PDA

View Full Version : Apple Stopped Supporting Carrier IQ in iOS 5, Complete Removal Coming in Future




MacRumors
Dec 1, 2011, 02:37 PM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2011/12/01/apple-stopped-supporting-carrier-iq-in-ios-5-complete-removal-coming-in-future/)


In the wake of significant publicity (http://www.macrumors.com/2011/12/01/carrier-iq-keylogging-software-found-on-many-mobile-phones/) about Carrier IQ, the mobile phone logging software that is able to transmit data back to carriers, Apple has now issued a statement to AllThingsD (http://allthingsd.com/20111201/apple-we-stopped-supporting-carrieriq-with-ios-5/) noting that the company stopped supporting Carrier IQ with iOS 5 on most of its products and that it will completely remove traces of the software in a future software update.We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.Early evidence had suggested that Carrier IQ has been able to capture significantly more information, including keystrokes and other extremely sensitive information, on Android than on iOS.

http://images.macrumors.com/article-new/2011/12/carrier_iq_logo.jpg


Research into Carrier IQ's functionality on iOS has indicated that any transmission of information has been limited to phone call and location information, but Apple's statement today suggests that the company has even stopped using that information via Carrier IQ, although it does collect its own anonymized and encrypted information from devices unless users have turned off the diagnostics reporting functionality.

U.S. Senator Al Franken has requested (http://franken.senate.gov/?p=press_release&id=1868) that Carrier IQ explain just what information the software is recording and transmitting and how that information is shared with carriers and potentially other parties. Earlier this year, Franken spearheaded the government inquiry (http://www.macrumors.com/2011/04/21/senator-asks-apple-about-location-tracking-issues-as-experts-weigh-in/) into location tracking concerns related to Apple's iOS and Google's Android platforms.

Article Link: Apple Stopped Supporting Carrier IQ in iOS 5, Complete Removal Coming in Future (http://www.macrumors.com/2011/12/01/apple-stopped-supporting-carrier-iq-in-ios-5-complete-removal-coming-in-future/)



soco
Dec 1, 2011, 02:40 PM
Good. I mean, it's not like they were using it malevolently. It's just that they need to know it makes people uncomfortable.

With all of this controversy over iTether, it's nice to see that Apple's ethics aren't "out of whack" right now.

Then again (Devil's Advocate) I suppose you could look at this like Apple trying to say what we want them to say only now that Carrier IQ has been ousted.

centauratlas
Dec 1, 2011, 02:42 PM
Good. To do otherwise is just outrageous.

macrumorsuser10
Dec 1, 2011, 02:43 PM
Apple has consistently shown that its end goal is to provide an excellent user experience. Thank you, Apple, for putting customers first and for not selling us to advertisers and other businesses.

Android users wanted a crappy OS made by an advertising company that doesn't care about privacy, and that's what they got.

w00master
Dec 1, 2011, 02:45 PM
Apple has consistently shown that its end goal is to provide an excellent user experience. Thank you, Apple, for putting customers first and for not selling us to advertisers and other businesses.

Android users wanted a crappy OS made by an advertising company that doesn't care about privacy, and that's what they got.

This really isn't iOS vs. Android. On the Android side, this is a CARRIER thing, so far according to most of the reports (including Gruber's site) the manufacturers (e.g. Samsung, HTC, etc.) weren't involved with this either.

w00master

Shrink
Dec 1, 2011, 02:45 PM
Good. I mean, it's not like they were using it malevolently. It's just that they need to know it makes people uncomfortable.

Completely agree.:)

Perhaps I am excessively distrustful, and, no, I have nothing to hide - but I value what little privacy remains for me in an increasingly interconnected world.

w00t951
Dec 1, 2011, 02:46 PM
Must be nice for Apple to be able to say this. HTC, Samsung, and other Android manufacturers can't.

blueillusion
Dec 1, 2011, 02:46 PM
Apple has consistently shown that its end goal is to provide an excellent user experience. Thank you, Apple, for putting customers first and for not selling us to advertisers and other businesses.

Android users wanted a crappy OS made by an advertising company that doesn't care about privacy, and that's what they got.

Wow, you really don't know what you're talking about.
The carriers put that in the phones. Google had nothing to do with it.

unicorn025
Dec 1, 2011, 02:47 PM
Apple has consistently shown that its end goal is to provide an excellent user experience. Thank you, Apple, for putting customers first and for not selling us to advertisers and other businesses.

Android users wanted a crappy OS made by an advertising company that doesn't care about privacy, and that's what they got.

We stopped supporting CarrierIQ with iOS 5

so you saying apple told you carrieriq was on your phone before then?

louis Fashion
Dec 1, 2011, 02:47 PM
God bless us everyone.

macrumorsuser10
Dec 1, 2011, 02:48 PM
This really isn't iOS vs. Android. On the Android side, this is a CARRIER thing, so far according to most of the reports (including Gruber's site) the manufacturers (e.g. Samsung, HTC, etc.) weren't involved with this either.

w00master

Wrong. It IS an iOS vs Android thing. Apple does NOT allow carriers to put any unauthorized crapware on their iPhones. It's a walled garden that works. Google does allow carriers to put additional software, skins and, apparently, CarrierIQ.

w00master
Dec 1, 2011, 02:49 PM
Wrong. It IS an iOS vs Android thing. Apple does NOT allow carriers to put any unauthorized crapware on their iPhones. It's a walled garden that works. Google does allow carriers to put additional software, skins and, apparently, CarrierIQ.

It really isn't. Google and the manufacturers didn't authorize this. Again... the carriers did.

Also... it was on iOS 4 (and before). So....


w00master

dwman
Dec 1, 2011, 02:49 PM
Off topic, seems like Tim Cook is ushering, to some degree anyway, an age of transparency. First was the statement about Siri not finding abortion clinics and now this. The SJ led Apple would never had allowed comment this soon if at all. Nice to see.

GSPice
Dec 1, 2011, 02:50 PM
I want to see one person - just one - who has ever been truly hurt, punished, injured or in any other way disenfranchised by a private corporation or public entity due to any of these horrific privacy-smashing civil rights-destroying espionage applications.

I have certain feelings about most complaints I hear about "privacy infringement". It involves laughter, mockery and cynicism.

dougal55
Dec 1, 2011, 02:50 PM
Good news...Actually I have found it (the ability to switch off diagnostics & usage by tapping "Don't Send") in my iPhone as soon as I had iOS5 installed in October and only discovered it by accident when playing around.

Now I can imagine the huge backlash there will be from Android owners when they find how much private information has been secretly recorded... I reckon Carrier IQ have a lot to answer for, not just their denial that was published today but that there should be some kind of instructions on how to opt out of it completely when it is so well hidden inside android phones.

If Carrier IQ don't do something about it, I can see a class lawsuit lining up to challenge them...

Rodimus Prime
Dec 1, 2011, 02:50 PM
Nice to see apple saying this but this is just the tip of the iceberg. As long as they are crystal clear on what they collect and we the people are given the ability to completely opt out it OK. It should not be a requirement to opt in for any reason on iOS or any OS

soco
Dec 1, 2011, 02:50 PM
Wrong. It IS an iOS vs Android thing. Apple does NOT allow carriers to put any unauthorized crapware on their iPhones. It's a walled garden that works. Google does allow carriers to put additional software, skins and, apparently, CarrierIQ.
Completely disagree given the fact that even with the "walled garden" we live in on iOS, Carrier IQ still touched us in our no-no zone.

Not that carriers did this on iOS, but still. It's not an OS vs OS thing. This is a privacy concern and it's everyone's burden.

nwcs
Dec 1, 2011, 02:50 PM
Seems Apple is the first to come out openly and even acknowledge CarrierIQ. That's kudos to them in my book instead of the sheepish denials other companies have offered. Is that because the other companies are doing something less than honest or because the left hand doesn't know what the right hand is doing?

It will be interesting to see what happens if this hits mainstream news services. To me this is more important than antennagate or some of the other things that have gained notoriety lately.

blueillusion
Dec 1, 2011, 02:51 PM
Wrong. It IS an iOS vs Android thing. Apple does NOT allow carriers to put any unauthorized crapware on their iPhones. It's a walled garden that works. Google does allow carriers to put additional software, skins and, apparently, CarrierIQ.

Yes, Apples doesn't allow carriers to put unauthorized software on their phones.
But apple DID put carrierIQ on their OWN phones.

Even though it didn't log any personal data, the capability is still there.

Rodimus Prime
Dec 1, 2011, 02:51 PM
I want to see one person - just one - who has ever been truly hurt, punished, injured or in any other way disenfranchised by a private corporation or public entity due to any of these horrific privacy-smashing civil rights-destroying espionage applications.

I have certain feelings about most complaints I hear about "privacy infringement". It involves laughter, mockery and cynicism.

It is a slippery slope. It is a line in the sand that just should not be crossed.

Jerome Morrow
Dec 1, 2011, 02:52 PM
We stopped supporting CarrierIQ with iOS 5

so you saying apple told you carrieriq was on your phone before then?

Yes it was, but it wasn't used for anything like in Android case. Do you understand? Please take any iOS <5 device and prove they are collecting your personal data and keystokes.

alent1234
Dec 1, 2011, 02:52 PM
I want to see one person - just one - who has ever been truly hurt, punished, injured or in any other way disenfranchised by a private corporation or public entity due to any of these horrific privacy-smashing civil rights-destroying espionage applications.

I have certain feelings about most complaints I hear about "privacy infringement". It involves laughter, mockery and cynicism.

if they aren't bad, why are they used?

macrumorsuser10
Dec 1, 2011, 02:52 PM
It really isn't. Google and the manufacturers didn't authorize this. Again... the carriers did.

Also... it was on iOS 4 (and before). So....


w00master

Apparently a junior high school level of reading comprehension is not your forte.

Apple does not allow carriers to put on crapware --> therefore, there is no carrier crapware.

Google allows carriers to put on crapware --> therefore, carriers will take advantage of this and put crapware on Android phones

chrono1081
Dec 1, 2011, 02:52 PM
Apple has consistently shown that its end goal is to provide an excellent user experience. Thank you, Apple, for putting customers first and for not selling us to advertisers and other businesses.

Android users wanted a crappy OS made by an advertising company that doesn't care about privacy, and that's what they got.

This actually has a lot of truth to it.

Everyone who looked at their iPhones before iOS 5 new it collected data unless you turned it off. It is there plain as day. If you missed it, then thats on you since its right in the settings. Not to mention you have the option to turn it off, and it only collects unimportant things, not keystrokes and searches and such that the Android handsets were.

Google is a data mining company. Even though its the OEM's who put this software on there (they control the software to anyone who says the carriers do it), Google will take the heat for letting Android be modified in this fashion.

Another thing, Nokia claims this isn't on their phones, hence more evidence that its the OEM's not the carriers that require this.

w00master
Dec 1, 2011, 02:53 PM
Apparently a junior high school level of reading comprehension is not your forte.

Apple does not allow carriers to put on crapware --> therefore, there is no carrier crapware.

Google allows carriers to put on crapware --> therefore, carriers will take advantage of this and put crapware on Android phones

Wow... apparently some people are touchy today.


So... is it better then that Apple authorized it on iOS 4 and before?

Google didn't. HTC didn't. Samsung didn't. It was done by the carrier in those cases...

So, what's worse here?

w00master

Jerome Morrow
Dec 1, 2011, 02:53 PM
Even though it didn't log any personal data, the capability is still there.

So we will debate this over a know fact that Andoid devices are collecting user private information?

OneMike
Dec 1, 2011, 02:55 PM
this is good news

chrono1081
Dec 1, 2011, 02:55 PM
Wow... apparently some people are touchy today.


So... is it better then that Apple authorized it on iOS 4 and before?

Google didn't. HTC didn't. Samsung didn't. It was done by the carrier in those cases...

