Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Carrier IQ Software May Be in iOS, Too

timothy posted more than 2 years ago | from the y'know-to-be-fair dept.

Cellphones 234

New submitter Howard Beale writes with this excerpt from The Verge: "To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5." The details are still emerging; however, iPhone users will be happy to hear that while it's reported that the software is available to the OS, "the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default."

Sorry! There are no comments related to the filter you selected.

First post (-1)

Anonymous Coward | more than 2 years ago | (#38225694)

First post from Seattle! W00t

Re:First post (-1, Offtopic)

Anonymous Coward | more than 2 years ago | (#38225706)

Do you represent Seattle? If so, I'll put it on my list of places to avoid.

Re:First post (-1)

Anonymous Coward | more than 2 years ago | (#38225954)

Seattle rules!

It is the First Post capital of the world.

Re:First post (0, Offtopic)

Anonymous Coward | more than 2 years ago | (#38225718)

why do people make frivolous useless posts like this, grow up.

Re:First post (-1)

Anonymous Coward | more than 2 years ago | (#38225742)

Why do people whine like bitches over first posts?

Re:First post (-1)

Anonymous Coward | more than 2 years ago | (#38225790)

perhaps we're not in 2nd grade, and the thrill of "I'm first in line" just isn't there anymore.

Re:First post (-1, Offtopic)

Lunix Nutcase (1092239) | more than 2 years ago | (#38225816)

Then stop feeding them and just ignore the post? You whinging about it only eggs them on.

Re:First post (-1)

Anonymous Coward | more than 2 years ago | (#38225856)

holy shit, there is no letter 'g' in whine. please stop putting one in there.

Re:First post (-1)

Anonymous Coward | more than 2 years ago | (#38225980)

Actually, alternative regional spellings do allow for the g. http://dictionary.reference.com/browse/whinging

Re:First post (-1, Offtopic)

moozey (2437812) | more than 2 years ago | (#38226042)

'Whinging' is an entirely different word to 'whining', however they both mean the same thing. Perhaps one is more colloquial than the other, I don't know. Google "whinge vs whine" if you must.

Why does this CarrierIQ stuff matter anyway? (0)

Anonymous Coward | more than 2 years ago | (#38225730)

Part of the agreement is to allow Apple and the cellular carrier to monitor and be able to diagnose problems. One has zero expectation of privacy anyway with a cell phone, so having software which is present as per a signed contract is to be expected.

Re:Why does this CarrierIQ stuff matter anyway? (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38225772)

It matters because what the contract allows is ambiguous at best and definitely does not cover all that CarrierIQ is capable of (what it is configured for on a given phone from a given carrier may be a different story). In fact, keystroke logging of text messages may be in violation of federal wiretap laws, particularly if the logging continues even when the phone is not connected to a cellular network.

Re:Why does this CarrierIQ stuff matter anyway? (2, Insightful)

alen (225700) | more than 2 years ago | (#38225860)

carriers and handset makers need the ability to monitor their networks for problem cell sites and areas of low to no signal as well diagnostics about the phone and any problem apps.

if you go for tech support it's not like the people magically know everything that is wrong with your phone. the diagnostics data is collected and analyzed. if you complain of dropped calls its important to know where they are occuring

Re:Why does this CarrierIQ stuff matter anyway? (5, Insightful)

thisnamestoolong (1584383) | more than 2 years ago | (#38225992)

It is not, however, important for them to have the keystrokes that you enter into your phone before sending encrypted communications. There is NO WAY that this is not a violation of the law if it is not explicitly mentioned in the ToS, as keystroke logging could never be remotely construed as even remotely necessary for system diagnostics; its only purpose is the violation of privacy.

Re:Why does this CarrierIQ stuff matter anyway? (-1)

Anonymous Coward | more than 2 years ago | (#38226728)

Think about it. CarrierIQ is a front for the NSA.

Re:Why does this CarrierIQ stuff matter anyway? (3, Interesting)

penguinstorm (575341) | more than 2 years ago | (#38226110)

When was the last time you got any useful technical support from a cell phone carrier? Those guys play a classic game of passing the buck, blaming your handset (which they didn't make) interference (which they can't control) and anything else that's not the service they provide.

The notion that some Level 42 World of Warcraft Paladin who spends his days providing tech support for a cell carrier:
1) Has access to any useful information that relates directly to your handset,
2) Has the analytical skills to determine its meaning without rolling a 20 sided die
is patently ridiculous. They'd at best have access to your current outstanding balance.

North Americans need to stop buying handsets from manufacturers: start buying unlocked, carrier independent handsets and you'll change the industry. As long as over 90% of us are committing to contracts that are longer than the average length of time your phone lasts, the oligarchy that is the North American cell phone industry can do whatever it wants.

