Forgot your password?
typodupeerror
Cellphones IOS Privacy Android Iphone

Carrier IQ Software May Be in iOS, Too 234

Posted by timothy
from the y'know-to-be-fair dept.
New submitter Howard Beale writes with this excerpt from The Verge: "To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5." The details are still emerging; however, iPhone users will be happy to hear that while it's reported that the software is available to the OS, "the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default."
This discussion has been archived. No new comments can be posted.

Carrier IQ Software May Be in iOS, Too

Comments Filter:
  • by alen (225700) on Thursday December 01, 2011 @10:39AM (#38225734)

    everything it collects is viewable to the user and you can turn it off in settings > general > about > diagnostics & usage

  • by Bill_the_Engineer (772575) on Thursday December 01, 2011 @10:49AM (#38225818)

    That's better than my HTC phone which allows you to do the following in settings > About Phone > Tell HTC > Network preference > "When data connection is available" or "When Wi-Fi or cable connection is available".

    I can turn off "Tell HTC" but apparently that is only for error reports relating to HTC Sense.

    No other options for turning off network diagnostics are available.

  • by Anonymous Coward on Thursday December 01, 2011 @10:53AM (#38225846)

    Here's my "diagnostic log" or at least one of them:

    deviceId: "aac0e3b1805c47f85e759c5d............"
    isAnonymous: true
    deviceConfigId: 101
    triggerTime: 1320879763561
    triggerId: 72014
    profileId: 1012
    investigationId: 0
    bluetoothServiceDisconnectionResult {
    timestamp: 1320879561
    deviceOUI: "\00\066="
    service: 8
    result: 104981
    }

    seems a bit less intrusive than the one demoed yesterday.

  • by Anonymous Coward on Thursday December 01, 2011 @10:57AM (#38225902)

    I used to work in the EU for a US phone manufacturer (starts with an 'M'), and mid-2009, integrating CIQ became a mandatory requirement for products that were to be bought by AT&T. This was the first time a carrier asked for this, and at the time, the requested info came mainly from the modem side (signal levels, dropped calls stats, network conditions and so on). Carriers use CIQ-logged info to monitor the health of their network and spot potential problem areas. I would say that this is more of a carrier-thing, and not specific to one handset or another.

    I don't know if the list of required info kept growing or who asked for application-side info like Google searches and text messages' content, though...

    (Posting anon because I don't know what laws/contracts I am potentially breaking...)

  • Re:Reassuring? (Score:5, Informative)

    by rayd75 (258138) on Thursday December 01, 2011 @11:03AM (#38225952)

    I've found it useful as an example for people who don't understand why we need free/open software. ...

    You might want to re-think that after reading the article, including its updates. Ironically, the (closed, walled garden) Apple version appears to send only diagnostic data that could be conceivably used for legitimate troubleshooting of dropped calls and the like whereas the (free, open) Android version is more akin to a rootkit, complete with backdoor and key logger.

  • Re:Reassuring? (Score:4, Informative)

    by RyuuzakiTetsuya (195424) <taiki@cWELTYox.net minus author> on Thursday December 01, 2011 @11:12AM (#38226048)

    When you activate an iOS device, it prompts you if you want to send this data. Further more, if you go into the device settings, and look at the diagnostics, it shows you all the files it's storing and what exactly it's reporting.

    Granted, it could be doing something else behind the scenes, but this is more than what you're getting with the Android Carrier IQ(As someone pointed out on The Talk Show, a great oxymoron) installs.

  • by ugen (93902) on Thursday December 01, 2011 @11:14AM (#38226066)

    Not on iOS 4.3.3 - there is no such option here. So I can't turn off this "mis-feature" on my iPhone.

    It seems Apple added it in iOS 5, and did so only after the public became somewhat aware of their diagnostic collection practices, as a measure of damage control perhaps?

  • by CharlyFoxtrot (1607527) on Thursday December 01, 2011 @11:23AM (#38226186)

    seems a bit less intrusive than the one demoed yesterday.

    Seems so : [chpwn.com]

    "Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely."

  • by Fahrvergnuugen (700293) on Thursday December 01, 2011 @11:35AM (#38226302) Homepage
    Anyone who wanted to know what is collected and sent only had to click the "About Diagnostics & Privacy" link in iOS directly under neath the switch you have to hit to turn it on:

    Apple would like your help to improve the quality and performance of its products and services. Your device can automatically collect diagnostic and usage information and send it to Apple for analysis — but only with your explicit consent.

    Diagnostic and usage information may include details about hardware and operating system specifications, performance statistics, and data about how you use your device and applications. None of the collected information identifies you personally. Personal data is either not logged at all or is removed from any reports before they’re sent to Apple. You can review the information by going to Settings, tapping General, tapping About and looking under Diagnostics & Usage.

    If you have consented to provide Apple with this information, and you have Location Services turned on, the location of your device may also be sent to help Apple analyze wireless or cellular performance issues (for example, the strength or weakness of a cellular signal in a particular location). This diagnostic location data may include the location of your device once per day, or the location where a call ends. You may choose to turn off Location Services for Diagnostics at any time. To do so, open Settings, tap Location Services, tap System Services and turn off the Diagnostics switch.

    You may also choose to turn off Diagnostics altogether. To do so, open Settings, tap General, tap About and choose “Don’t Send” under Diagnostics & Usage.

    To help Apple’s partners and third-party developers improve their apps, products and services designed for use with Apple products, Apple may provide such partners or developers with a subset of diagnostic information that is relevant to that partner’s or developer’s app, product or service, as long as the diagnostic information is aggregated or in a form that does not personally identify you.