So, what's worse here?

w00master

You are incorrect. If carriers required it then it would be on Nokia phones as well, but according to Nokia, it is not.

Carrier IQ masquerades itself as a diagnostic tool. Apple used it as such. Other OEM's, who are responsible for putting it on there abused its abilities and also made it very hard to remove.

GSPice
Dec 1, 2011, 02:56 PM
It is a slippery slope. It is a line in the sand that just should not be crossed.

Slippery slope my foot. That catch-all argument assumes way too much. Much that has been proven to be vastly difficult, unrealistic and or impossible given the last century's political *and* cultural climate. Remember when SSNs weren't supposed to be shared with *anyone*? Now everyone and their mother needs it to "verify your identification".

Peace
Dec 1, 2011, 02:56 PM
It really isn't. Google and the manufacturers didn't authorize this. Again... the carriers did.

Also... it was on iOS 4 (and before). So....


w00master

Fine. I'm now waiting for Google/Android Handset makers to announce that it won't allow the carriers to put this spyware on their smartphones.

Please let us know when this happens. :)

chelsel
Dec 1, 2011, 02:57 PM
"We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update."

Instead, we made our own version of the app and it's called iSecret. :eek:

dashiel
Dec 1, 2011, 02:58 PM
This really isn't iOS vs. Android. On the Android side, this is a CARRIER thing, so far according to most of the reports (including Gruber's site) the manufacturers (e.g. Samsung, HTC, etc.) weren't involved with this either.

It sort of is though. Apple has a very strict approach to their products, they decide what goes in and what doesn’t. They take full responsibility for their products. They obviously don’t have the OEM relationship to negotiate, but even at the carrier level, Apple sets a certain level of expectation (e.g. no carrier installed apps, no carrier logos, etc…)

Android by its very nature will never have the level of quality control and focus on end user experience iOS or WPS7 does. Bear in mind I’m not discounting the possibility of a balkan Android to come along, ala the Fire or even a Nexus device that will match Apple, but as a whole Android can never achieve parity in experience.

GSPice
Dec 1, 2011, 02:59 PM
if they aren't bad, why are they used?

You don't have to have multiple business degrees to know of the multitude of reasons such apps are valuable.

Superken7
Dec 1, 2011, 03:07 PM
This actually has a lot of truth to it.

Everyone who looked at their iPhones before iOS 5 new it collected data unless you turned it off. It is there plain as day. If you missed it, then thats on you since its right in the settings. Not to mention you have the option to turn it off, and it only collects unimportant things, not keystrokes and searches and such that the Android handsets were.

Google is a data mining company. Even though its the OEM's who put this software on there (they control the software to anyone who says the carriers do it), Google will take the heat for letting Android be modified in this fashion.

Another thing, Nokia claims this isn't on their phones, hence more evidence that its the OEM's not the carriers that require this.

Blaming Google, Samsung, HTC or anyone who did not put this into affected phones AND had no control over it is totally unreasonable.

In part this is what you get for having an open ecosystem: you give the freedom to do stuff like this.

What I think you CAN do, however, is praise Apple for taking a stand against carriers and winning a fight for not letting them touch their OS and phones.
You can point at this evidence for reasons for trying to convince manufacturers and Google to try to stop carriers from messing with the phones, but you can hardly blame them for what the carriers did.

I think it's a bit like someone blaming macrumors for controversial (but legal) messages posted on the site, just because the users had the freedom to talk about stuff.

On another note, I don't think you can blame Apple for having put CarrierIQ into iOS themselves: unlike the Android version, this was opt-out, you got warned that information could be recorded, it was much less intrusive (more reasonable stuff is being collected), and I think it was even disabled by default. They would obviously remove it now even if they didn't plan to just for avoiding possible controversy.

w00master
Dec 1, 2011, 03:07 PM
You are incorrect. If carriers required it then it would be on Nokia phones as well, but according to Nokia, it is not.

Carrier IQ masquerades itself as a diagnostic tool. Apple used it as such. Other OEM's, who are responsible for putting it on there abused its abilities and also made it very hard to remove.

You make a good point, then again this could be a case where everyone (I even lump Apple here) is scrambling. Everyone is now pointing fingers at each other. Case in point:

http://allthingsd.com/20111201/rim-htc-on-carrier-iq-blame-the-carriers/

Perhaps the real take away here is that all of them are to blame.

w00master

Oletros
Dec 1, 2011, 03:09 PM
So we will debate this over a wrong fact that Andoid devices are collecting user private information?

Corrected, you're welcome

unicorn025
Dec 1, 2011, 03:10 PM
Yes it was, but it wasn't used for anything like in Android case. Do you understand? Please take any iOS <5 device and prove they are collecting your personal data and keystokes.

what in android case, it was on the iphone did anyone know about this till now? this is the second time with iphone wasnt there a situation like this before with apple not to long ago.

look at the android source code and tell me were you see carrier IQ
in the source code you dont, google does not install this on there phone the carries do, htc has it samsung has it verizon said none of there phone has it, sprint has it and some of apple phone has it.

soco
Dec 1, 2011, 03:11 PM
Perhaps the real take away here is that all of them are to blame.

w00master
And I think that, right there, is the central point.

As I said in my original comment:

I suppose you could look at this like Apple trying to say what we want them to say only now that Carrier IQ has been ousted.

So maybe everyone is just scrambling, as you said, to cover their behinds now that Carrier IQ's potential negative uses are out in the open.

Either way, I stand by when I said that this kind of thing is everyone's burden and responsibility. Not only do the carriers and manufacturers need to be aware of and respect our privacy, but we as users need to take an active approach to ensure it.

Edit: Is it odd that I feel funny quoting myself? :confused:

ChazUK
Dec 1, 2011, 03:11 PM
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)

I wouldnt like to own any part of CarrierIQ right now. It's been a total trainwreck since TrevE first exposed them.

First came his findings
Then the cease and desist.
Then the apology & the announcement saying they were not monitoring SMS, location or keystrokes.
Then TrevE hits with another video showing plain text of SMS's, URL's and dialpad keylogging...


And now they're doing an independant review according to The Verge? They had the audacity to issue the C&D and then they lied about what the software is capable of?

Disgusting.

mingoglia
Dec 1, 2011, 03:11 PM
I love to see all the ways the Apple Fanboys continually defend Apple. To say in a post that Google is evil for allowing it and Apple is looking out for us because they (only) partially removed it in the CURRENT, just RELEASED version of the OS makes me laugh. Apple IMO is one of the most "evil" companies doing business. Yes I love their products. Yes I'm on a MBP now while my iPhone 4S is sitting next to me and my iPod Touch is in my car... and my Mac Mini is also on my desk and my Extreme Base station is across the room... but I'm not in denial thinking Apple is some knight in shining armor sitting on the hill protecting and defending mankind from everyone else.

w00master
Dec 1, 2011, 03:12 PM
Either way, I stand by when I said that this kind of thing is everyone's burden and responsibility. Not only do the carriers and manufacturers need to be aware of and respect our privacy, but we as users need to take an active approach to ensure it.

Brilliant. Totally agree.

BC2009
Dec 1, 2011, 03:12 PM
I want to see one person - just one - who has ever been truly hurt, punished, injured or in any other way disenfranchised by a private corporation or public entity due to any of these horrific privacy-smashing civil rights-destroying espionage applications.

I have certain feelings about most complaints I hear about "privacy infringement". It involves laughter, mockery and cynicism.

The problem I see is that on the phones where keystrokes were logged (like the HTC ones -- since iPhone did not log the keystrokes) is that things like credit card numbers and bank pins could be logged. Then if you lost the phone, somebody might have unencrypted access to that information.

Before this going public few folks knew about that. Now that it is known, the #1 thing an identity thief will do when finding a lost phone is try to pull the Carrier IQ logs from the device.

Thankfully iOS devices don't log the keystrokes. Also, supposedly WP7 devices and the Android Nexus devices don't even have this software installed.

I agree with you though that likely nobody has yet been hurt by this -- but the potential is there. Kinda like finding and exposing a security hole in an operating system. Once its out in the open, it needs to be fixed.

JForestZ34
Dec 1, 2011, 03:14 PM
Good news...Actually I have found it (the ability to switch off diagnostics & usage by tapping "Don't Send") in my iPhone as soon as I had iOS5 installed in October and only discovered it by accident when playing around.

Now I can imagine the huge backlash there will be from Android owners when they find how much private information has been secretly recorded... I reckon Carrier IQ have a lot to answer for, not just their denial that was published today but that there should be some kind of instructions on how to opt out of it completely when it is so well hidden inside android phones.

If Carrier IQ don't do something about it, I can see a class lawsuit lining up to challenge them...

Carrier IQ won't have to be worried about being sued. They aren't the one's that put the software on the phones. They sold the software to carriers.. They are in the clear.. The carriers have to answer for this..

And I can bet if it was never found it wouldn't even make the news..

Apparently a junior high school level of reading comprehension is not your forte.

Apple does not allow carriers to put on crapware --> therefore, there is no carrier crapware.

Google allows carriers to put on crapware --> therefore, carriers will take advantage of this and put crapware on Android phones

I don't know if you call it crapware but I do recall apple getting private information and then sending out a software update to address what they had going on...

You are incorrect. If carriers required it then it would be on Nokia phones as well, but according to Nokia, it is not.

Carrier IQ masquerades itself as a diagnostic tool. Apple used it as such. Other OEM's, who are responsible for putting it on there abused its abilities and also made it very hard to remove.

Like nokia would tell us the truth and risk a lawsuit.. They are probably looking into right now and wondering if it is there how to get it off their devices..


James

alhedges
Dec 1, 2011, 03:17 PM
I want to see one person - just one - who has ever been truly hurt, punished, injured or in any other way disenfranchised by a private corporation or public entity due to any of these horrific privacy-smashing civil rights-destroying espionage applications.

I have certain feelings about most complaints I hear about "privacy infringement". It involves laughter, mockery and cynicism.

This is stupid.

I can't show you one person who has been "been truly hurt, punished, injured or in any other way disenfranchised" by a store who put video cameras in bathrooms and changing rooms and allowed employees to see them naked. But most people feel violated by it and don't like it.

I probably wouldn't be "truly" harmed if "Find my Friends" broadcast my location on a public website that anyone could look at. But I would still feel like my privacy was invaded and would not like it.

And if you are okay with corporations abusing your privacy, that's your prerogative. But I'm glad that most people actually care about their privacy and object when corporations spy on them.

the-oz-man
Dec 1, 2011, 03:17 PM
Wow, you really don't know what you're talking about.
The carriers put that in the phones. Google had nothing to do with it.

More importantly might be that Google also hasn't (yet) done anything to stop it either.

Oletros
Dec 1, 2011, 03:18 PM
More importantly might be that Google also hasn't (yet) done anything to stop it either.

And what can do to stop it?

Consultant
Dec 1, 2011, 03:22 PM
We stopped supporting CarrierIQ with iOS 5

so you saying apple told you carrieriq was on your phone before then?

It is OFF by default on iOS.


Completely disagree given the fact that even with the "walled garden" we live in on iOS, Carrier IQ still touched us in our no-no zone.

Not that carriers did this on iOS, but still. It's not an OS vs OS thing. This is a privacy concern and it's everyone's burden.

Apple: off by default. Can be changed in settings. Cannot collect keystrokes or secure data.

Android: ON even before activation. Can NOT be changed. Can collect keystrokes and HTTPs info.

ChazUK
Dec 1, 2011, 03:24 PM
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)

We stopped supporting CarrierIQ with iOS 5

so you saying apple told you carrieriq was on your phone before then?

It is OFF by default on iOS.

It's not even INSTALLED by default on some devices. ;)

so aggressive

gkarris
Dec 1, 2011, 03:25 PM
Android users wanted a crappy OS made by an advertising company that doesn't care about privacy, and that's what they got.