Re:Why does this CarrierIQ stuff matter anyway? (5, Informative)

Anonymous Coward | more than 2 years ago | (#38226638)

We can't buy carrier independent handsets because all of our cellphone networks are incompatible. Sprint phones sometimes work on Verizon, Verizon phones never work on Sprint, neither of them work on GSM, and AT&T and TMobile, the two GSM carriers, have incompatible 3G networks. Don't get me started on "4G" and the half-dozen different things it's been redefined into meaning.

Also, for every carrier except TMo, the monthly price is just as high when you bring your own phone as it is when you take the carrier subsidy.

So, since buying your own phone doesn't make it portable across networks, and costs more money up front and the same amount per month, there's no point. That's why everyone takes the carrier phone and contract; it's not because we're all stupid, it's because it's the most cost effective solution in a shitty market.

Re:Why does this CarrierIQ stuff matter anyway? (1)

Anonymous Coward | more than 2 years ago | (#38226162)

Bullshit. I've NEVER had anyone get or reference any information from my phone when I've called tech support for an issue. My guess is no one has. Tech support is some basic troubleshooting (is the phone turned on, do you have a signal, have you rebooted it etc), the next step is to send it in or take it to a service center. This collected data is not used to support the end users at all. It is used to provide metrics to the carrier and your privacy is ignored.

Re:Why does this CarrierIQ stuff matter anyway? (3, Insightful)

Lucky75 (1265142) | more than 2 years ago | (#38226100)

Of course, when Apple does it, it must be okay. If other maufacturers do, BURN THEM AT THE STAKE!

Communication content is still private (5, Insightful)

DeadCatX2 (950953) | more than 2 years ago | (#38226384)

At least according to US laws, the content of your communications are still considered private. It's just the destination and time of communication (bookkeeping data) that has no expectation of privacy.

The fact that SMS keystrokes can be recorded is clearly a violation of privacy.

I'm also quite worried about the fact that I have to put the password for my work account into my phone in order to receive my work emails. I expect those to be private as well, especially since the password field is masked with *'s (which definitely implies that the password is private). The fact that some previously unknown company may know my work password is frightening to me.

Re:Why does this CarrierIQ stuff matter anyway? (4, Insightful)

Culture20 (968837) | more than 2 years ago | (#38226628)

Part of the agreement is to allow Apple and the cellular carrier to monitor and be able to diagnose problems. One has zero expectation of privacy anyway with a cell phone, so having software which is present as per a signed contract is to be expected.

Keylogging my username and password for my https or ssh connections is definitely not part of the agreement as I understood it (and a valid contract is a meeting of the minds, not an evil trap full of gotchas), no any other data that I might be typing in to encrypted or even non encrypted sessions. Sure, I admit that the non encrypted sessions might be listened to by someone, but the expectation is that the someone in that scenario is not my phone provider using a tool the installed before I bought it.

easy to turn off as well (4, Informative)

alen (225700) | more than 2 years ago | (#38225734)

everything it collects is viewable to the user and you can turn it off in settings > general > about > diagnostics & usage

Re:easy to turn off as well (-1)

coinreturn (617535) | more than 2 years ago | (#38225758)

Yes, but it's Apple. They be bad.

Re:easy to turn off as well (4, Informative)

Bill_the_Engineer (772575) | more than 2 years ago | (#38225818)

That's better than my HTC phone which allows you to do the following in settings > About Phone > Tell HTC > Network preference > "When data connection is available" or "When Wi-Fi or cable connection is available".

I can turn off "Tell HTC" but apparently that is only for error reports relating to HTC Sense.

No other options for turning off network diagnostics are available.

Re:easy to turn off as well (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38225836)

Confirmed that with tcpdump have you? Apple have hidden / obfuscated this nasty software hoping no one would notice it. That's pretty damning in itself, even if they have the decency to give it a config screen (assuming the screen is real and the code honors the settings).

Re:easy to turn off as well (3, Interesting)

alen (225700) | more than 2 years ago | (#38225926)

the log files are right there in the phone and you can easily see them

this sounds like the issue with the touchpad where HP had the diagnostics set to max and the performance was crap. except in this case the manufacturers are using twice the RAM and twice the MHz CPU's for android phones compared to the iphone to make up for the overhead of this software.

most of the tech geeks creaming themselves over specs are idiots because they don't realize it's just for crap like this

Re:easy to turn off as well (1, Insightful)

Lunix Nutcase (1092239) | more than 2 years ago | (#38225934)

That's funny cause I don't remember Goggle, HTC, etc. telling anyone about this on Android phones. Oh, I forgot. Apple baaaaaad!

Re:easy to turn off as well (0)

alen (225700) | more than 2 years ago | (#38225958)

since android is open you can just compile the code yourself and install a copy of the OS on your phone without this

Re:easy to turn off as well (2, Interesting)

Anonymous Coward | more than 2 years ago | (#38226002)

And what about the end users who dont know how to do that??? Is Android just for tech geeks only?

