Josh Wright, December 1, 2011
So it’s official. Apple has confirmed the existence of Carrier IQ on older versions of iOS. In a statement released earlier today, the acknowledgement came paired with a statement about the deactivation of the data harvester in iOS5, and the planned full removal for future updates.
[quote]We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.[/quote]
Carrier IQ, as we reported, is essentially a rootkit that is installed by phone manufacturers in order to provide “diagnostic” information back to carriers for what we are told is for improving quality of service. We are still trying to figure out what passwords and text messages being key logged and forwarded on to carriers has to do with improving service. These are exactly the things that were found being logged on devices earlier this week.
Luckily for iOS users, it appears that from the get go this was an entirely opt-in situation, and the information that is sent “home” is quite less nefarious than what other manufacturers have been caught transmitting.
Thus far, the only things that have been witnessed transmitting from iPhones running legacy versions of iOS are:
- Your phone number
- Your carrier
- Your country
- Active phone calls (just the existence of a call, not the dialed number)
- Your location (if CoreLocation is enabled)
This is a far cry from the key logging nightmare that was first announced when Carrier IQ was found running on most Android devices. One other interesting note, which hasn’t been confirmed yet: Verizon claims it does not run Carrier IQ on any of their devices.
Now that all of this is in the open, there will be a ton of finger pointing, but it really sheds light on the dark shadows of data harvesting, and how susceptible we all are to it. I’m just happy it was found by an independent, and not revealed after some company laptop got stolen that had data streams of 100,000 customers on it.
Source: All Things DFollow @macgasm