Carrier IQ Software May Be in iOS, Too 234
New submitter Howard Beale writes with this excerpt from The Verge: "To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5." The details are still emerging; however, iPhone users will be happy to hear that while it's reported that the software is available to the OS, "the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default."
easy to turn off as well (Score:5, Informative)
everything it collects is viewable to the user and you can turn it off in settings > general > about > diagnostics & usage
Re:easy to turn off as well (Score:5, Informative)
That's better than my HTC phone which allows you to do the following in settings > About Phone > Tell HTC > Network preference > "When data connection is available" or "When Wi-Fi or cable connection is available".
I can turn off "Tell HTC" but apparently that is only for error reports relating to HTC Sense.
No other options for turning off network diagnostics are available.
Re: (Score:3, Insightful)
Confirmed that with tcpdump have you? Apple have hidden / obfuscated this nasty software hoping no one would notice it. That's pretty damning in itself, even if they have the decency to give it a config screen (assuming the screen is real and the code honors the settings).
Re:easy to turn off as well (Score:4, Interesting)
the log files are right there in the phone and you can easily see them
this sounds like the issue with the touchpad where HP had the diagnostics set to max and the performance was crap. except in this case the manufacturers are using twice the RAM and twice the MHz CPU's for android phones compared to the iphone to make up for the overhead of this software.
most of the tech geeks creaming themselves over specs are idiots because they don't realize it's just for crap like this
Re: (Score:2, Insightful)
That's funny cause I don't remember Goggle, HTC, etc. telling anyone about this on Android phones. Oh, I forgot. Apple baaaaaad!
Re: (Score:3)
That's funny cause I don't remember Goggle, HTC, etc. telling anyone about this on Android phones. Oh, I forgot. Apple baaaaaad!
Google never installed it. HTC neither. Sprint, AT&T, etc. did. In Apple's case Apple is the one that installed it (if it's there).
Re:easy to turn off as well (Score:5, Informative)
There is a big difference: Google does not provide this software as part of their Android distribution, and Google has not installed it on any of the Nexus phones that they sell. For Android, Carrier IQ is third party software that has been installed by some carriers. That makes the carriers responsible, not Google. It is not even clear that Google knew what third-party software carriers ship on their phones. The carriers have no legal responsibility to impart this information to Google, just like if you sell a pre-installed Ubuntu system you don't have to contact Ubuntu and let them know what you installed.
In contrast, Apple appears to have shipped this software as part of iOS, and secretly installed it on millions of iPhones without telling anyone. For a long time Apple fanboys have argued that because Apple is in control of the iPhone, and not the carriers, then it is impossible for this kind of crap to happen. It seems the impossible just became reality.
It's worth noting that whilst Carrier IQ is running for all iOS versions, uploading the logs appears to be turned off by default on iOS3/4, but it is not known how or when it gets turned on. On iOS 5, Carrier IQ log uploads are controlled by the “Submit Logs to Apple” option on iOS setup. Most users would probably trust Apple with their logs, right? So most iOS 5 users probably have Carrier IQ uploading their logs right now.
Re: (Score:2, Interesting)
And what about the end users who dont know how to do that??? Is Android just for tech geeks only?
Re:easy to turn off as well (Score:4, Insightful)
Yea lets bring out the "android is open" mantra. Conveniently leave out the rooting part, the waiting for Google to decide to release the source code, and waiting for groups like CyanogenMod to make a rom image for your phone.
I don't have an iPhone but if I did I could easily say I can do [insert special neat trick] with my iPhone after jail breaking it. There really isn't much of a real difference for people with the initiative. Especially if you depend on other people to do the real work for you.
Let's keep the discussion on phones as delivered to the average consumer.
Now take a deep breath and rationally think this through. Which is easier (for anyone)?
1. Turning off the settings using the menus within the iPhone, or
2. Downloading a rom image from CynamodGen, rooting your Android phone, and reinstalling Google binaries and reseting all your user settings.
Re:easy to turn off as well (Score:5, Insightful)
Um, please define "special neat trick". If you think there "isn't much of a real difference for people with the initiative" then you obviously haven't participated in the Android custom ROM community. iPhone has nothing like it, and the reason for that is that Android is open-source.
Is it a perfect, fully open community driven hacker's utopia? No, but I blame the carriers for that much more than Google. Sure they keep their crown jewels (Gmail, Maps etc.) closed and proprietary but they've certainly raised the bar for openness on mass-market consumer devices and they deserve credit for that.
Can you tell me with any certainty that Option 1 absolutely prevents any such data from being sent to the carriers or CarrierIQ?