Re:easy to turn off as well (1)

Anonymous Coward | more than 2 years ago | (#38226170)

Yes! Only tech geeks should be allowed to touch any computing tech at all and everyone else should be restricteted to POTS and telegraph.

Re:easy to turn off as well (4, Insightful)

Bill_the_Engineer (772575) | more than 2 years ago | (#38226132)

since android is open you can just compile the code yourself and install a copy of the OS on your phone without this

Yea lets bring out the "android is open" mantra. Conveniently leave out the rooting part, the waiting for Google to decide to release the source code, and waiting for groups like CyanogenMod to make a rom image for your phone.

I don't have an iPhone but if I did I could easily say I can do [insert special neat trick] with my iPhone after jail breaking it. There really isn't much of a real difference for people with the initiative. Especially if you depend on other people to do the real work for you.

Let's keep the discussion on phones as delivered to the average consumer.

Now take a deep breath and rationally think this through. Which is easier (for anyone)?

1. Turning off the settings using the menus within the iPhone, or

2. Downloading a rom image from CynamodGen, rooting your Android phone, and reinstalling Google binaries and reseting all your user settings.

Re:easy to turn off as well (4, Insightful)

tobiasly (524456) | more than 2 years ago | (#38226546)

I don't have an iPhone but if I did I could easily say I can do [insert special neat trick] with my iPhone after jail breaking it. There really isn't much of a real difference for people with the initiative. Especially if you depend on other people to do the real work for you.

Um, please define "special neat trick". If you think there "isn't much of a real difference for people with the initiative" then you obviously haven't participated in the Android custom ROM community. iPhone has nothing like it, and the reason for that is that Android is open-source.

Is it a perfect, fully open community driven hacker's utopia? No, but I blame the carriers for that much more than Google. Sure they keep their crown jewels (Gmail, Maps etc.) closed and proprietary but they've certainly raised the bar for openness on mass-market consumer devices and they deserve credit for that.

Now take a deep breath and rationally think this through. Which is easier (for anyone)?

1. Turning off the settings using the menus within the iPhone, or

2. Downloading a rom image from CynamodGen, rooting your Android phone, and reinstalling Google binaries and reseting all your user settings.

Can you tell me with any certainty that Option 1 absolutely prevents any such data from being sent to the carriers or CarrierIQ?

And you forgot Option 3, which is to vote with your wallet and buy a Nexus device, which doesn't have Carrier IQ, which Google releases the source code for (including all binary drivers where source isn't available) as soon as, or (with 4.0) before the device launches, and is the most open, hacker friendly mass-market consumer mobile device in the US today.

Re:easy to turn off as well (2, Insightful)

Desler (1608317) | more than 2 years ago | (#38226220)

Thanks for showing how much of a fanboi you are. Hiding software with keyloggers is okay cause Android is open source! But Apple baaaad because they have it disabled by default and easily turned off by one settings switch rather than having to reflash your phone.

Re:easy to turn off as well (2)

Culture20 (968837) | more than 2 years ago | (#38226710)

That's funny cause I don't remember Goggle, HTC, etc. telling anyone about this on Android phones. Oh, I forgot. Apple baaaaaad!

Google never installed it. HTC neither. Sprint, AT&T, etc. did. In Apple's case Apple is the one that installed it (if it's there).

Re:easy to turn off as well (4, Informative)

ugen (93902) | more than 2 years ago | (#38226066)

Not on iOS 4.3.3 - there is no such option here. So I can't turn off this "mis-feature" on my iPhone.

It seems Apple added it in iOS 5, and did so only after the public became somewhat aware of their diagnostic collection practices, as a measure of damage control perhaps?

Re:easy to turn off as well (1)

Yvan256 (722131) | more than 2 years ago | (#38226094)

Nothing in iOS 3.1.3 either, which is the highest version that can be used with a first-generation iPod touch.

Re:easy to turn off as well (2)

coinreturn (617535) | more than 2 years ago | (#38226558)

Your first generation iPod touch is not a phone, and hence would not have CarrierIQ.

Re:easy to turn off as well (0)

CharlyFoxtrot (1607527) | more than 2 years ago | (#38226314)

It appears to be disabled by default so you're probably OK. Follow chpwn's blog [chpwn.com] and twitter for more info.

Re:easy to turn off as well (0)

rsmith-mac (639075) | more than 2 years ago | (#38226326)

CarrierIQ is relatively new, and Apple is rather conservative. As surprised as I am that they have it in the first place, it's unlikely that it's in anything pre-dating iOS 5.