Gives new meaning to the term, "Open System"... :eek:

;)

Jack Dangers
Dec 1, 2011, 03:26 PM
What a mess. While I can see the value of a software like this to the carriers and handset manufacturers, this seems to have been handled poorly from the get go. Fact is that a lot of companies were using it, including Apple. Ok, so Apple stopped supporting it in iOS 5, but what the heck does that mean? Why did they stop supporting it? Did Apple develop something themselves so they can stop paying Carrier IQ for their services? Or did they get a conscious and decided it was wrong? Who knows, but now they're seem to be spinning it to come across as the good guys. No one seems to know the extent of data collection and what is being done with it on ANY platform. I applaud the people who found this and decided it was a big deal. Just the thought of so much information about me being transferred to a 3rd party is very upsetting. How legal is all of this? Ugh, excuse me while I adjust my Tin foil hat... I just need transparency, that's all I ask so I can make the decision on the devices I use.

Gage
Dec 1, 2011, 03:28 PM
"Apple has now issued a statement noting that the company stopped supporting Carrier IQ with iOS 5 on most of its products"

Out of curiosity, which ones still have it?

chrono1081
Dec 1, 2011, 03:28 PM
Blaming Google, Samsung, HTC or anyone who did not put this into affected phones AND had no control over it is totally unreasonable.

In part this is what you get for having an open ecosystem: you give the freedom to do stuff like this.

What I think you CAN do, however, is praise Apple for taking a stand against carriers and winning a fight for not letting them touch their OS and phones.
You can point at this evidence for reasons for trying to convince manufacturers and Google to try to stop carriers from messing with the phones, but you can hardly blame them for what the carriers did.

I think it's a bit like someone blaming macrumors for controversial (but legal) messages posted on the site, just because the users had the freedom to talk about stuff.

On another note, I don't think you can blame Apple for having put CarrierIQ into iOS themselves: unlike the Android version, this was opt-out, you got warned that information could be recorded, it was much less intrusive (more reasonable stuff is being collected), and I think it was even disabled by default. They would obviously remove it now even if they didn't plan to just for avoiding possible controversy.

The handset manufacturers put it in. There is no way around that. It sits between the hardware level and the software level which is why its so hard to remove.

Now, as far as carriers wanting it on there, I can completely see that. What I can't see is how some handset manufacturers (Nokia and Apple) don't put it on there yet others do. Again, I blame the handset manufacturers because its obviously not an "all or nothing" situation.

You make a good point, then again this could be a case where everyone (I even lump Apple here) is scrambling. Everyone is now pointing fingers at each other. Case in point:

http://allthingsd.com/20111201/rim-htc-on-carrier-iq-blame-the-carriers/

Perhaps the real take away here is that all of them are to blame.

w00master

I wouldn't be surprised if all were in cahoots to sell user data. Its a huge business. I still say OEMs are more to blame since they are the ones that install it, and some OEMs don't install it (Nokia) or use it for only diagnostics (Apple).

Corrected, you're welcome

Please explain how this is "corrected"?

Sardonick007
Dec 1, 2011, 03:29 PM
I appreciate the stance and the proposed removal. My big question though is why it took "...wake of significant publicity" to get to this point, and, what else is being done without our knowledge, on our devices, for which we pay a premium sum of money? Like I said, it's a start, but hopefully not an end.

Oletros
Dec 1, 2011, 03:31 PM
Please explain how this is "corrected"?

Android doesn't collect any data by default, you have to opt in to allow collect location data

Vindicator
Dec 1, 2011, 03:32 PM
It is OFF by default on iOS.


before iOS5?

samcraig
Dec 1, 2011, 03:46 PM
Android itself doesn't use Carrier IQ.

Carriers when they build their UI's add it on.

So if there's blame - it's the carriers, not Android or their phone manufacturers.

chrono1081
Dec 1, 2011, 03:47 PM
Android doesn't collect any data by default, you have to opt in to allow collect location data

Actually CarrierIQ sends data when the phone isn't even activated. It doesn't matter whether you opt in or not, Carrier IQ works outside the operating system.

A team at work is testing phones as we speak over this debacle.

Jack Dangers
Dec 1, 2011, 03:47 PM
Either way, I stand by when I said that this kind of thing is everyone's burden and responsibility. Not only do the carriers and manufacturers need to be aware of and respect our privacy, but we as users need to take an active approach to ensure it.

Edit: Is it odd that I feel funny quoting myself? :confused:


I completely agree. It is ultimately our responsibility. That being said, does the EULA on all these devices specifically reference Carrier IQ or anything similar? Does it say that a 3rd party app will record text messages, phone calls and browsing history? If so then I definitely place the blame on the user for not sitting and reading through the EULA. Unfortunately, I have a feeling this is not being clearly articulated in the EULA, because if it was, there would be a lot less people opting in to use these phones. But honestly, I've never ready through them myself so I could be wrong :p

chrono1081
Dec 1, 2011, 03:47 PM
Android itself doesn't use Carrier IQ.

Carriers when they build their UI's add it on.

So if there's blame - it's the carriers, not Android or their phone manufacturers.

Then how come Nokia doesn't have it? Or Apple?

Its definitely the OEM's, they're the ones who are licensing and modding Android.

samcraig
Dec 1, 2011, 03:50 PM
Then how come Nokia doesn't have it? Or Apple?

Its definitely the OEM's, they're the ones who are licensing and modding Android.

I don't know why. Maybe Carrier IQ isn't designed to work with their devices.

Apple had it up until iOS 5.0.

It's not OEMs. It's the carriers. Read a little bit more. The carriers are doing the modding. Again - read more about it (IE - on engadget).

ChazUK
Dec 1, 2011, 03:55 PM
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)

Android itself doesn't use Carrier IQ.

Carriers when they build their UI's add it on.

So if there's blame - it's the carriers, not Android or their phone manufacturers.

Then how come Nokia doesn't have it? Or Apple?

Its definitely the OEM's, they're the ones who are licensing and modding Android.

If it is entirely the responsibility of the OEMS, why doesn't the Sprint Nexus S 4g have CIQ? The HTC Nexus One?

I'd say both OEMs are responsible & the carriers as not every phone of the same model has the CIQ agent installed on every carrier.

Edit: Even RIM havd said the do not authorize or distribute CIQ yet there are rumours that some carrier customised versions of BlackBerry hardware have it installed.

inkswamp
Dec 1, 2011, 03:57 PM
Wrong. It IS an iOS vs Android thing. Apple does NOT allow carriers to put any unauthorized crapware on their iPhones. It's a walled garden that works. Google does allow carriers to put additional software, skins and, apparently, CarrierIQ.

Bingo! I don't really want to get into Android vs. iOS, but that whole line of thinking seems to me just a convenient way to get Google and all the hardware companies off-the-hook, which IMO, is crap. Google and Samsung and HTC and everyone else could exert more control over their product to ensure that the carriers don't do this if they actually cared, but they don't seem to give a rip so they are every bit as much to blame for this as the carriers are.

Still, I'm happy to see Apple come forward and acknowledge it instead of playing pass-the-buck.


Android itself doesn't use Carrier IQ.

Carriers when they build their UI's add it on.

So if there's blame - it's the carriers, not Android or their phone manufacturers.

This kind of thinking reminds me of the old Wintel era where users calling for support to Microsoft would be directed to the hardware maker who would direct them to the software maker who would direct them to Microsoft. The whole team gets the blame when there's a failure.

samcraig
Dec 1, 2011, 03:57 PM
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)



If it is entirely the responsibility of the OEMS, why doesn't the Sprint Nexus S 4g have CIQ? The HTC Nexus One?

I'd say both OEMs are responsible & the carriers as not every phone of the same model has the CIQ agent installed on every carrier.


The truth is we don't know at this point definitively. It's possible the carriers haven't/didn't install it on every device but just ones they handpicked. Maybe it was a cost/licensing issue and they didn't do it across the board.

frankjl
Dec 1, 2011, 03:59 PM
WOW if you believe this you are seriously an idiot.

1st of all. If it was no longer supported why leave traces behind.
Sounds like a sloppy job. But you apple lovers dont see this far.

2nd of all. Why did apple not disclose this at all previously?

3rd why not all their products? Better yet they have 3 mobile devices. iPod, iPhone, iPad.
why one still crris it and why did you choose not to fully remove it from ALL if you really cared?

It is amazing to me how some of you are so enamored with apple that you fail to use logic and common sense. This statement to me reads.

Get over it, well just figure out away to make your forget it and somehow hide it even further. If you for one second believe that apple is willing to loose all this data then you are INSANE!! tomorrow when YOU die. Dont expect a "you will be remembered card from apple"

Rocketman
Dec 1, 2011, 04:00 PM
I wonder if the disclosure of the specific means Fusion (Carrier IQ being their tool) is capturing virtually all secret info from all Android handsets will in some way become widespread public information and concern to the point there is a backlash not against puny IQ but against the government that delivered it. You know, and susceptible Android handsets of all brands.

I wonder how long this message will dwell.

Rocketman

http://www.dhs.gov/files/programs/gc_1156877184684.shtm

http://judicialmisconduct.blogspot.com/2011/03/fusion-center-locations-and-information.html

http://tc.indymedia.org/2010/mar/surprise-bill-interstate-fusion-center-data-sharing-pops-tuesday-specs-found-harris-stingra

Mad-B-One
Dec 1, 2011, 04:01 PM
"Apple has now issued a statement noting that the company stopped supporting Carrier IQ with iOS 5 on most of its products"

Out of curiosity, which ones still have it?

I guess the ones which don't run iOS 5?

ChazUK
Dec 1, 2011, 04:01 PM
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)

Wrong. It IS an iOS vs Android thing. Apple does NOT allow carriers to put any unauthorized crapware on their iPhones. It's a walled garden that works. Google does allow carriers to put additional software, skins and, apparently, CarrierIQ.

Bingo! I don't really want to get into Android vs. iOS, but that whole line of thinking seems to me just a convenient way to get Google and all the hardware companies off-the-hook, which IMO, is crap. Google and Samsung and HTC and everyone else could exert more control over their product to ensure that the carriers don't do this if they actually cared, but they don't seem to give a rip so they are every bit as much to blame for this as the carriers are.

Still, I'm happy to see Apple come forward and acknowledge it instead of playing pass-the-buck.



None of Googles handsets by HTC or samsung have CIQ installed.

This whole thing is limited to a few models of carrier branded handsets as even my GSM Galaxy S 2 (non stock Android modified by Samsung) is devoid of any CIQ software.

inkswamp
Dec 1, 2011, 04:04 PM
None of Googles handsets by HTC or samsung have CIQ installed.

You're missing the forest for the trees. Google is at the top of the Android pyramid. They're the boss. They could exert more control over the platform to ensure quality and security but they don't. They wash their hands of it under the guise of being "free and open" which just translates as corporate irresponsibility in my book.

Oletros
Dec 1, 2011, 04:08 PM
Actually CarrierIQ sends data when the phone isn't even activated. It doesn't matter whether you opt in or not, Carrier IQ works outside the operating system.

A team at work is testing phones as we speak over this debacle.

I have said Android, Carrier IQ is not part of Android. If you want you can say some Android handsets collects data, then I will say, yes

----------

The truth is we don't know at this point definitively. It's possible the carriers haven't/didn't install it on every device but just ones they handpicked. Maybe it was a cost/licensing issue and they didn't do it across the board.

It seems that only USA handsets have Carrier IQ installed so it's more about carriers than OEM's

----------

You're missing the forest for the trees. Google is at the top of the Android pyramid. They're the boss. They could exert more control over the platform to ensure quality and security but they don't. They wash their hands of it under the guise of being "free and open" which just translates as corporate irresponsibility in my book.