And you forgot Option 3, which is to vote with your wallet and buy a Nexus device, which doesn't have Carrier IQ, which Google releases the source code for (including all binary drivers where source isn't available) as soon as, or (with 4.0) before the device launches, and is the most open, hacker friendly mass-market consumer mobile device in the US today.
Re:easy to turn off as well (Score:5, Informative)
I own an Android phone. I actually been using CyangenMod for years now. I admit I don't use CyangenMod on my newest Android phone since I haven't had a compelling reason to continue to waste my valuable time playing on my phone. I do still have my unlocked and rooted old phone. So short answer is yes I have participated in the Android custom ROM community and for a very long time at that. A clue may have been that I knew the steps involved in my previous comment.
BTW, my iPhone friends say that there is a thriving jail break community on the iPhone and supposedly you can do things on a jail broken phone that can't be done on a locked iPhone. One being installing GPL licensed software as binaries from a third party software provider. I remember seeing him use his jail broken phone as a WiFi hotspot before it was sanctioned on both iOS and Android.
Honestly you could Google the iPhone jail break community and know about as much as I do, since I don't know much myself.
I'd say yes. Only because the iPhone is the most scrutinized (and vilified) device on the web and it hasn't been discovered so far. Also if you RTFA you'd see that the author reported that it's off by default.
Option 3 wasn't really that appealing of an option. I had the opportunity to by a Google phone when I upgraded. Google dropped the ball and couldn't decide if they would really support it. I really don't know if I could depend on Google to support their current Nexus phone for long. My reasoning being that if I had to pay full unsubsidized price for a phone then the manufacturer could at least humor me and pretend that they would support the phone. Maybe Google learned their lesson which may explain why they are purchasing Motorola so someone who knows what they are doing could make and support their phones.
Re: (Score:2)
I'd say yes. Only because the iPhone is the most scrutinized (and vilified) device on the web and it hasn't been discovered so far. Also if you RTFA you'd see that the author reported that it's off by default.
Just as a point of fact, this cannot be proven without someone doing the type of analysis that Trevor Eckhart did with Android. It's not enough to assume that turning it off disables all communication, or assuming that someone else would have found it. You need a verifiable negative, that someone specifically looked for it and discovered that it is not transmitting.
Re:easy to turn off as well (Score:4, Informative)
Speaking of Motorola, so far I haven't heard of one single phone from them that has CIQ on it. My Motorola XPRT certainly doesn't have it (I used Trevor's tools to check) nor does the Verizon equivalent (Droid Pro). More power to them.
Re: (Score:3)
Re:easy to turn off as well (Score:4, Interesting)
I guess we are talking different languages. I said nothing about installing another OS on the iPhone nor do I believe that all that can be accomplished requires me to insert custom code into the kernel. I know that people are able to run daemons on the iPhone with upgraded privileges (root), since there was a default password exploit on the sshd service that the original jail break script installed years ago. I assume that most of the really "novel" software on the iPhone require a jail broken phone solely for the elevated privileges that are required to access some services/API which the stock iPhone won't allow.
Most of *my* modifications to the linux kernel involved making a driver for a new piece of hardware. I did have an occasion where I needed to patch the linux kernel for pulse per second synchronization and there was a flaw in the LinuxPPS code that triggered on both rising and falling edges of the PPS being fed on a serial port which required my correction. That said if I did need to something at the Kernel level on the iPhone, since iOS is based on the Mach kernel, I assume I could write a kernel extension for a jail broken phone. I assume since I don't have access to a jail broken phone, but I'm sure someone around here has experience. Anyway, I assume the iPhone hardware is well supported by iOS so I really don't know why you place so much value on the OS being open source for *this* particular part of the conversation.
You only assume that CarrierIQ isn't running unless you actually view the source code yourself. You also assume that a CarrierIQ like function doesn't exist in the phone's firmware that isn't explicitly covered by an open source license.
This is where we really differ. I support open source (professionally on occasion) yet my support doesn't rise to the level of zealotry. I do not disqualify any product solely on the basis that it's less open then other options.
Re: (Score:2)
You lose the built in apps like Google maps when you do that too, don't you?
Re:easy to turn off as well (Score:4, Insightful)
Why? What a boring discussion that would be. But ok, here it is: users, carriers, and manufacturers have conflicting interests, and software which serves counter-user interests is almost always bundled with the hardware, which is why average consumers never end up with good phones.
There. Now that discussion is over, let's move the discussion on how to get a good phone, i.e. how to avoid being an average consumer.
CyanogenMod is one way to get a pretty decent one. Buying an out-of-production and doomed Maemo is another. Anyone know of any other options?