Re:easy to turn off as well (2)

19thNervousBreakdown (768619) | more than 2 years ago | (#38226080)

I have a ... friend ... who regularly posts on Facebook every hyperbolic Apple story he can find. Apple might as well have mailed a tanto, a bottle of Jack Daniels, and a picture of Steve Jobs banging their S.O. to every Foxconn employee, Apple was the only company that kept cell tower logs which they only kept so they could place you at the scene of a murder if you decided not to buy the next iPhone, and the iPhone 4's antenna gave such poor reception because it wasn't an antenna at all, it was a transmitter designed to beam cancer and full-blown AIDS directly into your brain. Oh, and of course the ever-so-classy "I'm glad he's dead" post.

He's also espoused the benefits of his Android phone without the slightest sense of irony, as if an Android zealot is any less annoying than an Apple zealot. So, all in all, the thunderous silence from his Facebook feed is ... mmm, delicious.

I don't understand people who don't understand that the corporate system is pure evil by design, and that literally any public corporation (and 95% of the privately-owned ones) would slice open your belly and play jump-rope with your guts if it made them 0.01% more than giving you a new house and ending world hunger would. Apple might have played nice (relatively), but if that is so, it sure as hell isn't because they respect us and believe that every person is entitled to privacy.

Re:easy to turn off as well (1)

NatasRevol (731260) | more than 2 years ago | (#38226178)

It is kind of neat to look at the logs, but it's amazing to me that my phone is writing logs every 5-10 minutes. It takes me 2 minutes to scroll to the bottom of the LIST of logs, which are only about two weeks of data.

Re:easy to turn off as well (5, Informative)

Fahrvergnuugen (700293) | more than 2 years ago | (#38226302)

Anyone who wanted to know what is collected and sent only had to click the "About Diagnostics & Privacy" link in iOS directly under neath the switch you have to hit to turn it on:

Apple would like your help to improve the quality and performance of its products and services. Your device can automatically collect diagnostic and usage information and send it to Apple for analysis — but only with your explicit consent.

Diagnostic and usage information may include details about hardware and operating system specifications, performance statistics, and data about how you use your device and applications. None of the collected information identifies you personally. Personal data is either not logged at all or is removed from any reports before they’re sent to Apple. You can review the information by going to Settings, tapping General, tapping About and looking under Diagnostics & Usage.

If you have consented to provide Apple with this information, and you have Location Services turned on, the location of your device may also be sent to help Apple analyze wireless or cellular performance issues (for example, the strength or weakness of a cellular signal in a particular location). This diagnostic location data may include the location of your device once per day, or the location where a call ends. You may choose to turn off Location Services for Diagnostics at any time. To do so, open Settings, tap Location Services, tap System Services and turn off the Diagnostics switch.

You may also choose to turn off Diagnostics altogether. To do so, open Settings, tap General, tap About and choose “Don’t Send” under Diagnostics & Usage.

To help Apple’s partners and third-party developers improve their apps, products and services designed for use with Apple products, Apple may provide such partners or developers with a subset of diagnostic information that is relevant to that partner’s or developer’s app, product or service, as long as the diagnostic information is aggregated or in a form that does not personally identify you.

For more information, see Apple’s Privacy Policy at www.apple.com/privacy

Handset Or Carrier? (2, Interesting)

Anonymous Coward | more than 2 years ago | (#38225736)

Is this software specific to various handsets or is it specific to the carrier?

So far it has seemed to me that this guy is using Sprint and thier phones seem to have it. But, people on AT&T are reporting that their phones do not have it.

Does anyone know for sure?

Re:Handset Or Carrier? (5, Informative)

Anonymous Coward | more than 2 years ago | (#38225902)

I used to work in the EU for a US phone manufacturer (starts with an 'M'), and mid-2009, integrating CIQ became a mandatory requirement for products that were to be bought by AT&T. This was the first time a carrier asked for this, and at the time, the requested info came mainly from the modem side (signal levels, dropped calls stats, network conditions and so on). Carriers use CIQ-logged info to monitor the health of their network and spot potential problem areas. I would say that this is more of a carrier-thing, and not specific to one handset or another.

I don't know if the list of required info kept growing or who asked for application-side info like Google searches and text messages' content, though...

(Posting anon because I don't know what laws/contracts I am potentially breaking...)

Re:Handset Or Carrier? (0)

Anonymous Coward | more than 2 years ago | (#38226150)

And you can be sure the carrier broke more laws in the EU than anywhere else with regards to CIQ tracking.

How did the software get on an iDevice? (1, Troll)

dotancohen (1015143) | more than 2 years ago | (#38225768)

Aren't we told that Apple's walled garden would prevent non-sanctioned applications from running or even being installed? Does that mean that Apple is complicit in installing Carrier IQ?

Re:How did the software get on an iDevice? (4, Interesting)

broken_chaos (1188549) | more than 2 years ago | (#38225792)

Does that mean that Apple is complicit in installing Carrier IQ?

