011 | 7:39 AM EST reply Recommend Flag actions
BIGGEST reason yet to DUMP the iPhone and get the Galaxy Nexus. Every iPhone out there has the carrierIQ app in it, while NONE of the Google Nexus line does. There were a thousand reasons before to get the Galaxy Nexus over the iPhone spyware/trackware device. Now there are a thousand more reasons to DUMP the iSpy and get the Galaxy Nexus..
Posted on Dec 01, 2011 | 7:35 AM EST reply Recommend Flag actions
That’s a pretty dumb argument to make and doesn’t help the issue. Carrier IQ’s customers are the carriers, not Apple, Google, Samsung, HTC, RIM, Nokia or anyone else. The OEM’s are complicit if they are putting the software on at the behest of the carrier, but the data is for the carrier’s benefit.
Posted on Dec 01, 2011 | 8:28 AM EST reply Recommend Flag actions
OK, let me see if I get this straight: Majority of Android-phones have this “feature”, and they report EVERYTHING you do to CarrierIQ, unless you take special steps to disable it (rooting etc.). iPhone also had this “feature”, but it collects a lot less data, and it’s disabled by default. The user needs to explicitly turn on this feature in order for anything to be transmitted anywhere.
Now, according to you, that is a reason to dump iPhone, and move to Android instead? Seriously, is this the bizarro-world? On iOS this feature is disabled, unless the user explicitly enables it. When explicitly enabled by the user, it collects and sends a lot less data than it does on Android. And on Android it’s enabled by default, unless user takes special steps to disable it? And Apple is apparently the bad guy here?
Seriously, the logic of the anti-Apple-crowd is getting stranged by the minute…
Posted on Dec 01, 2011 | 8:31 AM EST reply Recommend (5) Flag actions
And looking at your other comments: “iSpy”? “iCrap”? “Apple is evil”? Really? I thought the Apple-fanboys were the ones who were fanatics?
Posted on Dec 01, 2011 | 9:16 AM EST reply Recommend Flag actions
Apart from the fact that the OS on those devices only exists to collect user dato for Google, you mean?
Posted on Dec 01, 2011 | 10:41 AM EST reply Recommend Flag actions
Okay, so far Engadget hasn’t even mentioned this story at all. Which is jarring, considering that half of all of their posts involve Android in some way or other. Now lets see how they blow this up into a mega story about the security failings of iOS, even though this story has already been updated and essentially invalidated.
Posted on Dec 01, 2011 | 10:15 AM EST reply Recommend Flag actions
I just looked at this on my phone and, as the article suggests, Diagnostics and useage is off by default.
What I did notice is actuually list the data it wants to send:
1. I did an OTA update to 5.01 on 10th November without any issues
2. I had an out of memory problem caused by Facebook (no why does that not surprsie me?) on 20th Nov.
Nothing odd there.
Posted on Dec 01, 2011 | 10:40 AM EST reply Recommend Flag actions
I smell congressional investigation and several class action lawsuits against Carrier IQ, OEMS and especially against the carriers that made the OEMs put Carrier IQ into the phones. This seems like illegal spying/surveillance to me, regardless of what they are using the data for. So now if you want a clean phone you have to root it and put a custom ROM in it that doesn’t include a kernel that has been tampered with?
Everyone should start contacting their congressman and their carrier to ensure that Carrier IQ or any similar software is not installed on their phone without their express permission and that users have the option to opt out and uninstall it.
Do we have any enterprising DA’s out there looking to make a name for themselves?
Posted on Dec 01, 2011 | 10:45 AM EST reply Recommend Flag actions
I’m glad you can just turn this off on iphone.
Posted on Dec 01, 2011 | 2:55 PM EST reply Recommend Flag actions
"We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so."
Posted on Dec 01, 2011 | 3:41 PM EST reply Recommend Flag actions
Something to say? Choose one of these options to log in.