Re: (Score:2)
Of course, OpenMoko!
Re: (Score:2, Insightful)
Thanks for showing how much of a fanboi you are. Hiding software with keyloggers is okay cause Android is open source! But Apple baaaad because they have it disabled by default and easily turned off by one settings switch rather than having to reflash your phone.
Re: (Score:3, Insightful)
since android is open you can just compile the code yourself and install a copy of the OS on your phone without this
News: $ANDROID_DEVICE has $PRIVACY_FLAW, made worse by $UNPATCHED_BUG and $CARRIER_BACKDOOR.
iOS Fanboys: lol android sux!
Android Fanboys: That's okay, because Android is Open(TM), and anyone can easily fix this by installing their own version of Android.
iOS Fanboys: yeah, but no normal person will do that, also you're nerds.
News: iPhone has $PRIVACY_FLAW, made worse by $UNPATCHED_BUG and $APPLE_BACKDOOR
Android Fanboya: lol apple sux!
iOS Fanboys: That's okay, because Apple will fix this in the next version,
Re:easy to turn off as well (Score:5, Informative)
Not on iOS 4.3.3 - there is no such option here. So I can't turn off this "mis-feature" on my iPhone.
It seems Apple added it in iOS 5, and did so only after the public became somewhat aware of their diagnostic collection practices, as a measure of damage control perhaps?
Re: (Score:2)
Nothing in iOS 3.1.3 either, which is the highest version that can be used with a first-generation iPod touch.
Re: (Score:3)
Re: (Score:3)
CarrierIQ is relatively new, and Apple is rather conservative.
CarrierIQ is 2 years older than iOS.
As surprised as I am that they have it in the first place, it's unlikely that it's in anything pre-dating iOS 5.
Oh, it's *unlikely*. Well, call off the search then, nothing to see here.
Re: (Score:3)
I have a ... friend ... who regularly posts on Facebook every hyperbolic Apple story he can find. Apple might as well have mailed a tanto, a bottle of Jack Daniels, and a picture of Steve Jobs banging their S.O. to every Foxconn employee, Apple was the only company that kept cell tower logs which they only kept so they could place you at the scene of a murder if you decided not to buy the next iPhone, and the iPhone 4's antenna gave such poor reception because it wasn't an antenna at all, it was a transmitt
Re: (Score:2)
It is kind of neat to look at the logs, but it's amazing to me that my phone is writing logs every 5-10 minutes. It takes me 2 minutes to scroll to the bottom of the LIST of logs, which are only about two weeks of data.
Re:easy to turn off as well (Score:5, Informative)
Re:easy to turn off as well (Score:5, Insightful)
The problem here is that HTC phone that was previously dissected also has a similar disclaimer, and a switch to disable logging... the problem is that CarrierIQ software actually does more than what that disclaimer described, and was not fully affected by any switches. In particular, it's a keylogger.
Of course, it's a big question whether CarrierIQ in iOS is anything like the one in Android. But, at this point, the fact that the name is even present at all is a big red flag.
Re: (Score:2)
That's performance reports to Apple, not to the carrier. Carrier IQ is something else. Although reports are that it's disabled (and the code has been neglected) in iOS.
Re: (Score:2)
Re: EU laws irrelevant (Score:2)
The U.S. laws on data collection provide protection. It's a federal offense, and has been for many years:
http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act [wikipedia.org]
That doesn't help if the carrier chooses to ignore the law.
Handset Or Carrier? (Score:2, Interesting)
Is this software specific to various handsets or is it specific to the carrier?
So far it has seemed to me that this guy is using Sprint and thier phones seem to have it. But, people on AT&T are reporting that their phones do not have it.
Does anyone know for sure?
Re:Handset Or Carrier? (Score:5, Informative)
I used to work in the EU for a US phone manufacturer (starts with an 'M'), and mid-2009, integrating CIQ became a mandatory requirement for products that were to be bought by AT&T. This was the first time a carrier asked for this, and at the time, the requested info came mainly from the modem side (signal levels, dropped calls stats, network conditions and so on). Carriers use CIQ-logged info to monitor the health of their network and spot potential problem areas. I would say that this is more of a carrier-thing, and not specific to one handset or another.
I don't know if the list of required info kept growing or who asked for application-side info like Google searches and text messages' content, though...
(Posting anon because I don't know what laws/contracts I am potentially breaking...)
Re:Handset Or Carrier? (Score:4, Funny)
(Posting anon because I don't know what laws/contracts I am potentially breaking...)