Yes. It was potentially something they were told to do by carriers, but Apple has had a habit of telling anyone that went against their worldview to fuck off, so I imagine it at least doesn't conflict with their intents.

Re:How did the software get on an iDevice? (1)

alen (225700) | more than 2 years ago | (#38225882)

apple has to somehow support their products. cheaper to license software than write it yourself from scratch

What!?! (-1, Troll)

dev473 (2522350) | more than 2 years ago | (#38225774)

I googled a bit and found that that this hacker claims that [evenweb.com] Carrier IQ does phone home and send private information on iOS5..

Re:What!?! (0)

Anonymous Coward | more than 2 years ago | (#38225804)

-1 goatse

Re:What!?! (1)

alphamax (1176593) | more than 2 years ago | (#38225810)

Do not click the link, it is evil.

Re:What!?! (-1)

Anonymous Coward | more than 2 years ago | (#38225822)

Yeah, thanks for the goatse at work...

Link is goatse Re:What!?! (0)

HighNumber (1448795) | more than 2 years ago | (#38225828)

don't click

Re:What!?! (-1, Offtopic)

rayd75 (258138) | more than 2 years ago | (#38225858)

Uhhhg... When did moderation start taking effect immediately? Maybe posting on my moderated comment will undo my horrific error.

Re:What!?! (-1, Offtopic)

thisnamestoolong (1584383) | more than 2 years ago | (#38225960)

Wow, that looks like a pretty well-hidden goatse. I have still yet to fall for one of those on /. but I know that it's only a matter of time...

Re:What!?! (1)

Kyusaku Natsume (1098) | more than 2 years ago | (#38226032)

There should be a way to block all the accounts of this troll or to report him to /. editors, apparently he created a thousand of these accounts.

Re:What!?! (1)

NatasRevol (731260) | more than 2 years ago | (#38226134)

Every link to evenweb.com is goatse.

The more you know...

Reassuring? (4, Interesting)

jc42 (318812) | more than 2 years ago | (#38225814)

"the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default."

This is supposed to be reassuring? How many people will ever read about this? And how long until it's turned on by default? Or perhaps turned on by a remote message.

I've found it useful as an example for people who don't understand why we need free/open software. This story simply means that if you use your phone to access anything that is protected by a password (or PIN or whatever), that little hidden bit of software is making a copy of your login, password, account numbers, etc., and sending it off to some site that you know nothing about. Whoever has that information can then get into your account and do as they like with it. I've seen a lot of worried looks, and I know a number of people who have held off on the idea of using their phone to access their bank accounts as a result of this information.

I try to get the idea across that, as long as there's any software that's not freely available to us software geeks ("hackers" to the media), so that we can study it and expose such little nasties, nobody's information or accounts or identities can be considered safe. This sort of software can and does send all your private information to some unknown strangers.

Re:Reassuring? (3, Interesting)

Lunix Nutcase (1092239) | more than 2 years ago | (#38225906)

Because we all know it's impossible to hide such things like trojans in foss without anyone noticing for months on end, right? Oh wait... [wikipedia.org]

Re:Reassuring? (1)

twiddler69 (2504140) | more than 2 years ago | (#38225914)

I'm sure most people know that every bit of their life is tracked. With all the technology that exists, the government knows more about you than you know about yourself.

Re:Reassuring? (5, Informative)

rayd75 (258138) | more than 2 years ago | (#38225952)

I've found it useful as an example for people who don't understand why we need free/open software. ...

You might want to re-think that after reading the article, including its updates. Ironically, the (closed, walled garden) Apple version appears to send only diagnostic data that could be conceivably used for legitimate troubleshooting of dropped calls and the like whereas the (free, open) Android version is more akin to a rootkit, complete with backdoor and key logger.

Re:Reassuring? (1)

DeadCatX2 (950953) | more than 2 years ago | (#38226352)

I can put CyanogenMod on my Android handset. I can load ROMs based on carrier firmware that has CIQ removed.

Thanks to Open Source Software, I have this choice.

Re:Reassuring? (1)

rayd75 (258138) | more than 2 years ago | (#38226490)

I can put CyanogenMod on my Android handset. I can load ROMs based on carrier firmware that has CIQ removed.

Thanks to Open Source Software, I have this choice.

Agreed... but you represent maybe a couple percent of total Android users in regard to your ability and will to do that. My son tells me that Android runs great on his first gen iPhone... so I guess Android provides the same benefit to similarly-minded Apple users. The remaining ones are stuck with a "Automatically Send / Don't Send" radio button. What do the other 98% of Android device owners have?

Re:Reassuring? (1)

Cogneato (600584) | more than 2 years ago | (#38226514)

Does your mom have this choice? I know mine would have no clue. The most tech-savvy of the population aren't the ones we should be concerned about. The people that this affects the most are the ones that receive a device that is set to log their keystrokes and never really know to ask about it.