    For more information, see Apple’s Privacy Policy at www.apple.com/privacy

  • by Anonymous Coward on Thursday December 01, 2011 @12:03PM (#38226638)

    We can't buy carrier independent handsets because all of our cellphone networks are incompatible. Sprint phones sometimes work on Verizon, Verizon phones never work on Sprint, neither of them work on GSM, and AT&T and TMobile, the two GSM carriers, have incompatible 3G networks. Don't get me started on "4G" and the half-dozen different things it's been redefined into meaning.

    Also, for every carrier except TMo, the monthly price is just as high when you bring your own phone as it is when you take the carrier subsidy.

    So, since buying your own phone doesn't make it portable across networks, and costs more money up front and the same amount per month, there's no point. That's why everyone takes the carrier phone and contract; it's not because we're all stupid, it's because it's the most cost effective solution in a shitty market.

  • by Bill_the_Engineer (772575) on Thursday December 01, 2011 @12:39PM (#38227074)

    Um, please define "special neat trick". If you think there "isn't much of a real difference for people with the initiative" then you obviously haven't participated in the Android custom ROM community. iPhone has nothing like it, and the reason for that is that Android is open-source.

    I own an Android phone. I actually been using CyangenMod for years now. I admit I don't use CyangenMod on my newest Android phone since I haven't had a compelling reason to continue to waste my valuable time playing on my phone. I do still have my unlocked and rooted old phone. So short answer is yes I have participated in the Android custom ROM community and for a very long time at that. A clue may have been that I knew the steps involved in my previous comment.

    BTW, my iPhone friends say that there is a thriving jail break community on the iPhone and supposedly you can do things on a jail broken phone that can't be done on a locked iPhone. One being installing GPL licensed software as binaries from a third party software provider. I remember seeing him use his jail broken phone as a WiFi hotspot before it was sanctioned on both iOS and Android.

    Honestly you could Google the iPhone jail break community and know about as much as I do, since I don't know much myself.

    Can you tell me with any certainty that Option 1 absolutely prevents any such data from being sent to the carriers or CarrierIQ?

    I'd say yes. Only because the iPhone is the most scrutinized (and vilified) device on the web and it hasn't been discovered so far. Also if you RTFA you'd see that the author reported that it's off by default.

    And you forgot Option 3, which is to vote with your wallet and buy a Nexus device, which doesn't have Carrier IQ, which Google releases the source code for (including all binary drivers where source isn't available) as soon as, or (with 4.0) before the device launches, and is the most open, hacker friendly mass-market consumer mobile device in the US today.

    Option 3 wasn't really that appealing of an option. I had the opportunity to by a Google phone when I upgraded. Google dropped the ball and couldn't decide if they would really support it. I really don't know if I could depend on Google to support their current Nexus phone for long. My reasoning being that if I had to pay full unsubsidized price for a phone then the manufacturer could at least humor me and pretend that they would support the phone. Maybe Google learned their lesson which may explain why they are purchasing Motorola so someone who knows what they are doing could make and support their phones.

  • by Reverand Dave (1959652) on Thursday December 01, 2011 @12:54PM (#38227260)
    That's what I was thinking. When this came out yesterday about HTC and RIM people went nuts on this forum about privacy, but when it comes out that Apple is doing it too, well it couldn't possibly be the benevolent apple overlords are doing something inappropriate. Hell, they are going to start touting it as a feature pretty soon.
  • by Kazymyr (190114) on Thursday December 01, 2011 @01:34PM (#38227916) Journal

    Speaking of Motorola, so far I haven't heard of one single phone from them that has CIQ on it. My Motorola XPRT certainly doesn't have it (I used Trevor's tools to check) nor does the Verizon equivalent (Droid Pro). More power to them.

  • by Relayman (1068986) on Thursday December 01, 2011 @02:05PM (#38228614)
    I have D&U turned on on my iPhone 4S. Why? Because I'm a geek and if I can help out some other geeks at Verizon or Apple, so be it. But, guess what? I can see what's transmitted, no rooting required. Here's a typical entry:

    deviceid: "xxx"
    isAnonymous: true
    deviceConfigid: 101
    triggerTime: 1322150199352
    triggerId: 655363
    profileId: 10109
    investigationId: 0
    locationaUpdateSession {
    timestamp: 1322150199351
    timestampEnd: 1322150199351
    desiredAccuracy: 1000
    cellAvailable: true
    wifiAvailable: true
    passcodeLocked: false
    airplaneMode: false
    ttff: 0
    ttffGps: -1
    bundleid: "com.apple.weather"
    achievedAccuracy: 99
    }

    Enjoy your paranoia! I refuse to participate.
  • by chrb (1083577) on Thursday December 01, 2011 @02:07PM (#38228662)

    There is a big difference: Google does not provide this software as part of their Android distribution, and Google has not installed it on any of the Nexus phones that they sell. For Android, Carrier IQ is third party software that has been installed by some carriers. That makes the carriers responsible, not Google. It is not even clear that Google knew what third-party software carriers ship on their phones. The carriers have no legal responsibility to impart this information to Google, just like if you sell a pre-installed Ubuntu system you don't have to contact Ubuntu and let them know what you installed.

    In contrast, Apple appears to have shipped this software as part of iOS, and secretly installed it on millions of iPhones without telling anyone. For a long time Apple fanboys have argued that because Apple is in control of the iPhone, and not the carriers, then it is impossible for this kind of crap to happen. It seems the impossible just became reality.

    It's worth noting that whilst Carrier IQ is running for all iOS versions, uploading the logs appears to be turned off by default on iOS3/4, but it is not known how or when it gets turned on. On iOS 5, Carrier IQ log uploads are controlled by the “Submit Logs to Apple” option on iOS setup. Most users would probably trust Apple with their logs, right? So most iOS 5 users probably have Carrier IQ uploading their logs right now.

Computers will not be perfected until they can compute how much more than the estimate the job will cost.

Working...