And how can they prevent it?

ChazUK
Dec 1, 2011, 04:14 PM
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)

None of Googles handsets by HTC or samsung have CIQ installed.

You're missing the forest for the trees. Google is at the top of the Android pyramid. They're the boss. They could exert more control over the platform to ensure quality and security but they don't. They wash their hands of it under the guise of being "free and open" which just translates as corporate irresponsibility in my book.

Can you point me to the press release where Google have washed their hands of this?

Up until yesterday, many people on this forum didn't know this software was even integrated in to iOS saying "Apple will never allow this as they have total control over iOS".

There is so much we don't know at this point that it may be a mistake.to point the blame (of course, you are welcome to your opinions)

Does CIQ have the same level of access on Samsung handsets (so far the only examples I've seen are of HTC hardware). What about the supposed millions of feature phones that have CIQ installed on it? Why is it not on all devices on the same carrier by the same OEM?

Google may be king of the hill when it comes to Android but they've chosen not go install it on any of their handsets. We don't know the ins and outs of any licencing between Google, carriers and OEMs either so a lot of this is speculative at this point (my thoughts included).

BaldiMac
Dec 1, 2011, 04:17 PM
And how can they prevent it?

Are you going to continue to pretend ignorance, despite the fact that we've had this conversation several times today?

Oletros
Dec 1, 2011, 04:20 PM
Are you going to continue to pretend ignorance, despite the fact that we've had this conversation several times today?

When you show a FACT and not a guess about it, it will be ignorance.

wikus
Dec 1, 2011, 04:21 PM
Another reason why aftermarket Android ROMS are a major benefit.

BaldiMac
Dec 1, 2011, 04:26 PM
When you show a FACT and not a guess about it, it will be ignorance.

A guess? I clearly described that Google can impose licensing restrictions on manufacturers who choose to use Google apps and the Android trademark. What part is a guess?

gkpm
Dec 1, 2011, 04:27 PM
And how can they prevent it?

Again?

Google can do what they already considered in the past:

http://www.businessinsider.com/google-skyhook-emails-2011-5#heres-where-google-employee-dan-morrill-admits-that-google-is-using-compatibility-as-a-club-to-make-phone-manufacturers-do-things-we-want-this-is-regarding-a-separate-issue-some-software-called-logmein-9

Simply add that requirement to the agreement. The CDD mentioned in that e-mail is the:

"Compatibility Definition Document (CDD)
For each release of the Android platform, a detailed Compatibility Definition Document (CDD) will be provided. The CDD represents the "policy" aspect of Android compatibility."

So a new agreement is made for every new Android release.

http://source.android.com/compatibility/overview.html

ChazUK
Dec 1, 2011, 04:29 PM
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)

Another reason why aftermarket Android ROMS are a major benefit.

They shouldn't be a necessity tho.

No one should have to root and install a custom ROM onto a handset (thus voiding any warranty) to have a clean phone, free from CIQ (especially as users were never made aware it was even on their handsets).

Oletros
Dec 1, 2011, 04:31 PM
Again?

Google can do what they already considered in the past:

http://www.businessinsider.com/google-skyhook-emails-2011-5#heres-where-google-employee-dan-morrill-admits-that-google-is-using-compatibility-as-a-club-to-make-phone-manufacturers-do-things-we-want-this-is-regarding-a-separate-issue-some-software-called-logmein-9

Simply add that requirement to the agreement. The CDD mentioned in that e-mail is the:

"Compatibility Definition Document (CDD)
For each release of the Android platform, a detailed Compatibility Definition Document (CDD) will be provided. The CDD represents the "policy" aspect of Android compatibility."

So a new agreement is made for every new Android release.

http://source.android.com/compatibility/overview.html

Oohhh, they can try to prevent thing by DCC and be sued like they has been sued by Skyhook

Thanks for proving my point about Android.

Do you really read the things you post or only blindly post the first thing you find searching the web?

----------

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)



They shouldn't be a necessity tho.

No one should have to root and install a custom ROM onto a handset (thus voiding any warranty) to have a clean phone, free from CIQ (especially as users were never made aware it was even on their handsets).

Exactly

----------

A guess? I clearly described that Google can impose licensing restrictions on manufacturers who choose to use Google apps and the Android trademark. What part is a guess?

Another time? They can't impose restrictions on Android trademark, the thing I was answering.

BaldiMac
Dec 1, 2011, 04:35 PM
Oohhh, they can try to prevent thing by DCC and be sued like they has been sued by Skyhook

Thanks for proving my point about Android.

Do you really read the things you post or only blindly post the first thing you find searching the web?

Again, being sued is not evidence of illegality. Besides there is no need to ban specific apps. As I've said before, they can just impose a minimum privacy policy. Or an opt-in requirement for pre-installed spyware. Your antitrust claims are just a smokescreen.

----------

Another time? They can't impose restrictions on Android trademark, the thing I was answering.

Source?

They own the trademark. You don't think they can impose restrictions on its use? :confused: They already do. See the Compatibility Definition Document (CDD).

gkpm
Dec 1, 2011, 04:36 PM
Oohhh, they can try to prevent thing by DCC and be sued like they has been sued by Skyhook

Why would they sue Google over a clause limiting software like Carrier IQ?

"We're suing Google because they won't let us install our spyware on the phones"

They would be the laughing stock of the world.

ps - That e-mail was about LogMeIn, not Skyhook btw. Did you read it?

Thunderhawks
Dec 1, 2011, 04:38 PM
I appreciate the stance and the proposed removal. My big question though is why it took "...wake of significant publicity" to get to this point, and, what else is being done without our knowledge, on our devices, for which we pay a premium sum of money? Like I said, it's a start, but hopefully not an end.

Why?

Al Franken didn't know about it:-)

a.gomez
Dec 1, 2011, 04:40 PM
1. AT&T/Sprint said they used them - VERIZON does not in the US (most android phones in the US anyway)

2. HTC said it is required by some US carriers to use it (see above)


I guess now some in the Apple community can not read :rolleyes:
iOS dumbing down of Apple continues

ChazUK
Dec 1, 2011, 04:44 PM
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)


And how can they prevent it?

Again?

Google can do what they already considered in the past:

http://www.businessinsider.com/google-skyhook-emails-2011-5#heres-where-google-employee-dan-morrill-admits-that-google-is-using-compatibility-as-a-club-to-make-phone-manufacturers-do-things-we-want-this-is-regarding-a-separate-issue-some-software-called-logmein-9

Simply add that requirement to the agreement. The CDD mentioned in that e-mail is the:

"Compatibility Definition Document (CDD)
For each release of the Android platform, a detailed Compatibility Definition Document (CDD) will be provided. The CDD represents the "policy" aspect of Android compatibility."

So a new agreement is made for every new Android release.

http://source.android.com/compatibility/overview.html

Just had a quick browse of the supporting document for Android 2.3 and this caught my eye:

"Alternate runtimes MUST NOT be launched with, be granted, or grant to other applications any privileges of the superuser (root), or of any other user ID."

I'm wondering if CIQ cotravines this rule in any way as the CIQ agent must have superuser privileges to collect all of the information that it does.

Oletros
Dec 1, 2011, 04:49 PM
They already do. See the Compatibility Definition Document (CDD).

http://source.android.com/compatibility/2.3/android-2.3.3-cdd.pdf

Have you seen it? Can you show me any restriction that is not technical? Thanks

----------

[SIZE=1]"Alternate runtimes MUST NOT be launched with, be granted, or grant to other applications any privileges of the superuser (root), or of any other user ID."

Carrier IQ is not an alternate runtime:

Device implementations MAY include runtime environments that execute applications using some other virtual machine or native code. However, such alternate execution environments MUST NOT compromise the of installed Android applications, as described in this section.

wovel
Dec 1, 2011, 04:55 PM
We stopped supporting CarrierIQ with iOS 5

so you saying apple told you carrieriq was on your phone before then?

Who cares if they mentioned the mechanism. They did explicitly state what information was collected, it is an opt in system and their policy is available right on the device in the same place you opt in.

a.gomez
Dec 1, 2011, 04:55 PM
Wrong. It IS an iOS vs Android thing. Apple does NOT allow carriers to put any unauthorized crapware on their iPhones. It's a walled garden that works. Google does allow carriers to put additional software, skins and, apparently, CarrierIQ.

Basically the 2 years I had my Iphone 3GS (contract ended in August) I had CIQ running on my phone - so Apple DID allow it on their phones... they already said so.

wovel
Dec 1, 2011, 04:56 PM
1. AT&T/Sprint said they used them - VERIZON does not in the US (most android phones in the US anyway)

2. HTC said it is required by some US carriers to use it (see above)


I guess now some in the Apple community can not read :rolleyes:
iOS dumbing down of Apple continues

Too bad Verizon was apparently not telling the whole truth...

gkpm
Dec 1, 2011, 04:57 PM
http://source.android.com/compatibility/2.3/android-2.3.3-cdd.pdf

Have you seen it? Can you show me any restriction that is not technical? Thanks

Sure, here's one:

"Device implementations MUST include a single, shared, system-wide search user interface capable of real-time suggestions in response to user input."

in other words "You must show a search box in all screens"

But then again that's Google's core business isn't it, privacy not so much.

BaldiMac
Dec 1, 2011, 05:00 PM
http://source.android.com/compatibility/2.3/android-2.3.3-cdd.pdf

Have you seen it? Can you show me any restriction that is not technical? Thanks:

I'm not sure what that has to do with anything. Are you trying to say that the only reason that Google could deny anyone use of the Android trademark is technical? The CDD is just a prerequisite for Android branding. It isn't the only requirement.

Rodimus Prime
Dec 1, 2011, 05:03 PM
This actually has a lot of truth to it.

Everyone who looked at their iPhones before iOS 5 new it collected data unless you turned it off. It is there plain as day. If you missed it, then thats on you since its right in the settings. Not to mention you have the option to turn it off, and it only collects unimportant things, not keystrokes and searches and such that the Android handsets were.

Google is a data mining company. Even though its the OEM's who put this software on there (they control the software to anyone who says the carriers do it), Google will take the heat for letting Android be modified in this fashion.

Another thing, Nokia claims this isn't on their phones, hence more evidence that its the OEM's not the carriers that require this.

I think it funny that you some how think Apple is not data mining you like crazy and doing just as much.

rudigern
Dec 1, 2011, 05:04 PM
In the original video the developer shows an non-carrier tied phone towards the end. He didn't explicitly say but I assume its with original manufacturer software too? Doesn't that meant the carriers are not the only ones to blame?

gkpm
Dec 1, 2011, 05:07 PM
I think it funny that you some how think Apple is not data mining you like crazy and doing just as much.

And doing what with it? iAds?

I don't even see them, none of the apps I have use them.

It's not iTunes Genius recommendations either because they're terrible!

Google on the other hand runs ads for almost the entire web.

unicorn025
Dec 1, 2011, 05:15 PM
Who cares if they mentioned the mechanism. They did explicitly state what information was collected, it is an opt in system and their policy is available right on the device in the same place you opt in.

apple had this thing happen to them before this is the secound time suchtracking has been done on apple/

MattInOz
Dec 1, 2011, 05:18 PM
"Apple has now issued a statement noting that the company stopped supporting Carrier IQ with iOS 5 on most of its products"

Out of curiosity, which ones still have it?

I suspect the real question is in which markets do iOS devices have Carrier IQ activated?

Reading between the lines "with iOS5 its only on some devices" makes me think that with delta updates they can leave it off devices that aren't required by carrier condition to have it, where previously with the overwrite updates it was installed but only activated where required.

Rocketman
Dec 1, 2011, 05:24 PM
I think Apple's only promise is they do not attach personally identifying info with the data packet. I simply ask, who has access to these packets and device ID's through traditional internet routers?

