New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Carrier IQ Logging Software Found on Many Mobile Phones

Wednesday November 30, 2011 11:25 pm PST by Arnold Kim
Over the last couple of days, there has been a significant amount of press over the findings of Trevor Eckhart who exposed the presence of extensive logging software found on many Android, BlackBerry and Nokia phones. A video showing the extent of the logging was posted and is summarized by PCWorld. The software is called "IQRD" by a company called Carrier IQ.:
After connecting his HTC device to his computer, Trevor found that IQRD is secretly logging every single button that he taps on the phone--even on the touchscreen number pad. IQRD is also shown to be logging text messages.

In the video, Eckhart shows that Carrier IQ is also logging Web searches. While this doesn't sound all that bad by itself, it suggests that Carrier IQ is logging what happens during an HTTPS connection which is supposed to be encrypted information. Additionally, it can do this over a Wi-Fi connection with no 3G, so even if your phone service is disconnected, IQRD still logs the information.
It doesn't seem entirely clear what information is transmitted and used, though the presence of the software itself has generated many privacy concerns. Eckhart noted in his original findings that on his Android HTC phone, there was no way to turn off logging. He also notes that the Carrier IQ application is embedded so deeply that it can't be fully removed without rebuilding the phone from source code. Forbes is suggesting that the company may have even violated wiretapping laws based on its actions. Carrier IQ maintains that its actions are aimed at device performance only.

Tonight iPhone developer @chpwn reported on Carrier IQ references in Apple's iOS as well, though its logging seems to be much more in line with Carrier IQ's official statements about device performance. (The references were first spotted by Intell on our own forums). Chpwn reports:
Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely.
The information logged for iOS seems limited to phone call activity and location (if Location Services are enabled). Also unlike the implementation found on Eckhart's HTC, iOS users can opt out of these diagnostics by simply going to Settings -> General -> About -> Diagnostics & Usage -> Don't Send. The actually logged diagnostic data appears to be fully accessible for perusal in that same setting menu.

TUAW describes the iOS findings as "probably benign" and consistent with expected network performance diagnostics.

[ 232 comments ]


Top Rated Comments

(View all)

Avatar
Intell
94 months ago


Tonight iPhone developer @chpwn (http://twitter.com/#!/chpwn) discovered Carrier IQ references in Apple's iOS as well, though its logging seems to be much more in line with Carrier IQ's official statements about device performance.


No he didn't. I did: https://forums.macrumors.com/showthread.php?t=1284749

My posts here predate his tweets and I first mentioned this on MacRumors on November 25.
Rating: 45 Votes
Avatar
dethmaShine
94 months ago

Apple just did a better job of hiding their keylogging software.


Maybe you should try reading the article again OR may be following the story on other websites before posting asinine comments.
Rating: 35 Votes
Avatar
inkswamp
94 months ago

Another WIN for the Android platform. My HTC is flashed with a custom ROM without any of that horse-hockey.

Open source FTW.


Only in the the most delusional Android fan dreams can it be called a win that someone would have to root a phone and flash the ROM to remove a legally questionable rootkit sanctioned by the service provider and OEM.

Seriously. Some of us want a phone, not a weekend hobby. :rolleyes:
Rating: 33 Votes
Avatar
arn
94 months ago

You don't need to be a conspiracy theorist to accept that every major tech company - Amazon, Apple, Google, Microsoft, etc - collects information on their users from the devices they distribute. In fact, this is quite obvious in almost every respect.


Yes, it is very obvious. There's even a setting for it.

Settings -> General -> About -> Diagnostics & Usage -> Don't Send
Rating: 26 Votes
Avatar
arn
94 months ago

What does this have to do with anything? If you think Apple isn't tracking everything you do on your iPhone, CarrierIQ or their own method, you're naive.


or maybe just not a conspiracy theorist?

arn
Rating: 21 Votes
Avatar
Qwaf
94 months ago

This, on a tech news site, is comical.

Some of us want a phone, that we can tinker with to OUR liking, not steve jobs' liking.


Then you've chose the wrong company. That isn't Apple's philosophy anymore, and because of that, it has allowed them to make products which are insanely popular.

I never understood people who continue to hang around banging on about this sort of stuff that is just inherently against Apple's stance. Apple aren't trying to be this way, nor want to be this way, just be happy with the platform you have.

It has nothing to do with being on a technology site.
Rating: 19 Votes
Avatar
dethmaShine
94 months ago

Your iDevice must be jailbroken to SSH into it to modify this file.


All right. I get it.

Thanks

----------

"As far as you can see" doesn't count for much. Apple has too big of an incentive to do exactly the same thing as any other phone manufacturer. Or maybe they just do it "by accident (http://arstechnica.com/apple/news/2011/04/how-apple-tracks-your-location-without-your-consent-and-why-it-matters.ars)." It's not wrong or even morally objectionable really, it's just business.


Good grief. You still didn't read the article and follow other stories on the Internet?

Seriously, when trying to confront people, gather your sources and information so that you need not bow your head with every fatuous comment.

Please.
Rating: 17 Votes
Avatar
arn
94 months ago

I can't write blogs to save my life. I'm unsure of exactly where I first posted it, but I do have GoogleTalk logs in which I discussed it with one of my peers from the 25th.


I updated the story.

arn
Rating: 16 Votes
Avatar
kalsta
94 months ago

My complaints are valid, it only gives apple more reason to give users *choice*. If iOS was as customizable as Android, I'd use it.


The other poster's comments were valid too. Apple has a design philosophy, and has done for many years. It's not about taking away choices from people for the heck of it, but it IS about making things simpler for most users by making certain choices for them, and simplifying the front end. I mean really, no one should have to choose whether they want their private communication logged or not. Since no one would willingly choose this, it's a perfect example of something the user should never, ever have to worry about. The fact that you have worried about it is hardly a win for Android. Rather, it's an admission of a problem that should never have existed in the first place.
Rating: 16 Votes
Avatar
saving107
94 months ago


Why do none of those guys at some point say "No, your bloatware CRAP has no place on our phones or bogging down the customers experience."


$$$$$$
Rating: 13 Votes

[ Read All Comments ]