Carrier IQ Software May Be in iOS, Too 234
New submitter Howard Beale writes with this excerpt from The Verge: "To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5." The details are still emerging; however, iPhone users will be happy to hear that while it's reported that the software is available to the OS, "the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default."
easy to turn off as well (Score:5, Informative)
everything it collects is viewable to the user and you can turn it off in settings > general > about > diagnostics & usage
Re:easy to turn off as well (Score:5, Informative)
That's better than my HTC phone which allows you to do the following in settings > About Phone > Tell HTC > Network preference > "When data connection is available" or "When Wi-Fi or cable connection is available".
I can turn off "Tell HTC" but apparently that is only for error reports relating to HTC Sense.
No other options for turning off network diagnostics are available.
Doesn't seem to log much (Score:3, Informative)
Here's my "diagnostic log" or at least one of them:
deviceId: "aac0e3b1805c47f85e759c5d............"
isAnonymous: true
deviceConfigId: 101
triggerTime: 1320879763561
triggerId: 72014
profileId: 1012
investigationId: 0
bluetoothServiceDisconnectionResult {
timestamp: 1320879561
deviceOUI: "\00\066="
service: 8
result: 104981
}
seems a bit less intrusive than the one demoed yesterday.
Re:Handset Or Carrier? (Score:5, Informative)
I used to work in the EU for a US phone manufacturer (starts with an 'M'), and mid-2009, integrating CIQ became a mandatory requirement for products that were to be bought by AT&T. This was the first time a carrier asked for this, and at the time, the requested info came mainly from the modem side (signal levels, dropped calls stats, network conditions and so on). Carriers use CIQ-logged info to monitor the health of their network and spot potential problem areas. I would say that this is more of a carrier-thing, and not specific to one handset or another.
I don't know if the list of required info kept growing or who asked for application-side info like Google searches and text messages' content, though...
(Posting anon because I don't know what laws/contracts I am potentially breaking...)
Re:Reassuring? (Score:5, Informative)
I've found it useful as an example for people who don't understand why we need free/open software. ...
You might want to re-think that after reading the article, including its updates. Ironically, the (closed, walled garden) Apple version appears to send only diagnostic data that could be conceivably used for legitimate troubleshooting of dropped calls and the like whereas the (free, open) Android version is more akin to a rootkit, complete with backdoor and key logger.
Re:Reassuring? (Score:4, Informative)
When you activate an iOS device, it prompts you if you want to send this data. Further more, if you go into the device settings, and look at the diagnostics, it shows you all the files it's storing and what exactly it's reporting.
Granted, it could be doing something else behind the scenes, but this is more than what you're getting with the Android Carrier IQ(As someone pointed out on The Talk Show, a great oxymoron) installs.
Re:easy to turn off as well (Score:5, Informative)
Not on iOS 4.3.3 - there is no such option here. So I can't turn off this "mis-feature" on my iPhone.
It seems Apple added it in iOS 5, and did so only after the public became somewhat aware of their diagnostic collection practices, as a measure of damage control perhaps?
Re:Doesn't seem to log much (Score:5, Informative)
seems a bit less intrusive than the one demoed yesterday.
Seems so : [chpwn.com]
"Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely."
Re:easy to turn off as well (Score:5, Informative)
Re:Why does this CarrierIQ stuff matter anyway? (Score:5, Informative)
We can't buy carrier independent handsets because all of our cellphone networks are incompatible. Sprint phones sometimes work on Verizon, Verizon phones never work on Sprint, neither of them work on GSM, and AT&T and TMobile, the two GSM carriers, have incompatible 3G networks. Don't get me started on "4G" and the half-dozen different things it's been redefined into meaning.
Also, for every carrier except TMo, the monthly price is just as high when you bring your own phone as it is when you take the carrier subsidy.
So, since buying your own phone doesn't make it portable across networks, and costs more money up front and the same amount per month, there's no point. That's why everyone takes the carrier phone and contract; it's not because we're all stupid, it's because it's the most cost effective solution in a shitty market.
Re:easy to turn off as well (Score:5, Informative)
I own an Android phone. I actually been using CyangenMod for years now. I admit I don't use CyangenMod on my newest Android phone since I haven't had a compelling reason to continue to waste my valuable time playing on my phone. I do still have my unlocked and rooted old phone. So short answer is yes I have participated in the Android custom ROM community and for a very long time at that. A clue may have been that I knew the steps involved in my previous comment.
BTW, my iPhone friends say that there is a thriving jail break community on the iPhone and supposedly you can do things on a jail broken phone that can't be done on a locked iPhone. One being installing GPL licensed software as binaries from a third party software provider. I remember seeing him use his jail broken phone as a WiFi hotspot before it was sanctioned on both iOS and Android.
Honestly you could Google the iPhone jail break community and know about as much as I do, since I don't know much myself.
I'd say yes. Only because the iPhone is the most scrutinized (and vilified) device on the web and it hasn't been discovered so far. Also if you RTFA you'd see that the author reported that it's off by default.
Option 3 wasn't really that appealing of an option. I had the opportunity to by a Google phone when I upgraded. Google dropped the ball and couldn't decide if they would really support it. I really don't know if I could depend on Google to support their current Nexus phone for long. My reasoning being that if I had to pay full unsubsidized price for a phone then the manufacturer could at least humor me and pretend that they would support the phone. Maybe Google learned their lesson which may explain why they are purchasing Motorola so someone who knows what they are doing could make and support their phones.
Re:Why does this CarrierIQ stuff matter anyway? (Score:3, Informative)
Re:easy to turn off as well (Score:4, Informative)
Speaking of Motorola, so far I haven't heard of one single phone from them that has CIQ on it. My Motorola XPRT certainly doesn't have it (I used Trevor's tools to check) nor does the Verizon equivalent (Droid Pro). More power to them.
I have Diagnostics & Usage turned on (Score:5, Informative)
deviceid: "xxx"
isAnonymous: true
deviceConfigid: 101
triggerTime: 1322150199352
triggerId: 655363
profileId: 10109
investigationId: 0
locationaUpdateSession {
timestamp: 1322150199351
timestampEnd: 1322150199351
desiredAccuracy: 1000
cellAvailable: true
wifiAvailable: true
passcodeLocked: false
airplaneMode: false
ttff: 0
ttffGps: -1
bundleid: "com.apple.weather"
achievedAccuracy: 99
}
Enjoy your paranoia! I refuse to participate.
Re:easy to turn off as well (Score:5, Informative)
There is a big difference: Google does not provide this software as part of their Android distribution, and Google has not installed it on any of the Nexus phones that they sell. For Android, Carrier IQ is third party software that has been installed by some carriers. That makes the carriers responsible, not Google. It is not even clear that Google knew what third-party software carriers ship on their phones. The carriers have no legal responsibility to impart this information to Google, just like if you sell a pre-installed Ubuntu system you don't have to contact Ubuntu and let them know what you installed.
In contrast, Apple appears to have shipped this software as part of iOS, and secretly installed it on millions of iPhones without telling anyone. For a long time Apple fanboys have argued that because Apple is in control of the iPhone, and not the carriers, then it is impossible for this kind of crap to happen. It seems the impossible just became reality.
It's worth noting that whilst Carrier IQ is running for all iOS versions, uploading the logs appears to be turned off by default on iOS3/4, but it is not known how or when it gets turned on. On iOS 5, Carrier IQ log uploads are controlled by the “Submit Logs to Apple” option on iOS setup. Most users would probably trust Apple with their logs, right? So most iOS 5 users probably have Carrier IQ uploading their logs right now.