I suspect dozens of continuous capture entities do.

What they can or do do with it is another issue.

IP is very public.

Oh, BTW Franken is not on a need to know basis on any security committee.

Lennholm
Dec 1, 2011, 05:29 PM
This kind of thinking reminds me of the old Wintel era where users calling for support to Microsoft would be directed to the hardware maker who would direct them to the software maker who would direct them to Microsoft. The whole team gets the blame when there's a failure.

Nothing has changed in the world of call centers, the carriers referr to Apple for support with their iPhone, AppleCare referrs to the carrier, back and forth, it's still the same

unicorn025
Dec 1, 2011, 05:33 PM
well some android phone had carrier iq but all iphones had it till ios5, did apple say hey we tracking you, no they did not.

powers74
Dec 1, 2011, 06:00 PM
Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3)

Why & how did it make it into iOS in the first place?

inkswamp
Dec 1, 2011, 06:07 PM
And how can they prevent it?

Google could exert control over their platform in some non-technical ways. The most obvious is that they could create some kind of "Google approved" logo/program and hype the crap out of it as the best way to experience Android, and only allow phone vendors and carriers to be part of it if they meet certain requirements imposed by Google. Those requirements would be designed with the best interests of the end user at heart.

That becomes a selling point for consumers when they know Google stands behind it and that there's no BS like CarrierIQ or crapware being added. It would give Google a way to control a reasonable subset of their platform and ensure quality on a number of phones while still allowing the free and open part of Android to persist.

Like I said, first Google has to give a rip about the user experience on Android. At this point, they don't seem to care.

kalex
Dec 1, 2011, 06:44 PM
Right now carrierIQ is done. Its a bastard child of phone industry and its going to be a scapegoat for others. It happens all the time now. Someone finds something out, bloggers pick it up, raise a stink and now companies are backpedalling and trying to find someone to blame. So saying that android is the only one doing it and that Apple is a saint and would never do this to their users is BS.

gkpm
Dec 1, 2011, 06:45 PM
well some android phone had carrier iq but all iphones had it till ios5, did apple say hey we tracking you, no they did not.

No, but that's because they weren't tracking.

Carrier IQ on iOS was always limited to essential disgnostic information only - no numbers, key presses, URLs - none of the information hoarding done by the Android version.

That's probably because the version on iOS was developed with Apple and not left in the hands of carriers.

The real lesson here is you can't leave things like this to the carriers. You can't even give them the chance to do it.

samcraig
Dec 1, 2011, 06:49 PM
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)



They shouldn't be a necessity tho.

No one should have to root and install a custom ROM onto a handset (thus voiding any warranty) to have a clean phone, free from CIQ (especially as users were never made aware it was even on their handsets).

Right. I agree. But at least Android users have/had an option. Prior to iOS 5 - how would you handle removing CIQ from the iPhone?

wikus
Dec 1, 2011, 07:02 PM
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)



They shouldn't be a necessity tho.

No one should have to root and install a custom ROM onto a handset (thus voiding any warranty) to have a clean phone, free from CIQ (especially as users were never made aware it was even on their handsets).

Thats not what I meant.

My point is that its just another way to benefit from having the OPTION of switching between ROMs.

Choice is a good thing. But not a reality in the Apple world (the only choice is to either go all in or not at all).

DakotaGuy
Dec 1, 2011, 07:13 PM
The handset manufacturers put it in. There is no way around that. It sits between the hardware level and the software level which is why its so hard to remove.

Now, as far as carriers wanting it on there, I can completely see that. What I can't see is how some handset manufacturers (Nokia and Apple) don't put it on there yet others do. Again, I blame the handset manufacturers because its obviously not an "all or nothing" situation.


Then how do you explain the fact that Verizon has made an official statement (actually two times in the past couple of weeks) that Carrier IQ is not installed or used on any of their phones?

It seems to me that carriers like AT&T and Sprint should be the ones that are blamed because they wanted it on their phones.

Taz Mangus
Dec 1, 2011, 07:16 PM
I think it funny that you some how think Apple is not data mining you like crazy and doing just as much.

Citation please. I know, you don't to need to provide any.

*LTD*
Dec 1, 2011, 07:44 PM
Once again, Gruber absolutely nails it.

------------------------------------------------


Rootkit, Eh?

Thursday, 1 December 2011

Thom Holwerda, OSNews, headline: “CarrierIQ Rootkit Found on Android, iOS”

Really?

On iOS the setting is off by default, plainly labeled, and even when turned on, apparently only logs (a) location data and (b) when a phone call was active. And it doesn’t even log location data if Location Services are disabled — a setting which, again, is plainly labeled and easy to find.

According to Trevor Eckhart, on HTC Android phones, the Carrier IQ daemon logs the following: every number you press in the phone dialer, every key you type on the keyboard, every SMS message you receive, every URL you open in the web browser, every app you open, all media playback, and your location. There is no visible sign that this is running, the process is hidden from the process viewer, and there is no way to turn it off.

From that information, Holwerda chooses the headline “CarrierIQ Rootkit Found on Android, iOS”. [UPDATE: The headline has since been changed to “CarrierIQ Rootkit Found on Android”.]

As a sidenote, it amuses me to no end how someone like John Gruber has mysteriously and quite suddenly adopted the “it’s the carrier’s fault!”-mantra now that iOS has also been found to include CarrierIQ. Which is ironic, since it appears that Apple is the only one including CarrierIQ (slightly butchered, but still) within the operating system itself, whereas on Android, it’s a carrier thing.

I could point out that describing the Carrier IQ-related logging on iOS as a “slightly butchered” version of what’s been found on HTC Android phones is an absurd instance of false equivalence, but that’s self-evident. I enjoy a debate regarding my work and any perceived biases in it, and I’d like to think that OSNews is a reasonable source with a different perspective, which is why I’m responding to this. But I worry here that I’m trying to reason with the unreasonable.

How could my stance on Carrier IQ “suddenly” change when I’d never written about it before yesterday? I’ve gone back and re-read everything I’ve written about it thus far (here, here, and here), and I can’t find a single word where I place blame anywhere other than in the hands of the carriers. (Which, as the story continues to unfold, looks to be exactly where the blame should be placed.) I didn’t even crack an “Android is open” joke.

What’s important here is not merely the presence of anything related to “Carrier IQ”. What’s important is the surreptitious logging and collection of sensitive private data. It is certainly interesting that Apple is using Carrier IQ services to log anything at all, and worthy of investigation. But to date, we’ve learned nothing scandalous, misleading, or unclear about what Apple is doing in this regard. There’s not a shred of evidence that Apple is now or ever was using Carrier IQ for anything other than collecting only and exactly the sort of data Apple says, plainly, that it collects when the user chooses — explicitly — to allow it.

Apple has a clearly-worded diagnostics collection privacy policy, which you can read on the device in Settings → General → About → Diagnostics & Usage → “About Diagnostics and Privacy”. I’m hosting a copy of it here so everyone can read it. It’s short and utterly reasonable.

The worst that can be said of Apple in this saga is that they’re guilty by association — that Apple used, for innocuous purposes, the services of a company that others have used for nefarious purposes. To put this in the same boat as Android devices which ship from the factory with secret keyloggers installed is absurd.*★

http://daringfireball.net/

----------------------------------------------

But hey, it's "open", or whatever . . .

unicorn025
Dec 1, 2011, 07:46 PM
No, but that's because they weren't tracking.

Carrier IQ on iOS was always limited to essential disgnostic information only - no numbers, key presses, URLs - none of the information hoarding done by the Android version.

That's probably because the version on iOS was developed with Apple and not left in the hands of carriers.

The real lesson here is you can't leave things like this to the carriers. You can't even give them the chance to do it.

they were doing it before who to say there werent now, after all apple allowe it to be on the iphone they new it was there , now that this is out in the open they come out with there twist on why it was allow apple has been lying to thier costemers since day one.

Xenu007
Dec 1, 2011, 08:01 PM
Just because Apple doesn't read iPhone emails, texts, or encrypted searches doesn't mean Carrier IQ isn't collecting this information anyway. Anyone who conducts illegal wiretapping should be criminally prosecuted to the full extent of the law, and if it turns out Apple is an accessory to criminal wiretapping, certain Apple executives should end up in jail.

OldMike
Dec 1, 2011, 08:09 PM
I think it is unbelievable that customers are not made aware of what is going on with the phones and plans they spend good money on.

The worst offenders, in my mind, are companies like HTC who actually compile this Carrier IQ stuff right into their bloated version of Android. Really ridiculous, and I hope that people start holding companies, who are complicit in compromising users privacy and security, accountable.

I applaud Apple for taking the stance they are on this issue.

DeathChill
Dec 1, 2011, 08:12 PM
Right. I agree. But at least Android users have/had an option. Prior to iOS 5 - how would you handle removing CIQ from the iPhone?

But it was only enabled if you selected to send diagnostics and usage information and it didn't record anything the way the versions on Android apparently do. Don't enable that option and it shouldn't be an issue, right?

EDIT: Also, nice that you can always find the downside for Apple. You're like the anti-LTD. :)

dontwalkhand
Dec 1, 2011, 08:27 PM
This is not as important as the privacy concerns, but still important, how does Carrier IQ affect battery life anyway? It seems that with this reporting all the time, battery life goes down the drain (which probably explains Android's battery crap too)

----------

Right. I agree. But at least Android users have/had an option. Prior to iOS 5 - how would you handle removing CIQ from the iPhone?

When plugging in your iPhone for the first time, you choose Don't Send on iOS 4.

On iOS 5, this option appears during that Welcome setup.

lxchee
Dec 1, 2011, 09:15 PM
Apple is saying iOS ver 1.0 till 4.3.5 has CIO in the kernel, while 5.0 and beyond does not.

Why would Apple, largest company in the world in terms of market cap, allow a small virtually unknown company like Carrier IQ place a bug in their OS, when they wont even allow their partner (Google, Yahoo, etc..) access.

My reasoning is, the multi-year deal with Cingular (initially when iPhone was begging for carrier to carry it on their terms) .. later bought over by AT&T. Probably in the deal, AT&T insisted that CIQ be included in exchange for Apple's terms. And since the exclusive deal just ended recently, CIQ was no longer found in the newer iOS, replaced by awd (Apple Wired Database?).

hissyfit
Dec 1, 2011, 09:34 PM
I am pleased that they will remove it. Where is our right to privacy?

hot spare
Dec 1, 2011, 09:35 PM
More importantly might be that Google also hasn't (yet) done anything to stop it either.

I also blame Google for WWII. They should have stopped Hitler.

devilstrider
Dec 1, 2011, 10:01 PM
Apple has consistently shown that its end goal is to provide an excellent user experience. Thank you, Apple, for putting customers first and for not selling us to advertisers and other businesses.

Android users wanted a crappy OS made by an advertising company that doesn't care about privacy, and that's what they got.

LOL this is a carrier thing man. Calm down fanboy.

faroZ06
Dec 1, 2011, 10:17 PM
I don't get why Apple is nice to the carriers at all. Having the iPhone on your network is what all carriers dream of. Apple doesn't need to worry about their devices wasting the carriers' bandwidth with VoIP and tethering!

----------

I am pleased that they will remove it. Where is our right to privacy?

Not in the Constitution (4th amendment), as many think. That is regarding searches and seizures by government organizations. Not saying anything against you, but I hate it when Tea Party and Occupy people think the Bill of Rights gives them the right to do anything they want.

The 1st amendment simply says: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."

I would not call camping out and destroying public land as "peaceful". In fact, they have plenty of places to assemble where it is legal to do so.

----------

Right. I agree. But at least Android users have/had an option. Prior to iOS 5 - how would you handle removing CIQ from the iPhone?

Tethered jailbreak, a nightmare (especially for users not used to using Terminal).

----------

And doing what with it? iAds?