I hope you're not posting from a mobile phone. ;)
Reassuring? (Score:5, Interesting)
"the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default."
This is supposed to be reassuring? How many people will ever read about this? And how long until it's turned on by default? Or perhaps turned on by a remote message.
I've found it useful as an example for people who don't understand why we need free/open software. This story simply means that if you use your phone to access anything that is protected by a password (or PIN or whatever), that little hidden bit of software is making a copy of your login, password, account numbers, etc., and sending it off to some site that you know nothing about. Whoever has that information can then get into your account and do as they like with it. I've seen a lot of worried looks, and I know a number of people who have held off on the idea of using their phone to access their bank accounts as a result of this information.
I try to get the idea across that, as long as there's any software that's not freely available to us software geeks ("hackers" to the media), so that we can study it and expose such little nasties, nobody's information or accounts or identities can be considered safe. This sort of software can and does send all your private information to some unknown strangers.
Re:Reassuring? (Score:4, Interesting)
Because we all know it's impossible to hide such things like trojans in foss without anyone noticing for months on end, right? Oh wait... [wikipedia.org]
Re:Reassuring? (Score:5, Informative)
I've found it useful as an example for people who don't understand why we need free/open software. ...
You might want to re-think that after reading the article, including its updates. Ironically, the (closed, walled garden) Apple version appears to send only diagnostic data that could be conceivably used for legitimate troubleshooting of dropped calls and the like whereas the (free, open) Android version is more akin to a rootkit, complete with backdoor and key logger.
Re: (Score:2)
I can put CyanogenMod on my Android handset. I can load ROMs based on carrier firmware that has CIQ removed.
Thanks to Open Source Software, I have this choice.
Re: (Score:2)
I can put CyanogenMod on my Android handset. I can load ROMs based on carrier firmware that has CIQ removed.
Thanks to Open Source Software, I have this choice.
Agreed... but you represent maybe a couple percent of total Android users in regard to your ability and will to do that. My son tells me that Android runs great on his first gen iPhone... so I guess Android provides the same benefit to similarly-minded Apple users. The remaining ones are stuck with a "Automatically Send / Don't Send" radio button. What do the other 98% of Android device owners have?
Re: (Score:2)
Does your mom have this choice? I know mine would have no clue. The most tech-savvy of the population aren't the ones we should be concerned about. The people that this affects the most are the ones that receive a device that is set to log their keystrokes and never really know to ask about it.
The open source community, of which I am part of, expresses the benefits of using of open source software, but when something like this negatively affects the masses, their answer is always one that is not readily kno
Re:Reassuring? (Score:5, Insightful)
Does your mom have this choice? I know mine would have no clue.
Similarly with mine. But this is perhaps best answered with the canonical auto analogy: My mom also wouldn't have a clue about her car's transmission. Does that mean that transmissions should be "closed" systems that can't be worked on by independent experts (both professional and amateur)?
Saying that something should be "open" doesn't imply that we think that everyone is expected to hack at it themselves. It means that people who don't (care to) know about the details can hire someone who does know. That way people can get their gadgets' problems diagnosed and fixed. Without this, diagnosis and repair can only be done by the manufacturer's people. Many corporations have a history of hiding known problems even when people are dying from them.
If your only choice is to take it to the dealer, you've just been set up as an easy mark. And when it comes to the low-level details of comm devices, you've been set up to have your identity stolen and your bank accounts emptied. You only defense against this is to insist that your stuff (whose innards you don't care about) be open to investigation by people other than the ones who sold it to you.
Actually, the auto analogy applies there pretty well, too. Lots of large organizations have their own auto/truck maintenance & repair departments. They don't buy vehicles without shop manuals, because they want their own people to do the repairs. This isn't saying that everyone who buys a vehicle should have a shop manual and do their own repairs. It's just saying that you'd be a fool to buy a vehicle for which the shop manuals aren't available. Without shop manuals, a vehicle generally doesn't sell well to large organizations who can afford their own staff of experts.
(Though this analogy does have its limits. There are a few high-end extremely expensive cars whose buyers always have work done by a dealer's specialized mechanics. This might apply to super-computers, too. But in those cases, the specialized mechanics still have all the manuals they need to work on the low-level components. And such cars aren't mass-market products.)
Re: (Score:2)
Re: (Score:2)
You might want to re-think what you said. How would we even KNOW about Carrier IQ if Android wasn't open enough to find out?
Um, by reading the "diagnostic and logging" screen that pops-up during the initial configuration of my phone? By looking at the logged data in the settings menu? The only thing that we've learned today is that the diagnostics and logging system in iOS is vaguely-tied to CarrierIQ. It's not been a secret that it's there and there's no evidence that it does anything more than what it discloses to every new user. Yesterday, it didn't have a name. Today, it does.
