Carrier IQ code spotted in iOS (Updated)

iOS 5

The same Carrier IQ software that’s causing a stir on Android may be included in iOS, too. Well-known iOS hacker chpwn broke the story when he discovered references to Carrier IQ in versions of iOS up to version 3.1. The Verge independently confirmed this report and found references to Carrier IQ in /usr/bin/IQAgent. They also found an IQAgent log and other references to collector.sky.carrieriq.com on the device.

And it didn’t stop there. Intell from the MacRumors forum found a similar set of files in iOS 4, and chpwn chimed back in with news that he found traces of Carrier IQ in iOS 5. The iOS 5 references are apparently turned off and only turned on  when the phone is in diagnostic mode. TUAW also confirmed these reports and suggests Carrier IQ’s presence is likely benign.

Carrier IQ is diagnostic software installed on Android and other mobile phones. It can’t be removed and, at least on Android, can’t be turned off without rooting a device. It’s causing a stir because on Android it apparently logs keystrokes, HTTPS requests and other personal information. The software then sends this information to Carrier IQ for analysis. Wireless carriers use this analysis to troubleshoot phone and network problems; but some consider this secretive sharing to be a huge invasion of a person’s privacy.

Update: chpwn reported back with more information on his blog. Carrier IQ is present in iOS 5 and may be tracking your phone number, carrier, country, active calls and your location (if location services are turned on). The software is disabled by default and turned on when diagnostic mode is enabled. Though log files were found on the phone, it appears none of this information was sent back to Carrier IQ.

This places iOS in the middle ground. It’s not as terible as Android which is sending data back to Carrier IQ, but not as good as Windows Phone, which is apparently the only platform without Carrier IQ.

 

[The Verge, chpwn and MacRumors]

  • http://an0nguy.wordpress.com/ AnonGuy

    Well it’s off when not in Diagnostic Mode, which is how it should be on ANY device.  The issue isn’t what the software does, it’s that it’s always doing this on Android devices despite the fact that the device isn’t even in Debug or a similar Diagnostic Mode.  If the carrier is testing a device using Diagnostic Mode and CarrierIQ can be useful.  For end-user use, it should not be enabled – period.

  • http://www.ringcentral.com/phone-service/index.html Phone Service

    How would I be able to make sure that other people don’t have access on any information on my phone? Pretty scary.

  • GW

    Besides being able to turn off the diagnosis & usage reporting, the iPhone also allows you to see everything in the log that has been sent to Apple.  Apple also lets you still send diagnostic data with the option of turning off location services for diagnostic data.  That is all different from the Android which gives you no options at all…but of course it is open source so that doesn’t matter, right?

    • Anonymous

      Except of course that Carrier IQ is not a feature of Android, is not in the Android source, and is being added to devices only by one or two US carriers.

      This is a story about how carriers treat their customers, not about Android.

      • GW

        The only problem with your
        premise is that Sprint has acknowledged using the data gather by CarrierIQ, but
        only the cell tower information, such as location and signal strength.  The CarrierIQ embedded in the Android
        software could, ‘could’ be placed there by the carrier since it is an open OS.  However, the software is gathering much more
        than cell tower and diagnostic information that the carriers would be
        interested in receiving.  It is
        intercepting and logging text messages BEFORE you are notified of the existence
        of the text (the carrier already has a copy of the text in their system – why
        would they need another?)  It is also
        logging every keystroke and subverting browser security (yes, it intercepts the
        data on a secure connection BEFORE it is encrypted).  Who is getting that data?  With Google’s less than stellar past with
        privacy issues, it would not surprise anyone if they are getting the
        information or are the ones placing the CarrierIQ code in the OS.  Furthermore, if Google is so innocent why don’t
        they have a way to disable all diagnostic and/or location information like
        Apple does?

        • Anonymous

          It’s quite tricky for Google to provide a ‘stop all diagnostic information’ facility that would cover arbitrary code inserted by the carrier. The best they could do would be to create a preferences mechanism and  Carrier IQ would have to use it explicitly; Google can’t force them to. Android can’t have a sort of magic pixie dust filter that determines whether some arbitrary data from an arbitrary carrier-added OS level service is sending diagnostic or location data and stops it. That’s not feasible.

          On this point: 

          ” (yes, it intercepts the data on a secure connection BEFORE it is encrypted).”

          It’s intercepting keystrokes, so of course it’s happening before encryption.

          As to ‘who is getting that data?’ I’d assume only the people who paid Carrier IQ for it, since the data is sent to their servers. Which includes some, but not all, US carriers. If Carrier IQ data were of interest to Google for some hypothetical nefarious purpose, the code would be in all Android devices, and it is not. 

          Notably, Google are not using Carrier IQ on their own branded devices (the Nexus devices and the Xoom). 

          It’s not that the software ‘could’ have been placed there by the carriers, it’s that it _was_ placed there by the carriers – the customers of Carrier IQ. 

          (Your own carrier already has access to the content of your text messages, implicitly.)

        • Anonymous

          Furthermore, if Google were placing this ‘in the OS’ as you are suggesting, it would be in all Android devices at least in the US, and it’s not.

          It’s also not in European Android devices, as far as can be determined.

          This is a straightforward thing: Carrier IQ have some expensive software, they sell it to carriers who want the data it provides, and those carriers put it in Android devices and pay Carrier IQ for the data it collects. 

          Other carriers are not doing this, and the software is not being found in their devices. Including Google’s Samsung-built devices, whereas Samsung-built devices modified by Sprint do include it.

  • Anonymous

    The last paragraph should read:

    “All iOS devices contain Carrier IQ code which may or may not be enabled. Android devices from some US carriers send data back to Carrier IQ. Windows Phone does not feature Carrier IQ”.
    This is not about Android itself.This is about ROM customisation by specific US carriers. Stock Android does not feature this code, and outside the USA it is so far rare or nonexistent.Perhaps Windows Phone’s background processing model is simply too new for Carrier IQ to have implemented their system on WP7?

  • LDMartin1959

    “…Windows Phone, which is apparently the only platform without Carrier IQ.”

    What are you basing that wish on? Now where do you provide any documentation or research to support that. Did Microsoft tell you this? Then it’s probably a lie. Or did you just image it must be true because no one has said different?

    I challenge you to provide any proof that it is NOT on Windows Phone.

Back to top ▴