I don't even see them, none of the apps I have use them.

It's not iTunes Genius recommendations either because they're terrible!

Google on the other hand runs ads for almost the entire web.

I installed an ad blocker since the only time I click on ads is by accident (and it closes my app :mad:) or repeatedly when I feel like making the advertiser pay a lot of money for their annoying ads :cool:

samcraig
Dec 2, 2011, 06:48 AM
This is not as important as the privacy concerns, but still important, how does Carrier IQ affect battery life anyway? It seems that with this reporting all the time, battery life goes down the drain (which probably explains Android's battery crap too)

----------



When plugging in your iPhone for the first time, you choose Don't Send on iOS 4.

On iOS 5, this option appears during that Welcome setup.

No - that doesn't remove it. That just stops it from calling home (if that's 100 percent true). The carrier IQ's program could easily still be logging everything.

Turning something off isn't the same as flat out removing it.

Would you knowingly keep spyware on your computer regardless of whether or not it sent data back to the host or would you remove it leaving no 'holes' in security.

I will say this - for all the phones that have Carrier IQ - they've just taken a step backwards in enterprise security.

gnasher729
Dec 2, 2011, 06:51 AM
Why would they sue Google over a clause limiting software like Carrier IQ?

"We're suing Google because they won't let us install our spyware on the phones"

They would be the laughing stock of the world.

ps - That e-mail was about LogMeIn, not Skyhook btw. Did you read it?

One difference between Apple and Google would be that Apple could prevent Carrier IQ from installing their app on Apple phones, but Google could prevent Carrier IQ from installing their app on phones that are not made by Google. Both Apple and Google would be allowed to do business with Carrier IQ or not, as they see fit. But Google preventing Carrier IQ to do business with Samsung, HTC etc. is a different thing.


I think it funny that you some how think Apple is not data mining you like crazy and doing just as much.

Apple sells phones to you. The phones are the product, you are the customer. You, as the customer, don't want your data to be collected. Companies tend to do what keeps the customer happy.

Google sells you to the advertisers. You are the product, the advertisers are the customers. The advertisers, as the customer, want as much information about you, the product, as they can get. Companies tend to do what keeps the customer happy.

Thunderhawks
Dec 2, 2011, 07:17 AM
I also blame Google for WWII. They should have stopped Hitler.

I think they should have protected the Indians much better.

Oh wait, we all wouldn't be here!


The entire subject is once again a slow newsday blown out of proportion issue.

Somebody does what they shouldn't be doing. Some are a little smarter about doing that than others. They all get caught and have to stop.

Next.

Won't be the last time.

tdream
Dec 2, 2011, 08:01 AM
Apple has consistently shown that its end goal is to provide an excellent user experience. Thank you, Apple, for putting customers first and for not selling us to advertisers and other businesses.

Android users wanted a crappy OS made by an advertising company that doesn't care about privacy, and that's what they got.

That's a load of horse-*%$£ Apple will do anything and everything it can to get and use your information. How short your memory is. Apple would have continued tracking your location if they had not been caught, and how do you know they aren't tracking various aspects of your life without you knowing about it. Only when they get caught red-handed or find themselves implicated by association with software that makes them look bad will they begin to distance themselves. They are just another company (profit for shareholders) but they are the very best when it comes to image management.

They are only removing it now with iOS 5 and it's still there on some iOS5 devices, they won't even acknowledge which ones, rather they are vague saying removed from 'most' devices. At this point CarrierIQ are dead in the water much like the Tiger Woods incident everyone will distance themselves and eventually discontinue using CarrierIQ. I don't even blame CarrierIQ wholly. I would point the finger at companies who allowed their hardware/software to use this in the first place.

For example there are many worthwhile uses for a knife, preparing meals, eating with. In the hands of someone with an evil intent then it becomes a weapon. It would be similar to blaming the knife manufacturer for a murder, preposterous. Data tracking has many worthwhile uses, collection of medical information, etc, etc. Data tracking and the companies that make them are not inherently bad, it's when it's used on people unknowingly and secretly without consent it becomes a problem.

Apple are as much to blame as everyone else who covertly used this.

GSPice
Dec 2, 2011, 08:31 AM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8G4 Safari/6533.18.5)

I want to see one person - just one - who has ever been truly hurt, punished, injured or in any other way disenfranchised by a private corporation or public entity due to any of these horrific privacy-smashing civil rights-destroying espionage applications.

I have certain feelings about most complaints I hear about "privacy infringement". It involves laughter, mockery and cynicism.

This is stupid.

I can't show you one person who has been "been truly hurt, punished, injured or in any other way disenfranchised" by a store who put video cameras in bathrooms and changing rooms and allowed employees to see them naked. But most people feel violated by it and don't like it.

I probably wouldn't be "truly" harmed if "Find my Friends" broadcast my location on a public website that anyone could look at. But I would still feel like my privacy was invaded and would not like it.

And if you are okay with corporations abusing your privacy, that's your prerogative. But I'm glad that most people actually care about their privacy and object when corporations spy on them.

Stupid? Then you go on to make a completely emotive argument with false analogies and *still* beg the question?

brdeveloper
Dec 2, 2011, 09:01 AM
Proud of owning a Nokia N8 :)

KTF
Dec 3, 2011, 09:44 AM
Al Franken What A Joke!

kdarling
Dec 3, 2011, 12:22 PM
Apple sells phones to you. The phones are the product, you are the customer. You, as the customer, don't want your data to be collected. Companies tend to do what keeps the customer happy.

Google sells you to the advertisers. You are the product, the advertisers are the customers. The advertisers, as the customer, want as much information about you, the product, as they can get. Companies tend to do what keeps the customer happy.

Apple sells both their phones to users, AND their users to advertisers via iAds.

Neither Apple nor Google is selling personal information directly. BOTH are selling the fact that they have personal information, and can provide targeted ad markets. The more targeted the info, the more they can charge for ads.

Heck, it's likely that Apple sometimes has far MORE personal information than Google does, since they know so much about our accounts, demographics and media tastes from iTunes.

As Apple puts it in their iAds blurb:

Each (iAd) is shown only to the audience you want to reach, in the apps they love and use the most. Our highly-effective targeting leverages unique interest and preference data that taps into user passions that are relevant for your brand. - Apple

They go on to list some ad targeting options that iTunes / iOS helped them get:

■ Demographics
■ Application preferences
■ Music passions
■ Movie, TV and audiobook genre interests
■ Location

- Apple Standard Targeting Options


Advertisers live and die off targeted markets derived from personal info and interests. Apple and Google are in the same boat when it comes to that.

Rodimus Prime
Dec 3, 2011, 12:29 PM
Apple sells phones to you. The phones are the product, you are the customer. You, as the customer, don't want your data to be collected. Companies tend to do what keeps the customer happy.

Google sells you to the advertisers. You are the product, the advertisers are the customers. The advertisers, as the customer, want as much information about you, the product, as they can get. Companies tend to do what keeps the customer happy.


Apple sells advertistments as well. You are the product as well so as such they will sell it.

Apple knows that it has an army blind followers who will defend Apple at every turn. Apple also shown that it is very greedy and will do anything to make an extra buck. Hence the reason that Apple will do it as well.

Vincent Freeman
Dec 4, 2011, 07:18 AM
Right. I agree. But at least Android users have/had an option. Prior to iOS 5 - how would you handle removing CIQ from the iPhone?

Why would you want to remove it? It was used as intended - for diagnostics and not logging personal information for petes sake.

----------

Apple sells advertistments as well. You are the product as well so as such they will sell it.

Apple knows that it has an army blind followers who will defend Apple at every turn. Apple also shown that it is very greedy and will do anything to make an extra buck. Hence the reason that Apple will do it as well.

Google sells advertistments. You are the product as well so as such they will sell it.

Google knows that it has an army blind followers who will defend Google at every turn. Google also shown that it is very greedy and will do anything to make an extra buck. Hence the reason that Google will continue doing so.

adder7712
Dec 4, 2011, 07:24 AM
That's good.

This thing shouldn't been allowed in phones in the first place, at least without the option to exclude yourself.

I've looked for CarrierIQ references on my Android phone, I can't find any. Or it only applies to phones sold in the US.

Oletros
Dec 4, 2011, 07:37 AM
Google sells you to the advertisers. You are the product, the advertisers are the customers. The advertisers, as the customer, want as much information about you, the product, as they can get. Companies tend to do what keeps the customer happy.

If I use an Android phone, what is sold to advertisers?

samcraig
Dec 4, 2011, 09:12 AM
Why would you want to remove it? It was used as intended - for diagnostics and not logging personal information for petes sake.[COLOR="#808080"]



Speaking hypothetically. Maybe I don't want any information about my usage being recorded. For diagnostics or otherwise. Maybe I want to be clearly informed that such software exists on my device, Maybe I want the option of having it on the device or not.

And you have no idea whether or not it was used "as intended." You only have PR statements from companies who stand to lose if it's brought to light that the software wasn't used properly.

I'm not a conspiracy theorist. But I also am not naive to companies quote, unquote - wanting to save their collective behinds.

dbike
Dec 4, 2011, 02:55 PM
So Apple has installed CarrierIQ software in almost all of its iOS devices so they can optimize the user experience.

That's good.

CarrierIQ software can see everything the user does on his/her iOS device.

That's bad.

CarrierIQ says it is only doing what the carriers request.

That's good.

A YouTube video shows the software mapping keystrokes

That's bad.

The carriers say they are are only using the software to optimize network performance.

That's good.

CarrierIQ has been receiving the logs from 140,000,000 devices ...

That's bad ...

... but only distributing the information that its customers (the carriers) want.

That's good.

Apple has installed CarrierIQ software on virtually all of its iOS devices.

That turns out to be bad.

But it is not actually looking at the data beginning with iOS5 (which appeared in October 2011)

That's good

But it is still operational in non iOS5 devices.

That is bad.

But it will be removed in an upcoming version of iOS5

That will be REALLY good!!

But it will still reside in all non iOS5 units and some iOS5 units that are not upgraded.

That is still bad.

Apparently it does not even require a carrier to request the data, as the software runs on the iPod Touch and iPad WIFI.

That is bad.

How is it that we will know whether we have this CarrierIQ thing on our iOS devices? We can't see it, we can't delete it, we don't know if it is running. We can turn off the diagnostics thing, but that doesn't stop the program.

Pretty bad spot we are in just now.

BaldiMac
Dec 4, 2011, 03:07 PM
So Apple has installed CarrierIQ software in almost all of its iOS devices so they can optimize the user experience.

That's good.

True

CarrierIQ software can see everything the user does on his/her iOS device.

That's bad.

False

CarrierIQ says it is only doing what the carriers request.

That's good.

I disagree that is good.

A YouTube video shows the software mapping keystrokes

That's bad.

On Android. Not on iOS.

The carriers say they are are only using the software to optimize network performance.

That's good.

CarrierIQ has been receiving the logs from 140,000,000 devices ...

That's bad ...

... but only distributing the information that its customers (the carriers) want.

That's good.

If only it was at the request of the device owner, like it is on iOS.

Apple has installed CarrierIQ software on virtually all of its iOS devices.

That turns out to be bad.

Why?

But it is not actually looking at the data beginning with iOS5 (which appeared in October 2011)

That's good

Okay.

But it is still operational in non iOS5 devices.

That is bad.

Why?

But it will be removed in an upcoming version of iOS5

That will be REALLY good!!

Yep.

But it will still reside in all non iOS5 units and some iOS5 units that are not upgraded.

That is still bad.

Apparently it does not even require a carrier to request the data, as the software runs on the iPod Touch and iPad WIFI.

That is bad.

How is it that we will know whether we have this CarrierIQ thing on our iOS devices? We can't see it, we can't delete it, we don't know if it is running. We can turn off the diagnostics thing, but that doesn't stop the program.