Re: (Score:3)
the (free, open) Android version is more akin to a rootkit
Carrier IQ is not free or open. The post you responded to was arguing that closed source is more difficult to analyse, which is clearly true. If Carrier IQ were open source, we would have known about it years ago, and we wouldn't need to reverse engineer it to figure out what, when and how it's doing what it does, and under what conditions the logs get transferred to remote servers, etc.
I would also argue that, as much as we dislike Carrier IQ, it isn't really a rootkit - the software itself makes no effo
Re:Reassuring? (Score:4, Informative)
When you activate an iOS device, it prompts you if you want to send this data. Further more, if you go into the device settings, and look at the diagnostics, it shows you all the files it's storing and what exactly it's reporting.
Granted, it could be doing something else behind the scenes, but this is more than what you're getting with the Android Carrier IQ(As someone pointed out on The Talk Show, a great oxymoron) installs.
Re: (Score:2)
This is supposed to be reassuring? How many people will ever read about this? And how long until it's turned on by default? Or perhaps turned on by a remote message.
On the latest version of iOS, on the welcome screen on first boot it explicitly asks you if you want to turn on the sending of diagnostics and stuff like location services. This was Apple's response to the privacy kerfuffle after the location tracking thing. Yes I am disappointed it's even in there but Apple is doing the right thing here by disabling it by default.
I've found it useful as an example for people who don't understand why we need free/open software. This story simply means that if you use your phone to access anything that is protected by a password (or PIN or whatever), that little hidden bit of software is making a copy of your login, password, account numbers, etc., and sending it off to some site that you know nothing about. Whoever has that information can then get into your account and do as they like with it. I've seen a lot of worried looks, and I know a number of people who have held off on the idea of using their phone to access their bank accounts as a result of this information.
CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution [cert.org]
Re:Reassuring? (Score:4, Interesting)
If anything, this demonstrates why Free Software alone is not the answer. In this case, the closed-source iOS is actually respecting your privacy more than the Open Source Android.
You still think that code is the answer, but it isn't. Dennis Richie demonstrated long ago how even access to the full source doesn't make you safe. As long as there is a part in the chain that you don't control, you can be fucked over.
This is a place where actually the legal solution is simpler, easier and more reliable than the technical one. Pass a couple good laws (the "good" part is where our current incompetend corrupt breed of wannabe-politicians are challenged) and enforce them. Sure, it doesn't give you the same 100% security that an EAL7 solution with explicit privacy specifications would - but it's not SciFi and it will work good enough for practical purposes the same way that making murder illegal doesn't prevent it completely, but well enough that in most of the civilized world where the rule of law works, people don't give the extremely remote possibility of being murdered a thought.
Re: (Score:2)
CarrierIQ on iOS has no ability to monitor text input.
Um, how exactly do we know this? Because someone at Apple said so?
No, really; if there's a way to verify this claim, I'd like to read about it. Where can we find the proof of the above statement? Not just an assertion, but a way of verifying that it can't happen on iOS.
And it'd be useful to have a guaranteed way of verifying it after an upgrade. Computer vendors do have a history of adding new "features" in upgrades; that's part of what upgrades are for.
The judicious approach would be to not beli
Angry Birds (Score:5, Funny)
In other news, hackers have discovered that the game, Angry Birds, mysteriously turns on a setting called "DiagnosticsAllowed".
Re: (Score:3)
The original Angry Birds asks for Location events, you can see it in the Settings. Why does a single player game need that info?
Re: (Score:3)
Re: (Score:2)
How long as CarrierIQ been part of iOS?
Bad news: you've picked up a hitch-hiking murderer (Score:5, Insightful)
Doesn't seem to log much (Score:3, Informative)
Here's my "diagnostic log" or at least one of them:
deviceId: "aac0e3b1805c47f85e759c5d............"
isAnonymous: true
deviceConfigId: 101
triggerTime: 1320879763561
triggerId: 72014
profileId: 1012
investigationId: 0
bluetoothServiceDisconnectionResult {
timestamp: 1320879561
deviceOUI: "\00\066="
service: 8
result: 104981
}
seems a bit less intrusive than the one demoed yesterday.
Re:Doesn't seem to log much (Score:5, Informative)
seems a bit less intrusive than the one demoed yesterday.
Seems so : [chpwn.com]
"Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely."
Why would Apple need something like this... (Score:3)
...when they wrote iOS? Weird.