The open source community, of which I am part of, expresses the benefits of using of open source software, but when something like this negatively affects the masses, their answer is always one that is not readily known and/or available to the masses. The simple fact is that secret default key logging in inexcusable in any consumer software, open source or not. For those that really care about promoting the use of their favorite software, instead of making excuses for it or offering complicated fixes, you should be raising holy hell.

Re:Reassuring? (0)

Anonymous Coward | more than 2 years ago | (#38226634)

Yep... This is not an open / closed argument although it's trending toward one. It's about Google saying to the carriers "Here's our masterpiece.... rape away." The end result is phones running an unrecognizable OS due to skinning, running a crap-ton of bloatware, and shipping with remote key loggers installed. Say what you will about Apple's model, but their users' experience is what Apple wanted to be; not what the carriers demanded.

Re:Reassuring? (1)

bananaquackmoo (1204116) | more than 2 years ago | (#38226618)

You might want to re-think what you said. How would we even KNOW about Carrier IQ if Android wasn't open enough to find out?

Re:Reassuring? (1)

rayd75 (258138) | more than 2 years ago | (#38226730)

You might want to re-think what you said. How would we even KNOW about Carrier IQ if Android wasn't open enough to find out?

Um, by reading the "diagnostic and logging" screen that pops-up during the initial configuration of my phone? By looking at the logged data in the settings menu? The only thing that we've learned today is that the diagnostics and logging system in iOS is vaguely-tied to CarrierIQ. It's not been a secret that it's there and there's no evidence that it does anything more than what it discloses to every new user. Yesterday, it didn't have a name. Today, it does.

Re:Reassuring? (0)

Anonymous Coward | more than 2 years ago | (#38226036)

CarrierIQ on iOS has no ability to monitor text input. It's nothing like on Android, and this article is alarmist bullshit

Re:Reassuring? (3, Informative)

RyuuzakiTetsuya (195424) | more than 2 years ago | (#38226048)

When you activate an iOS device, it prompts you if you want to send this data. Further more, if you go into the device settings, and look at the diagnostics, it shows you all the files it's storing and what exactly it's reporting.

Granted, it could be doing something else behind the scenes, but this is more than what you're getting with the Android Carrier IQ(As someone pointed out on The Talk Show, a great oxymoron) installs.

Re:Reassuring? (1)

CharlyFoxtrot (1607527) | more than 2 years ago | (#38226116)

This is supposed to be reassuring? How many people will ever read about this? And how long until it's turned on by default? Or perhaps turned on by a remote message.

On the latest version of iOS, on the welcome screen on first boot it explicitly asks you if you want to turn on the sending of diagnostics and stuff like location services. This was Apple's response to the privacy kerfuffle after the location tracking thing. Yes I am disappointed it's even in there but Apple is doing the right thing here by disabling it by default.

I've found it useful as an example for people who don't understand why we need free/open software. This story simply means that if you use your phone to access anything that is protected by a password (or PIN or whatever), that little hidden bit of software is making a copy of your login, password, account numbers, etc., and sending it off to some site that you know nothing about. Whoever has that information can then get into your account and do as they like with it. I've seen a lot of worried looks, and I know a number of people who have held off on the idea of using their phone to access their bank accounts as a result of this information.

CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution [cert.org]

Angry Birds (4, Funny)

LoverOfJoy (820058) | more than 2 years ago | (#38225832)

In other news, hackers have discovered that the game, Angry Birds, mysteriously turns on a setting called "DiagnosticsAllowed".

Re:Angry Birds (0)

coinreturn (617535) | more than 2 years ago | (#38226576)

Pulled that one out of your ass, now didn't you? Apps do not have access to system-level settings like that. Yes, I know that. I am an iOS developer.

Bad news: you've picked up a hitch-hiking murderer (4, Insightful)

Rogerborg (306625) | more than 2 years ago | (#38225840)

Good news: last time you looked, he was still sitting in the back and hadn't stabbed you yet.

Re:Bad news: you've picked up a hitch-hiking murde (0)

Anonymous Coward | more than 2 years ago | (#38225892)

Unless you have an Android phone, in which case, he's already stabbing you every time you turn a corner.

Re:Bad news: you've picked up a hitch-hiking murde (0)

Anonymous Coward | more than 2 years ago | (#38226160)

iPhone? Your stuck with the Axe Murderer in a Turtle Neck... that will sue you for copying the way he drives BEFORE he kills you.

Android? With a little looking and forethought, you can replace the "Angry Backstabbing Murderer" with a "cute blonde". You can even tweak the Blonde to have bigger boobs if you want.

On Android... you are only stuck with the "Murderer" if you are too lazy to replace him... or too dumb to know how to get into his mind and convince him otherwise. (Or stupid enough to drive a car with OnStar where you don't control the locks).

