Slashdot Mirror

← Back to Stories (view on slashdot.org)

Carrier IQ Software May Be in iOS, Too

Posted by timothy on from the y'know-to-be-fair dept.

New submitter Howard Beale writes with this excerpt from The Verge: "To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5." The details are still emerging; however, iPhone users will be happy to hear that while it's reported that the software is available to the OS, "the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default."

4 of 234 comments (clear)

  1. Re:How did the software get on an iDevice? by broken_chaos · · Score: 4, Interesting

    Does that mean that Apple is complicit in installing Carrier IQ?

    Yes. It was potentially something they were told to do by carriers, but Apple has had a habit of telling anyone that went against their worldview to fuck off, so I imagine it at least doesn't conflict with their intents.

  2. Reassuring? by jc42 · · Score: 4, Interesting

    "the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default."

    This is supposed to be reassuring? How many people will ever read about this? And how long until it's turned on by default? Or perhaps turned on by a remote message.

    I've found it useful as an example for people who don't understand why we need free/open software. This story simply means that if you use your phone to access anything that is protected by a password (or PIN or whatever), that little hidden bit of software is making a copy of your login, password, account numbers, etc., and sending it off to some site that you know nothing about. Whoever has that information can then get into your account and do as they like with it. I've seen a lot of worried looks, and I know a number of people who have held off on the idea of using their phone to access their bank accounts as a result of this information.

    I try to get the idea across that, as long as there's any software that's not freely available to us software geeks ("hackers" to the media), so that we can study it and expose such little nasties, nobody's information or accounts or identities can be considered safe. This sort of software can and does send all your private information to some unknown strangers.

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  3. Also doesn't record UI/keypress info by Dixie_Flatline · · Score: 4, Interesting

    Not only is it off by default, apparently it's only allowed to access information at a layer that doesn't give away the farm. It's not recording your keypresses, the sites you visit (which apparently the HTC version does even if you're on WiFi) or anything else that's possibly a significant security risk. Supposedly, it really does act just as it's claimed to in the press releases.

    (I'm aware that I use 'apparently' and 'supposedly'; I have no concrete info that I've tested myself, this is just what I've read today.)

  4. Android by Spad · · Score: 5, Interesting

    Interestingly, it looks like the "pure" Android phones (i.e the Nexus line) don't ship with CarrierIQ