I can understand it being found on Android devices since individual phone companies (who are absolute sh** at making software - personal experience) would want to avoid doing it themselves, but Apple?
Re:Why would Apple need something like this... (Score:4, Insightful)
Apple doesn't need it. Hint: it's in the product's name. The carriers want it.
Re: (Score:3, Funny)
Hint - Apple doesn't let carriers put things on its phones...
Also doesn't record UI/keypress info (Score:5, Interesting)
Not only is it off by default, apparently it's only allowed to access information at a layer that doesn't give away the farm. It's not recording your keypresses, the sites you visit (which apparently the HTC version does even if you're on WiFi) or anything else that's possibly a significant security risk. Supposedly, it really does act just as it's claimed to in the press releases.
(I'm aware that I use 'apparently' and 'supposedly'; I have no concrete info that I've tested myself, this is just what I've read today.)
Android (Score:5, Interesting)
Interestingly, it looks like the "pure" Android phones (i.e the Nexus line) don't ship with CarrierIQ [theverge.com]
Re: (Score:2)
Neither does Windows 7 (source [chpwn.com].)
Re:Android (Score:4, Funny)
Neither does Windows 7 (source [chpwn.com].)
Wow, Windows Phone 7 is so insignificant that they wouldn't even port Carrier IQ to it? ;-)
Re: (Score:2)
Re: (Score:2)
My T-Mobile HTC G2 doesn't have it either.
Re: (Score:2)
Neither did my un-branded Android phone bought in the UK, or my friends Orange-branded Android also bought in the UK.
It sounds like this is something added by American carriers.
Who can turn it on? That's what matters. (Score:4, Interesting)
The question is, can a government agency or anyone else call up Apple or a carrier and have them remotely activate CarrierIQ on the iPhone?
I don't care if it's "off by default". I care if it's "controlled by the user". There's a clear and concise distinction, and Apple's track record does not lead me to believe that Apple doesn't have absolute control to remotely activate this or any other setting at their discretion. Even if they were unable to before, they may have added that remote capability since they've lost several phones before.
Re: (Score:3)
The question is, can a government agency or anyone else call up Apple or a carrier and have them remotely activate CarrierIQ on the iPhone?
Apple wanted to provide carriers with some means of diagnosing certain faults, and did that. They are not telling you exactly what they do, but diagnostics will only be turned on if you want to. Quite possible that if you had problems with your phone, and called your carrier for support, they might ask you to turn this software on - so they can diagnose this problem.
If Apple wanted to spy on you, you wouldn't notice. Same as with this idiotic outrage about location data stored on your phone: That data is
Can you prove that you're not a pedofile? (Score:2)
What if you decided to become one later? We've got our eyes on you.
Denying it just makes you look more guilty.
Re: (Score:2)
Re: (Score:2)
You damn skippy!
CarrierIQ is a requirement of certain operators (Score:2)
It seems like an event log... (Score:2)
I'll echo many of the other comments here: It's not really the fact it logs everything. The question is what is it doing with that information.
While I'm not a full-fledged hacker, I know enough about logging and event triggering to know that the computer has to be able to keep track of events so that things that rely on events can be triggered. The best examine is browser events. If there's code to pop-up a window on a click, the browser has to register the click somewhere and the handler has to then pas
Re: (Score:2)
Caught with their pant down? The first thing that pops up when you turn on the iPhone for the first time is a box explaining this and asking if you want to allow it. Thats not exactly hiding it. As someone posted above there is also a very lengthy explanation and the actual log files available on the control panel that allows you to turn it off. Some conspiracy.
So rooted devices with custom ROMs don't have this (Score:3)
I am just going to guess that Android devices that were rooted and run custom ROMs don't have Carrier IQ installed. If that is the case, everyone should bitch and whine about the right to have root access on their devices, and the right to add whatever freaking ROM they want. If the carriers are keylogging their devices, we should be able to disable that feature. If they don't let us do that, we should be able to wipe off their spyware.
More privacy issues (Score:2)
There appears to be more privacy issues beyond monitoring in the phone. My Smartphone (GT-I9100 v.2.3.4) won't allow access to https://www.google.com./ [www.google.com] It also doesn't allow the addition of private certificate authorities or the removal of bad ones. To make matters worse, it won't display the fingerprint of a certificate. So the only option is to accept, on faith, the issuer name displayed. It seems obvious that the handset makers don't care about privacy or potential harm to customers.