Sure... the Blonde might be the sweetest thing since sliced bread... or she might be a gold digger... but you still have to option to replace her or replace parts of her you don't like.

Re:Bad news: you've picked up a hitch-hiking murde (0)

Anonymous Coward | more than 2 years ago | (#38226484)

Here's a thought... most people who run smart phones do not have the ability to replace portions of the system software that come with their phone. I can see that you look down on such people, but you're an elite technologist so you think that's OK.

Telling people that they can replace parts of the system software they don't approve of is like telling a car owner that he can simply replace the brakes if he feels the standard ones aren't powerful enough. Yes, he can - if he has the knowledge and the equipment. But only a tiny fraction of car owners will have the necessity prerequisites and will care enough to do that. Most will trust the manufacturer to have made the correct choice of brake components.

In the case of Android phones, it appears the right choice is to send user data to carriers without telling anyone or providing an option to turn it off - at least, I can't turn it off on my HTC phone. In the case of Apple phones, the default is not to send data and to make visible the option to send data and also show the user what data is being sent.

But some people still think the Apple methodology is more evil. Mind boggling really.

Doesn't seem to log much (3, Informative)

Anonymous Coward | more than 2 years ago | (#38225846)

Here's my "diagnostic log" or at least one of them:

deviceId: "aac0e3b1805c47f85e759c5d............"
isAnonymous: true
deviceConfigId: 101
triggerTime: 1320879763561
triggerId: 72014
profileId: 1012
investigationId: 0
bluetoothServiceDisconnectionResult {
timestamp: 1320879561
deviceOUI: "\00\066="
service: 8
result: 104981
}

seems a bit less intrusive than the one demoed yesterday.

Re:Doesn't seem to log much (4, Informative)

CharlyFoxtrot (1607527) | more than 2 years ago | (#38226186)

seems a bit less intrusive than the one demoed yesterday.

Seems so : [chpwn.com]

"Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely."

Why would Apple need something like this... (2)

Assmasher (456699) | more than 2 years ago | (#38225852)

...when they wrote iOS? Weird.

I can understand it being found on Android devices since individual phone companies (who are absolute sh** at making software - personal experience) would want to avoid doing it themselves, but Apple?

Re:Why would Apple need something like this... (4, Insightful)

Anonymous Coward | more than 2 years ago | (#38225966)

Apple doesn't need it. Hint: it's in the product's name. The carriers want it.

Also doesn't record UI/keypress info (4, Interesting)

Dixie_Flatline (5077) | more than 2 years ago | (#38225868)

Not only is it off by default, apparently it's only allowed to access information at a layer that doesn't give away the farm. It's not recording your keypresses, the sites you visit (which apparently the HTC version does even if you're on WiFi) or anything else that's possibly a significant security risk. Supposedly, it really does act just as it's claimed to in the press releases.

(I'm aware that I use 'apparently' and 'supposedly'; I have no concrete info that I've tested myself, this is just what I've read today.)

Android (5, Interesting)

Spad (470073) | more than 2 years ago | (#38225884)

Interestingly, it looks like the "pure" Android phones (i.e the Nexus line) don't ship with CarrierIQ [theverge.com]

Re:Android (1)

CharlyFoxtrot (1607527) | more than 2 years ago | (#38226198)

Neither does Windows 7 (source [chpwn.com] .)

Re:Android (3, Funny)

Bill Dimm (463823) | more than 2 years ago | (#38226272)

Neither does Windows 7 (source [chpwn.com] .)

Wow, Windows Phone 7 is so insignificant that they wouldn't even port Carrier IQ to it? ;-)

Re:Android (1)

Lucky75 (1265142) | more than 2 years ago | (#38226232)

Google already has all your information. It's evil companies like Samsung that don't.

Re:Android (1)

Beriaru (954082) | more than 2 years ago | (#38226246)

Not only "pure" Android. I have a LG Optimus 3D (the equivalent of the Thrill 4G) and it doesn't have any traces of Carrier IQ. As far as I know, it's only confirmed in HTC and Samsung devices.

Re:Android (1)

Joao (155665) | more than 2 years ago | (#38226754)

My T-Mobile HTC G2 doesn't have it either.

"Evil" Setting (0)

TC Wilcox (954812) | more than 2 years ago | (#38225956)

I for one appreciate that Apple has decided to make sure their "Evil" setting is turned off by default for the time being.

Who can turn it on? That's what matters. (3, Interesting)

Kamiza Ikioi (893310) | more than 2 years ago | (#38226038)

The question is, can a government agency or anyone else call up Apple or a carrier and have them remotely activate CarrierIQ on the iPhone?

I don't care if it's "off by default". I care if it's "controlled by the user". There's a clear and concise distinction, and Apple's track record does not lead me to believe that Apple doesn't have absolute control to remotely activate this or any other setting at their discretion. Even if they were unable to before, they may have added that remote capability since they've lost several phones before.