Pretty bad spot we are in just now.

Why is it bad on iOS devices?

dbike
Dec 4, 2011, 03:32 PM
Why is it bad to have it running on all iOS devices ?

Because, in my case, I have an iPod Touch that is pathetically slow anyway ... it cannot help to have this logging machine chugging along as well.

And it has to be storing its logs somewhere on the device, waiting for some process to grab them. I don't know where they reside, I don't know what they contain, and I do not know how to reset them. But I am sure there is some hacker who would have a field day with them, if the unit was to fall into the wrong hands.

I just don't want to have to worry about the log files, but I see no way to be assured that they are not being generated

BaldiMac
Dec 4, 2011, 04:00 PM
Why is it bad to have it running on all iOS devices ?

Because, in my case, I have an iPod Touch that is pathetically slow anyway ... it cannot help to have this logging machine chugging along as well.

And it has to be storing its logs somewhere on the device, waiting for some process to grab them. I don't know where they reside, I don't know what they contain, and I do not know how to reset them. But I am sure there is some hacker who would have a field day with them, if the unit was to fall into the wrong hands.

I just don't want to have to worry about the log files, but I see no way to be assured that they are not being generated

I think your performance concern is overblown. Logging call times and locations (if location services is on) is a negligible process. Both are logged anyway even without carrier iq.

If we found out the log files were held for an inordinately long amount of time or contained additional data than has been reported or was accessible to third parties that would be bad. From the information that we have now, nothing is being logged that isn't logged in other areas of the phone. Location services and your recent call list. OS's contain many logs and caches that you're probably not aware of.

And, again, your original post claimed that carrier iq can see everything that a user does on iOS. That appears to be false from the information that has been published so far. That is the main concern with the Android version.

brdeveloper
Dec 4, 2011, 05:05 PM
CarrierIQ presents iSpyware, only for Apple and Android users. Fanboys are proud of one more "killer" feature on their iPhones.

BaldiMac
Dec 4, 2011, 05:10 PM
CarrierIQ presents iSpyware, only for Apple and Android users. Fanboys are proud of one more "killer" feature on their iPhones.

If you ignore the difference between legitimate, opt in diagnostic software and spyware.

samcraig
Dec 4, 2011, 08:13 PM
If you ignore the difference between legitimate, opt in diagnostic software and spyware.

the truth is - no one knows what the truth is because the only statements are those of the "offending" parties. Which I would (at this point) take with a grain of salt.

I'll award 3rd party investigations and results, thank you.

BaldiMac
Dec 4, 2011, 08:30 PM
the truth is - no one knows what the truth is because the only statements are those of the "offending" parties. Which I would (at this point) take with a grain of salt.

I'll award 3rd party investigations and results, thank you.

Which we've seen. For example:
http://blog.chpwn.com/post/13572216737

From the original MacRumors post:

The information logged for iOS seems limited to phone call activity and location (if Location Services are enabled). Also unlike the implementation found on Eckhart's HTC, iOS users can opt out of these diagnostics by simply going to Settings -> General -> About -> Diagnostics & Usage -> Don't Send. The actually logged diagnostic data appears to be fully accessible for perusal in that same setting menu.

TUAW describes the iOS findings as "probably benign" and consistent with expected network performance diagnostics.

samcraig
Dec 4, 2011, 08:37 PM
Which we've seen. For example:
http://blog.chpwn.com/post/13572216737

From the original MacRumors post:

From one blogger yes. No idea who the blogger is or what his credentials and affiliations are or aren't.

Again - I'm not being a conspiracy theorist. But I'll wait until the dust settles and we hear from some researchers who I'm more familiar with.

BaldiMac
Dec 4, 2011, 09:38 PM
From one blogger yes. No idea who the blogger is or what his credentials and affiliations are or aren't.

Chpwn is the hacker who got Siri to work on other devices. Lots of jailbreak stuff.

Again - I'm not being a conspiracy theorist. But I'll wait until the dust settles and we hear from some researchers who I'm more familiar with.

That's fine. But calling something spyware when the initial indications are that it's not spyware seems a bit backwards.

brdeveloper
Dec 5, 2011, 09:16 AM
Chpwn is the hacker who got Siri to work on other devices. Lots of jailbreak stuff.



That's fine. But calling something spyware when the initial indications are that it's not spyware seems a bit backwards.

Ok, it's not spyware. It's just an app where people have some or all of their actions logged for diagnostic purposes. Spyware is (generally) used for stealing purposes, but I think diagnostic is stealing if the carrier uses this information for traffic shaping, for example. There are uses where "diagnostic" can be seen as stealing. Hence, taking into account that customers were not informed of this "feature" when they bought their phones, this is very similar - if not the same thing - to a spyware.

DeathChill
Dec 5, 2011, 09:21 AM
Ok, it's not spyware. It's just an app where people have some or all of their actions logged for diagnostic purposes. Spyware is (generally) used for stealing purposes, but I think diagnostic is stealing if the carrier uses this information for traffic shaping, for example. There are uses where "diagnostic" can be seen as stealing. Hence, taking into account that customers were not informed of this "feature" when they bought their phones, this is very similar - if not the same thing - to a spyware.

I think everyone is ignoring the part where Apple was using it for diagnostic purposes (not logging keypresses or things of that nature) and only if you explicitly enabled it. There was no sneaking and the only things logged are not nefarious according to all the information known (in fact the logs are easily accessible).

BaldiMac
Dec 5, 2011, 09:23 AM
Ok, it's not spyware. It's just an app where people have some or all of their actions logged for diagnostic purposes. Spyware is (generally) used for stealing purposes, but I think diagnostic is stealing if the carrier uses this information for traffic shaping, for example. There are uses where "diagnostic" can be seen as stealing. Hence, taking into account that customers were not informed of this "feature" when they bought their phones, this is very similar - if not the same thing - to a spyware.

Except that they were informed on iOS. It is opt in.

diamond.g
Dec 5, 2011, 09:29 AM
Except that they were informed on iOS. It is opt in.

Can you even turn it on in pre iOS 5?

BaldiMac
Dec 5, 2011, 09:47 AM
Can you even turn it on in pre iOS 5?

How to Reset Sending Diagnostic Information to Apple
http://www.theiphoneguru.net/2010/12/15/how-to-reset-sending-diagnostic-information-to-apple/

samcraig
Dec 5, 2011, 10:01 AM
I think everyone is ignoring the part where Apple was using it for diagnostic purposes (not logging keypresses or things of that nature) and only if you explicitly enabled it. There was no sneaking and the only things logged are not nefarious according to all the information known (in fact the logs are easily accessible).

Except that they were informed on iOS. It is opt in.

Except you really don't know if that's all that was done or it was doing. Or all it was capable of doing "as installed"

No one is ignoring anything. I think people are waiting to see an investigation as to explicitly what the software was and was not doing on each device it was installed on.

kdarling
Dec 5, 2011, 10:31 AM
And, again, your original post claimed that carrier iq can see everything that a user does on iOS. That appears to be false from the information that has been published so far. That is the main concern with the Android version.

Actually, Carrier IQ would almost certainly capture the same information on all phones. That's its purpose, after all. The only difference is that we can see their debug statements on some. That's all.

Folks, CarrierIQ looks at all keystrokes for the simple purpose of watching for a special sequence to put it into a test mode. They're not uploaded anywhere. This is no different than the way that current iPhone software looks for general field test mode, or a Blackberry watches for special sequences to show its log or change the status bars to signal level.

Likewise, CarrierIQ looks at all incoming texts, watching for the special ones that tell it to send its diagnostic info (NOT the developer debug log). If it doesn't see the special text, it doesn't care about it. Again, no different than the way most phones look for special remote disabling or other control messages.

Ok, it's not spyware. It's just an app where people have some or all of their actions logged for diagnostic purposes.

Yes, but let's be clear: for carrier diagnostic purposes, the actions logged are very general. As in, a text was sent with signal strength so-and-so.

The other logging that made the news was NOT the CarrierIQ diagnostic log. It was a common debug log for developers, that rolls fairly often and is cleared on reset.

Spyware is (generally) used for stealing purposes, but I think diagnostic is stealing if the carrier uses this information for traffic shaping, for example. There are uses where "diagnostic" can be seen as stealing. Hence, taking into account that customers were not informed of this "feature" when they bought their phones, this is very similar - if not the same thing - to a spyware.

Almost every complicated device we own has some kind of diagnostics built in. Just look at your cable modem logs sometime. Most people don't know about these things, nor need to.

Most people are not "informed" that their new cars log their driving, either. Yet that information stored in our engine computers has been used to convict street racers and even a priest who lied about not knowing he was involved in a hit-and-run.

I think everyone is ignoring the part where Apple was using it for diagnostic purposes (not logging keypresses or things of that nature) and only if you explicitly enabled it. There was no sneaking and the only things logged are not nefarious according to all the information known (in fact the logs are easily accessible).

Every carrier that includes it is only using it for diagnostic purposes.

However, I think the fact that it's included is a throwback to the days of the carriers owning all equipment and thus feeling it's okay to include diagnostics. Today is a new world, with less trust of corporations, and more ignorance about how things work, so they need to adapt. I'd bet that this was covered in some user agreement, though.

BaldiMac
Dec 5, 2011, 01:24 PM
Actually, Carrier IQ would almost certainly capture the same information on all phones. That's its purpose, after all. The only difference is that we can see their debug statements on some. That's all.

Again, from the information that we have so far, that is not true.

According to the original MacRumors post, jailbreak hacker Chpwn, found that Carrier IQ has no access or communication with the UI layer on iOS.

http://blog.chpwn.com/post/13572216737

Folks, CarrierIQ looks at all keystrokes for the simple purpose of watching for a special sequence to put it into a test mode. They're not uploaded anywhere. This is no different than the way that current iPhone software looks for general field test mode, or a Blackberry watches for special sequences to show its log or change the status bars to signal level.

Likewise, CarrierIQ looks at all incoming texts, watching for the special ones that tell it to send its diagnostic info (NOT the developer debug log). If it doesn't see the special text, it doesn't care about it. Again, no different than the way most phones look for special remote disabling or other control messages.

That's just talking around the issue. Even if the actual data sent is exactly the same as on iOS, it still has access to more information than it needs and is hidden from the user. No way to turn it off. No opt in. No user notice.

cubbie5150
Dec 5, 2011, 02:15 PM
I want to see one person - just one - who has ever been truly hurt, punished, injured or in any other way disenfranchised by a private corporation or public entity due to any of these horrific privacy-smashing civil rights-destroying espionage applications.

I have certain feelings about most complaints I hear about "privacy infringement". It involves laughter, mockery and cynicism.

Thus Liberty is lost, not amidst struggle, but with a whimper & apathy

diamond.g
Dec 5, 2011, 02:21 PM
How to Reset Sending Diagnostic Information to Apple
http://www.theiphoneguru.net/2010/12/15/how-to-reset-sending-diagnostic-information-to-apple/

Neat, thanks!

kdarling
Dec 5, 2011, 05:24 PM
According to the original MacRumors post, jailbreak hacker Chpwn, found that Carrier IQ has no access or communication with the UI layer on iOS.

Thanks. At least he hasn't found any so far. It doesn't matter, though, since the text and key watching is only done to allow command entries. Nothing evil or even unusual about that.

That's just talking around the issue. Even if the actual data sent is exactly the same as on iOS, it still has access to more information than it needs and is hidden from the user. No way to turn it off. No opt in. No user notice.

Hacker Chpwn said that even with diagnostics turned off in the UI, the iOS version _still_ logged all the information... it just didn't send it.

"However, despite those restrictions and never enabling the above checks, I do see Carrier IQ log files stored on all of the devices I tested: iOS3,4,5."