I have Diagnostics & Usage turned on (Score:5, Informative)
deviceid: "xxx"
isAnonymous: true
deviceConfigid: 101
triggerTime: 1322150199352
triggerId: 655363
profileId: 10109
investigationId: 0
locationaUpdateSession {
timestamp: 1322150199351
timestampEnd: 1322150199351
desiredAccuracy: 1000
cellAvailable: true
wifiAvailable: true
passcodeLocked: false
airplaneMode: false
ttff: 0
ttffGps: -1
bundleid: "com.apple.weather"
achievedAccuracy: 99
}
Enjoy your paranoia! I refuse to participate.
Re:Why does this CarrierIQ stuff matter anyway? (Score:5, Insightful)
It matters because what the contract allows is ambiguous at best and definitely does not cover all that CarrierIQ is capable of (what it is configured for on a given phone from a given carrier may be a different story). In fact, keystroke logging of text messages may be in violation of federal wiretap laws, particularly if the logging continues even when the phone is not connected to a cellular network.
Re:Why does this CarrierIQ stuff matter anyway? (Score:4, Insightful)
And even if you rent a car, the rental agency doesn't get to do whatever they like with the car once you've rented it out.
IANAL but I suspect recording conversations in the car and recording videos of the interior would generally not be legal unless you get permission from the court.
Re: (Score:2, Insightful)
carriers and handset makers need the ability to monitor their networks for problem cell sites and areas of low to no signal as well diagnostics about the phone and any problem apps.
if you go for tech support it's not like the people magically know everything that is wrong with your phone. the diagnostics data is collected and analyzed. if you complain of dropped calls its important to know where they are occuring
Re:Why does this CarrierIQ stuff matter anyway? (Score:5, Insightful)
Re:Why does this CarrierIQ stuff matter anyway? (Score:5, Funny)
Think about it. CarrierIQ is a front for the NSA.
I hope you didn't post that from your cell phone.
Re: (Score:3, Interesting)
When was the last time you got any useful technical support from a cell phone carrier? Those guys play a classic game of passing the buck, blaming your handset (which they didn't make) interference (which they can't control) and anything else that's not the service they provide.
The notion that some Level 42 World of Warcraft Paladin who spends his days providing tech support for a cell carrier:
1) Has access to any useful information that relates directly to your handset,
2) Has the analytical skills to deter
Re:Why does this CarrierIQ stuff matter anyway? (Score:5, Informative)
We can't buy carrier independent handsets because all of our cellphone networks are incompatible. Sprint phones sometimes work on Verizon, Verizon phones never work on Sprint, neither of them work on GSM, and AT&T and TMobile, the two GSM carriers, have incompatible 3G networks. Don't get me started on "4G" and the half-dozen different things it's been redefined into meaning.
Also, for every carrier except TMo, the monthly price is just as high when you bring your own phone as it is when you take the carrier subsidy.
So, since buying your own phone doesn't make it portable across networks, and costs more money up front and the same amount per month, there's no point. That's why everyone takes the carrier phone and contract; it's not because we're all stupid, it's because it's the most cost effective solution in a shitty market.
Re:Why does this CarrierIQ stuff matter anyway? (Score:5, Insightful)
That's why everyone takes the carrier phone and contract; it's not because we're all stupid, it's because it's the most cost effective solution in a shitty market.
It depends on what you want to do with the phone. If you e.g. use it for tethering, the cost of buying an unlocked international version for full price recoups itself pretty quickly.
Also, it is possible to have 5-band 3G phones that work on both AT&T and T-Mo, so you can at least switch between those two. For example, Galaxy Nexus is 5-band HSPA 850/900/1700/1900/2100 - which covers both AT&T's 1900MHz, and T-Mo's 1700/2100 MHz.
Re: (Score:3)
As far as I'm concerned, "tethering service" amounts to enabling the appropriate widget on operator-supplied phones where it's otherwise disabled, so I don't need it.
Yes, I know that their contract says something else. I very much doubt that those provisions are meaningfully enforceable in court - any more so that the requirement to, say, only hold the phone in your right hand (and never in the left one!) when making a call through operator's network. Reason being, tethering is something I do to the device,
Re: (Score:2)
And where will they get those, if not from the manufacturer? Obviously they can't buy carrier independent handsets from the carriers.
Or did you mean that they should stop buying phones from the carriers instead?
Like a car payment for a car you own outright (Score:3)
Cell phone contracts are loans.
With the principal and interest payment bundled in the monthly bill. The trouble is that Verizon, Sprint, and AT&T don't give a discount on the monthly bill if I buy the phone up front at full price. So why do I still have to pay principal + interest to the carrier for a phone that I already own outright? It'd be like having to pay a car payment to the bank (and not just tags and liability insurance) for a car that I've already paid off.