Re:Who can turn it on? That's what matters. (2)

gnasher719 (869701) | more than 2 years ago | (#38226218)

The question is, can a government agency or anyone else call up Apple or a carrier and have them remotely activate CarrierIQ on the iPhone?

Apple wanted to provide carriers with some means of diagnosing certain faults, and did that. They are not telling you exactly what they do, but diagnostics will only be turned on if you want to. Quite possible that if you had problems with your phone, and called your carrier for support, they might ask you to turn this software on - so they can diagnose this problem.

If Apple wanted to spy on you, you wouldn't notice. Same as with this idiotic outrage about location data stored on your phone: That data is cached information coming from Apple's servers. If they wanted to keep track of your location, they would record the info on their servers, and you wouldn't notice.

Slashdot Anti Apple Bias (0, Troll)

Robert Gadling (732789) | more than 2 years ago | (#38226056)

Now that CarrierIQ is also found on the iPhone (albeit in a harmless version), this is now considered Slashdot news. As long as only Android was affected it was apparently not considered newsworthy.

Re:Slashdot Anti Apple Bias (1)

Lucky75 (1265142) | more than 2 years ago | (#38226252)

Err...hold your pitchforking. It was posted on ./ about two weeks ago and was a big story.

Re:Slashdot Anti Apple Bias (1)

justcauseisjustthat (1150803) | more than 2 years ago | (#38226276)

see "Android Dev Demonstrates CarrierIQ Phone Logging Software On Video"

Re:Slashdot Anti Apple Bias (1)

NotSanguine (1917456) | more than 2 years ago | (#38226422)

Geez, Robert! This [slashdot.org] took less than five seconds.

So, are you trolling or are you just too lazy to type "CarrierIQ" into the search bar?

Sigh!

For those who are gunshy about clicking links here (is that a Goatse I hear?), just search Slashdot for CarrierIQ

CarrierIQ is a requirement of certain operators (1)

rwwyatt (963545) | more than 2 years ago | (#38226106)

It is actually required to be integrated for all devices for certain carriers (this includes Data Cards).

Can DiagnosticsAllowed be turn on remotely? (0)

Anonymous Coward | more than 2 years ago | (#38226290)

So the carrier can turn it on/off at will? Or worse a criminal or overzealous news reporter pretending to be the carrier?

Democracy isn't practical without privacy, so this is a big deal.

Re:Can DiagnosticsAllowed be turn on remotely? (1)

LDAPMAN (930041) | more than 2 years ago | (#38226578)

No, the carrier cannot turn it on remotely. Theoretically Apple could turn it on with an OS update but then they would get excoriated in this forum and others. The data they are collecting is harmless and they allow you to turn it off completely. They also let you see the data.

What I see on my phone is:
1. Reports on connection strength and radio parameters
2. Reports on low memory conditions and whats running when they happen
3. Application crash reports. These may be sent to the app developer so the app can be fixed.

Note that if you click the link at the bottom of the Diagnostics control screen they provide a very long detailed description of what they collect and what they do with it. This page repeatedly states that no personally identifiable information ever leaves the phone.

At the risk of incurring wrath from iFans... (0, Troll)

fatbuckel (1714764) | more than 2 years ago | (#38226296)

Apple is in fact circling the drain now. They`re playing "follow-the-leader" with features on their phones. Now that Mr.Jobs is gone Apple will slowly go the way it went the last time Mr.Jobs left. Except this time, no amount of coaxing will get Mr.Jobs back. Save this post. Date it. Refer back to it. I`m not kidding. Just wait.You`ll see.

Data Charges (1)

Anonymous Coward | more than 2 years ago | (#38226450)

Honest question: When this is turned on do we still get billed for it's usage? Could this be also called bandwidth stealing? If I'm on a 200mb/month plan and this is on how much data is it using of my data plan? I know it will depend upon my usage of texts and websites and so on but do you think it doubles my usage allowed?

It seems like an event log... (1)

sohmc (595388) | more than 2 years ago | (#38226720)

I'll echo many of the other comments here: It's not really the fact it logs everything. The question is what is it doing with that information.

While I'm not a full-fledged hacker, I know enough about logging and event triggering to know that the computer has to be able to keep track of events so that things that rely on events can be triggered. The best examine is browser events. If there's code to pop-up a window on a click, the browser has to register the click somewhere and the handler has to then pass the buck to function to open the window.

If Carrier IQ proper is collecting this data -- for any reason -- it should be disclosed and it should be able to be turned off. If Android, Apple, et al is using Carrier IQ has an event logger, it should be clear that the information is internal to the phone and is not available to other applications.

Overall, it seems like Android, Apple, et al got caught with their pants down. Assuming the best, they just forgot to mention that this software was a part of their OS.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?