Forgot your password?
typodupeerror
Cellphones IOS Privacy Android Iphone

Carrier IQ Software May Be in iOS, Too 234

Posted by timothy
from the y'know-to-be-fair dept.
New submitter Howard Beale writes with this excerpt from The Verge: "To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5." The details are still emerging; however, iPhone users will be happy to hear that while it's reported that the software is available to the OS, "the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default."
This discussion has been archived. No new comments can be posted.

Carrier IQ Software May Be in iOS, Too

Comments Filter:
  • Handset Or Carrier? (Score:2, Interesting)

    by Anonymous Coward on Thursday December 01, 2011 @10:40AM (#38225736)

    Is this software specific to various handsets or is it specific to the carrier?

    So far it has seemed to me that this guy is using Sprint and thier phones seem to have it. But, people on AT&T are reporting that their phones do not have it.

    Does anyone know for sure?

  • by broken_chaos (1188549) on Thursday December 01, 2011 @10:47AM (#38225792)

    Does that mean that Apple is complicit in installing Carrier IQ?

    Yes. It was potentially something they were told to do by carriers, but Apple has had a habit of telling anyone that went against their worldview to fuck off, so I imagine it at least doesn't conflict with their intents.

  • Reassuring? (Score:5, Interesting)

    by jc42 (318812) on Thursday December 01, 2011 @10:49AM (#38225814) Homepage Journal

    "the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default."

    This is supposed to be reassuring? How many people will ever read about this? And how long until it's turned on by default? Or perhaps turned on by a remote message.

    I've found it useful as an example for people who don't understand why we need free/open software. This story simply means that if you use your phone to access anything that is protected by a password (or PIN or whatever), that little hidden bit of software is making a copy of your login, password, account numbers, etc., and sending it off to some site that you know nothing about. Whoever has that information can then get into your account and do as they like with it. I've seen a lot of worried looks, and I know a number of people who have held off on the idea of using their phone to access their bank accounts as a result of this information.

    I try to get the idea across that, as long as there's any software that's not freely available to us software geeks ("hackers" to the media), so that we can study it and expose such little nasties, nobody's information or accounts or identities can be considered safe. This sort of software can and does send all your private information to some unknown strangers.

  • Not only is it off by default, apparently it's only allowed to access information at a layer that doesn't give away the farm. It's not recording your keypresses, the sites you visit (which apparently the HTC version does even if you're on WiFi) or anything else that's possibly a significant security risk. Supposedly, it really does act just as it's claimed to in the press releases.

    (I'm aware that I use 'apparently' and 'supposedly'; I have no concrete info that I've tested myself, this is just what I've read today.)

  • Android (Score:5, Interesting)

    by Spad (470073) <slashdot@NOSpam.spad.co.uk> on Thursday December 01, 2011 @10:56AM (#38225884) Homepage

    Interestingly, it looks like the "pure" Android phones (i.e the Nexus line) don't ship with CarrierIQ [theverge.com]

  • Re:Reassuring? (Score:4, Interesting)

    by Lunix Nutcase (1092239) on Thursday December 01, 2011 @10:58AM (#38225906)

    Because we all know it's impossible to hide such things like trojans in foss without anyone noticing for months on end, right? Oh wait... [wikipedia.org]

  • by alen (225700) on Thursday December 01, 2011 @10:59AM (#38225926)

    the log files are right there in the phone and you can easily see them

    this sounds like the issue with the touchpad where HP had the diagnostics set to max and the performance was crap. except in this case the manufacturers are using twice the RAM and twice the MHz CPU's for android phones compared to the iphone to make up for the overhead of this software.

    most of the tech geeks creaming themselves over specs are idiots because they don't realize it's just for crap like this

  • by Anonymous Coward on Thursday December 01, 2011 @11:08AM (#38226002)

    And what about the end users who dont know how to do that??? Is Android just for tech geeks only?

  • by Kamiza Ikioi (893310) on Thursday December 01, 2011 @11:12AM (#38226038) Homepage

    The question is, can a government agency or anyone else call up Apple or a carrier and have them remotely activate CarrierIQ on the iPhone?

    I don't care if it's "off by default". I care if it's "controlled by the user". There's a clear and concise distinction, and Apple's track record does not lead me to believe that Apple doesn't have absolute control to remotely activate this or any other setting at their discretion. Even if they were unable to before, they may have added that remote capability since they've lost several phones before.

  • by penguinstorm (575341) on Thursday December 01, 2011 @11:17AM (#38226110) Homepage

    When was the last time you got any useful technical support from a cell phone carrier? Those guys play a classic game of passing the buck, blaming your handset (which they didn't make) interference (which they can't control) and anything else that's not the service they provide.