Re:Why does this CarrierIQ stuff matter anyway? (Score:5, Insightful)
carriers and handset makers need the ability to monitor their networks for problem cell sites and areas of low to no signal
First, handset makers don't have networks or cell sites. Second, why do carriers need to use my device to test their network, they don't have their own equipment to do that? And if my device is transmitting diagnostic data, why the hell are they charging me data fees to send them diagnostics? I should be charging them. The point is that they don't need to use my device to test their network. And if they're going to ask me to do that, they sure as hell better tell me and better give me a way to opt out. Neither of those happened when I bought my phone. iOS took the right path with specifically calling it diagnostic mode, and having it disabled by default. Sprint tries to hide it from me. That's not right.
as well diagnostics about the phone and any problem apps
Again, they don't *need* the ability to do that. It would be *nice* if they had it, and frankly if they asked me I might allow them. But since they try to sneak it in the backdoor now I simply don't trust them and it's finally pushed me to the point where I'm ready to install Cyanogenmod and get rid of their software altogether. So now they get nothing.
if you go for tech support it's not like the people magically know everything that is wrong with your phone.
Yeah, you're right, even with all the data my phone has been sending them they still don't know what's wrong with it. So why should I send the data to them?
if you complain of dropped calls its important to know where they are occuring
A diagnostic application specifically for monitoring dropped calls is completely different than the software that is actually being used. Dropped calls are just one aspect that they try to highlight to claim that the software is benevolent, and then they deny the ability to log keystrokes even when proof is shown that they are.
If the company is lying about what their capabilities are and what data they're collecting, then that's a major red flag. That's enough to get me to remove the software.
Re:Why does this CarrierIQ stuff matter anyway? (Score:4, Insightful)
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
Communication content is still private (Score:5, Insightful)
At least according to US laws, the content of your communications are still considered private. It's just the destination and time of communication (bookkeeping data) that has no expectation of privacy.
The fact that SMS keystrokes can be recorded is clearly a violation of privacy.
I'm also quite worried about the fact that I have to put the password for my work account into my phone in order to receive my work emails. I expect those to be private as well, especially since the password field is masked with *'s (which definitely implies that the password is private). The fact that some previously unknown company may know my work password is frightening to me.
Re:Why does this CarrierIQ stuff matter anyway? (Score:5, Insightful)
Part of the agreement is to allow Apple and the cellular carrier to monitor and be able to diagnose problems. One has zero expectation of privacy anyway with a cell phone, so having software which is present as per a signed contract is to be expected.
Keylogging my username and password for my https or ssh connections is definitely not part of the agreement as I understood it (and a valid contract is a meeting of the minds, not an evil trap full of gotchas), no any other data that I might be typing in to encrypted or even non encrypted sessions. Sure, I admit that the non encrypted sessions might be listened to by someone, but the expectation is that the someone in that scenario is not my phone provider using a tool the installed before I bought it.
Re:How did the software get on an iDevice? (Score:5, Interesting)
Does that mean that Apple is complicit in installing Carrier IQ?
Yes. It was potentially something they were told to do by carriers, but Apple has had a habit of telling anyone that went against their worldview to fuck off, so I imagine it at least doesn't conflict with their intents.
Re: (Score:2)
apple has to somehow support their products. cheaper to license software than write it yourself from scratch
Re: (Score:2)
There should be a way to block all the accounts of this troll or to report him to /. editors, apparently he created a thousand of these accounts.
Re: (Score:2)
Every link to evenweb.com is goatse.
The more you know...
Re: (Score:2)
Geez, Robert! This [slashdot.org] took less than five seconds.
So, are you trolling or are you just too lazy to type "CarrierIQ" into the search bar?
Sigh!
For those who are gunshy about clicking links here (is that a Goatse I hear?), just search Slashdot for CarrierIQ
Re: (Score:2)
It was on the front page yesterday: http://yro.slashdot.org/story/11/11/30/0423256/android-dev-demonstrates-carrieriq-phone-logging-software-on-video [slashdot.org]
Re: (Score:3)
Apple is in fact circling the drain now. They`re playing "follow-the-leader" with features on their phones.
Do you have anything other than your own personal opinion to back up your "fact"? AAPL corporate earnings continue to grow, their products continue to sell and expand their market share, they are the #1 or #2 company in the world in terms of market cap and they have a ginormous cash hoard to draw upon for further R&D and expansion.
If you want to see a perfect example of a company that actually IS circling the drain, take a look at RIM.
"follow-the-leader features"? Siri-ously (har har)? Oh look, Goog