To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5.
We were able to independently verify that at the very least, references to Carrier IQ's servers do exist within iPhoneOS 3.1.3 in a file located at /usr/bin/IQAgent. What exactly that binary is able to access or how it may communicate with either carriers or Carrier IQ is not yet known, though there are references to an IQAgent log on the device as well as references to collector.sky.carrieriq.com.
For versions 4.0 and 5.0, Intell on MacRumors' forums has found similar references to the http://collector.sky.carrieriq.com location within /usr/bin/awd_ice2, although we have not independently verified that yet. Again, no clear word on just what is or is not being tracked or collected.
The story is developing, with chpwn promising a post providing as many details as he's been able to uncover thus far, including the possibility that the code wasn't enabled by default in iOS. We should emphasize that all we can say for sure at the moment is that iOS definitely contained references to Carrier IQ — but given how the story has progressed thus far, we expect there will be more to report on soon.
Update: chpwn notes that initial research indicated that Carrier IQ's software may only be active when the iPhone is in diagnostic mode. In a blog post, chpwn confirms that, based on his initial testing, Apple has added some form of Carrier IQ software to all versions of iOS, including iOS 5. However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default. Finally, the local logs on iOS seem to store much less information than what has been seen on Android, limited to some call activity and location (if enabled), but not any text from the web browser, SMS, or anywhere else. We'll let you know when more details arise.