    The notion that some Level 42 World of Warcraft Paladin who spends his days providing tech support for a cell carrier:
    1) Has access to any useful information that relates directly to your handset,
    2) Has the analytical skills to determine its meaning without rolling a 20 sided die
    is patently ridiculous. They'd at best have access to your current outstanding balance.

    North Americans need to stop buying handsets from manufacturers: start buying unlocked, carrier independent handsets and you'll change the industry. As long as over 90% of us are committing to contracts that are longer than the average length of time your phone lasts, the oligarchy that is the North American cell phone industry can do whatever it wants.

  • Re:Reassuring? (Score:4, Interesting)

    by Tom (822) on Thursday December 01, 2011 @12:37PM (#38227046) Homepage Journal

    If anything, this demonstrates why Free Software alone is not the answer. In this case, the closed-source iOS is actually respecting your privacy more than the Open Source Android.

    You still think that code is the answer, but it isn't. Dennis Richie demonstrated long ago how even access to the full source doesn't make you safe. As long as there is a part in the chain that you don't control, you can be fucked over.

    This is a place where actually the legal solution is simpler, easier and more reliable than the technical one. Pass a couple good laws (the "good" part is where our current incompetend corrupt breed of wannabe-politicians are challenged) and enforce them. Sure, it doesn't give you the same 100% security that an EAL7 solution with explicit privacy specifications would - but it's not SciFi and it will work good enough for practical purposes the same way that making murder illegal doesn't prevent it completely, but well enough that in most of the civilized world where the rule of law works, people don't give the extremely remote possibility of being murdered a thought.

  • Re:Reassuring? (Score:2, Interesting)

    by Anonymous Coward on Thursday December 01, 2011 @01:46PM (#38228212)

    Apple has for years included "diagnostic" tools that send back information on Macs. They're always opt-in and are easy to disable later. The same is true here. I don't see why they would change that by making it opt-out instead, since that's just the sort of bad publicity that they don't need, and they likely already have a large enough sample size from those who do opt-in to make any relevant decisions based on the data available (iOS 5 prompts the user during setup/upgrade regarding whether they want to opt-in or not).

    Plus, keep in mind that Apple's customer is the end user, whereas the customer for many of these other companies is the carrier, a third-party advertiser, or some other entity that wants access to the user's information. It's in Apple's best interests to not piss of their users, since their users are their customers.

  • by Bill_the_Engineer (772575) on Thursday December 01, 2011 @03:56PM (#38230444)

    There's a HUGE difference between the iPhone "jailbreak community" and the Android custom ROM community. Yes I assumed you knew the Android option existed but if you think jailbreaking an iPhone and loading custom apps is any comparison then I guess we're not speaking the same language.

    I'm sure someone has managed to get some open source OS running on the iPhone but it's nowhere near the community or user base of CM and other custom ROMs.

    I guess we are talking different languages. I said nothing about installing another OS on the iPhone nor do I believe that all that can be accomplished requires me to insert custom code into the kernel. I know that people are able to run daemons on the iPhone with upgraded privileges (root), since there was a default password exploit on the sshd service that the original jail break script installed years ago. I assume that most of the really "novel" software on the iPhone require a jail broken phone solely for the elevated privileges that are required to access some services/API which the stock iPhone won't allow.

    Most of *my* modifications to the linux kernel involved making a driver for a new piece of hardware. I did have an occasion where I needed to patch the linux kernel for pulse per second synchronization and there was a flaw in the LinuxPPS code that triggered on both rising and falling edges of the PPS being fed on a serial port which required my correction. That said if I did need to something at the Kernel level on the iPhone, since iOS is based on the Mach kernel, I assume I could write a kernel extension for a jail broken phone. I assume since I don't have access to a jail broken phone, but I'm sure someone around here has experience. Anyway, I assume the iPhone hardware is well supported by iOS so I really don't know why you place so much value on the OS being open source for *this* particular part of the conversation.

    And I know that CM running on my Nexus S (or even stock Nexus S ROM for that matter) isn't running CarrierIQ because all of the relevant user-land apps are open source.

    You only assume that CarrierIQ isn't running unless you actually view the source code yourself. You also assume that a CarrierIQ like function doesn't exist in the phone's firmware that isn't explicitly covered by an open source license.

    So yes the "android is open mantra" is a pretty big deal to myself and many others, it's not just lip service.

    This is where we really differ. I support open source (professionally on occasion) yet my support doesn't rise to the level of zealotry. I do not disqualify any product solely on the basis that it's less open then other options.

We can predict everything, except the future.

Working...