Personally, I don't see any reason that users should not allow diagnostics... at least as long as they're not using up our data plan or messing up our UI experience. (Apple sends the info over WiFi.) Lord knows some carriers need the info. (E.g. ATT and Sprint, who are the main US carriers that use it.)

The only problem with any of this (as I think you pointed out as well), is that the debug log was left turned on, and the info is visible for a short time.

brdeveloper
Dec 5, 2011, 07:32 PM
Personally, I don't see any reason that users should not allow diagnostics... at least as long as they're not using up our data plan or messing up our UI experience. (Apple sends the info over WiFi.) Lord knows some carriers need the info. (E.g. ATT and Sprint, who are the main US carriers that use it.)

My main concern is that carriers can be using diagnostic tools to limit excessive bandwidth usage (e.g. a long time watching YouTube videos). Also, wifi tethering apps or voip-like software could be blocked by the carriers. In my opinion this is unfair. If I bought a data plan of 10GB/1mbps, I want to be able to download stuff at 1mbps until I reach 10GB. On unlimited data plans, bandwidth can be reduced to 250kbps after downloads have reached 10GB, but, again, I want to use 250kbps constantly if I want.

I don't want to see my connection falling to 50kbps just because the carrier thinks I used too much bandwidth while I'll be breaking my head thinking about what happened to my phone connection.

BaldiMac
Dec 6, 2011, 12:35 PM
Thanks. At least he hasn't found any so far. It doesn't matter, though, since the text and key watching is only done to allow command entries. Nothing evil or even unusual about that.

That's an oversimplification. Carrier IQ on Android has access to this information regardless of what it is using it for. There is a obvious potential for abuse by a third party that owner of the device is unaware of and does not have the choice to opt out of (let alone opt in).

Hacker Chpwn said that even with diagnostics turned off in the UI, the iOS version _still_ logged all the information... it just didn't send it.

"However, despite those restrictions and never enabling the above checks, I do see Carrier IQ log files stored on all of the devices I tested: iOS3,4,5."

So? All that information is logged on the device anyway. It's not like the log files are storing additional information. The only problem would be if they were stored less securely than the other files logging the same information.

Tech198
Dec 6, 2011, 01:46 PM
"A group of three law firms late last week announced (via BGR) the filing of a class action lawsuit against Apple, Carrier IQ, and five other companies over privacy issues related to Carrier IQ's logging software The list of defendants also includes hardware manufacturers HTC, Samsung, and Motorola, and carriers AT&T, Sprint, and T-Mobile."

Sounds like a very similar issue here, or could even be related somewhat, with the "Location services" option that freaked out Apple uses a while back.

Seems, its all Privacy related.... Only Apple can get themselves in trouble :) No one else comes this close.

kdarling
Dec 6, 2011, 07:37 PM
That's an oversimplification. Carrier IQ on Android has access to this information regardless of what it is using it for. There is a obvious potential for abuse by a third party that owner of the device is unaware of and does not have the choice to opt out of (let alone opt in).

Oh for goodness' sake :)

CarrierIQ is not software that got put on accidentally. Nor it is from just anywhere. It is code that has been used by the carriers for years to help improve their service via anonymous diagnostic information.

So what are you proposing? That a rogue CarrierIQ developer could abuse his power? From that viewpoint, there's also potential for abuse by programmers at Apple itself, as they have full access to everything too.

The sheer fact of the matter is this: many people apparently do not understand the difference between spyware and diagnostics, or between debug logs and diagnostic files, or especially between just watching keystrokes pass through your app, and actually collecting them.

I totally support your previous response to someone above, that the logs don't slow anything down, and they're not ill-purposed. And nobody should be upset if carriers are checking for the reasons for dropped calls. The only thing wrong here is that someone left too much debug logging turned on, and it's possible that someone could steal your device and see the last half hour of action that they shouldn't. That needs to be fixed.

samcraig
Dec 7, 2011, 06:29 AM
The only thing wrong here is that someone left too much debug logging turned on, and it's possible that someone could steal your device and see the last half hour of action that they shouldn't. That needs to be fixed.

Much like how the location database size was set too high and collected information and never purged it so you were walking around with a complete history of where you had been since day 1.

BaldiMac
Dec 7, 2011, 08:10 AM
Oh for goodness' sake :)

CarrierIQ is not software that got put on accidentally. Nor it is from just anywhere. It is code that has been used by the carriers for years to help improve their service via anonymous diagnostic information.

So what are you proposing? That a rogue CarrierIQ developer could abuse his power? From that viewpoint, there's also potential for abuse by programmers at Apple itself, as they have full access to everything too.

The sheer fact of the matter is this: many people apparently do not understand the difference between spyware and diagnostics, or between debug logs and diagnostic files, or especially between just watching keystrokes pass through your app, and actually collecting them.

I totally support your previous response to someone above, that the logs don't slow anything down, and they're not ill-purposed. And nobody should be upset if carriers are checking for the reasons for dropped calls. The only thing wrong here is that someone left too much debug logging turned on, and it's possible that someone could steal your device and see the last half hour of action that they shouldn't. That needs to be fixed.

I understand the difference and never called it spyware. I said that Carrier IQ on Android logs information that it shouldn't and makes this information available to third parties that the owner of the device is unaware of and has no chance to opt in or opt out. That's a problem however good the intentions. I'd be fine trusting Carrier IQ if they popped up a notification on my device that said, "Here is what we are doing. Here is the information we are collecting. Here is our privacy policy. If you don't like it, here is how you opt out." Apple takes it a step further and requires opt in.

It doesn't require stealing the device to have access to the logs on Android, because they are available to Carrier IQ and possibly their customers. That means they are less secure than normal log files on the device.

kdarling
Dec 7, 2011, 10:05 AM
I understand the difference and never called it spyware. I said that Carrier IQ on Android logs information that it shouldn't and makes this information available to third parties that the owner of the device is unaware of and has no chance to opt in or opt out.

In other words, you're just repeating what's been said: that there is extra info in an onboard rolling temporary log that another app could view. It's not being sent anywhere by CarrierIQ itself.

ALL that CarrierIQ's onboard software is doing, is noting critical diagnostic info that the carrier-side cannot see, such as device battery and signal levels. The diagnostics are not used for any personal info or ads. They're only used to figure out why an area has dropped calls, etc.

This is such common and necessary info collection, that it actually should be built into the baseband or OS on every phone, but it just happens that some carriers subcontract that part to CarrierIQ (and no doubt other similar companies).

As for opt in or out, as ex-MI, I'm a big privacy buff, but I don't that's necessary for such electromechanical diagnostic info. Security wise, it's pretty meaningless, especially compared to the fact that the carrier already knows who we call, text, and for how long, for billing purposes.

It doesn't require stealing the device to have access to the logs on Android, because they are available to Carrier IQ and possibly their customers. That means they are less secure than normal log files on the device.

Um, I'm not sure what you're talking about here. What do you think is "less secure than normal log files"?

Cheers!

BaldiMac
Dec 7, 2011, 03:56 PM
In other words, you're just repeating what's been said: that there is extra info in an onboard rolling temporary log that another app could view. It's not being sent anywhere by CarrierIQ itself.

ALL that CarrierIQ's onboard software is doing, is noting critical diagnostic info that the carrier-side cannot see, such as device battery and signal levels. The diagnostics are not used for any personal info or ads. They're only used to figure out why an area has dropped calls, etc.

This is such common and necessary info collection, that it actually should be built into the baseband or OS on every phone, but it just happens that some carriers subcontract that part to CarrierIQ (and no doubt other similar companies).

I pretty sure we agree on the facts, but I'm concerned about the potential for abuse, and you are not. The fact that they, for whatever reason, log additional information than what they need for diagnostic purposes, including personal information, is a problem. These log files are available to Carrier IQ and possibly it customers. I have no reason to trust Carrier IQ to only access the diagnostic-related information. They have offered no privacy policy or other notification to device owners that they are accountable to.

They may have done nothing wrong to date. But the problem should still be fixed. Just like the location issues on the iPhone. There was no abuse. Just fix the problem and tell the device user what data you are collecting and why. Show them a privacy policy.

As for opt in or out, as ex-MI, I'm a big privacy buff, but I don't that's necessary for such electromechanical diagnostic info. Security wise, it's pretty meaningless, especially compared to the fact that the carrier already knows who we call, text, and for how long, for billing purposes.

Sure, but Carrier IQ is not the carrier. And obviously there is additional information gathered or there would be no point.

Um, I'm not sure what you're talking about here. What do you think is "less secure than normal log files"?

Well, they are available to Carrier IQ and their customers.

Cheers!

:)

Bigchef89
Dec 8, 2011, 05:20 AM
I have a iPhone 4 with iOS5 and a iPad 2 ios5, I read some of your posts are you def love apple, there's no truth to the opt out, you cannot turn a root kit off with a toggle. The comment they made that scared me was they weren't going to support it, that leaves many users open to oob hacks. They also said other products, I'm prolly going to say hands down any intel iMac right now. Anyway point is its a government thing, apple is amazing at data mining I've seen it but the whatever company its called now I can tell it was forced on both iPhone and android neither of them want permission issues. Any way I'm writing a paper on a company called absolute , computrace on apples site it's LoJack. You will not find anything negative on them I traced domains down and they own over 300 domains. I need someone that understands how the nvram gpu and thee logic board itself and how it works with lion. The software works the same exact way as this iq root kit and I'm at the end of my rope I have been researching for about a year, letting myself get hacked messing with the services and some crazy attacks happened, it's not limited to just macs, "dual bios" pcs are on the line too, pretty much if you can program some or damn even attack me,obv preplaned I will promise you when the paper gets published your name will be on it. Damn if your that good ill throw in the iMac I don't care I just wanna finish. It's not a homeroom paper it will be ACM accredited and not on here but some of the names if your into security you'll know. There has been stuff put out but nothing like this. I'd prefer you weren't a Mac freak haha but then I wouldn't be asking for assistance. I'll check back and that's my email so any questions please email me. :). Also no ones going to get in trouble for this logging, it was a company that doesn't even have stock or make a profit "silent partners" if you want it out you have to jail break only way, or get a android hahah jk the rest of the email was honest tho

Hammie
Dec 8, 2011, 09:17 AM
I feel people really need to chill out about this.

People are are being monitored more than they know it. As others have said, this is diagnostics information. If you can decipher some of the logs, then you will see that there is no personal information being collected. I would be more wary of apps you get for jail broken iPhones. Who knows what tracking code is embedded into those apps, especially the password and financial apps.

Most likely, if you are on the Internet and in a corporate environment, all of your Internet activities are being watched/monitored. I have deployed software at quite a few places where traffic is watched for 3-6 months, then sites get blocked. However, there have been instances where employees have been fired or arrested for what they were looking at on the company dime.

Also, look at ISPs. They also monitor their users. In some cases, VPNs are forbidden because this is typically a business application. If a user plans on using a VPN, many ISPs will push you to a business plan.

Then you have the situations when keystrokes are monitored. This can depend on your job position, the company you work for, or even the country you live in.

People, we have much greater threats in the world than CarrierIQ. Last time I checked Carrier IQ was not a terrorist threat. Trust me, this is nothing...

Bigchef89
Dec 8, 2011, 08:11 PM
I was trying to figure out why no law makers made a really big deal and the media let it slip away. They already new, they knew when they signed the patents for Iq and AT&T that are really similar. That pog back peddled on his answers but his half ass answers were really close to the truth, did they take more I don't know can they I dunno read up, Verizon has a company like this except they bought them, they do asset management or whatever data mining is calledq today, it's possible this company is AT&Ts gay uncle they don't want anyone to know about. God and I'm not bashing apple so everyone relax, but they were exclusive to AT&T and I'm sure they received a lot of percs and AT&T had to pick up the slack somehow. If your interested t ake a look. http://www.patentgenius.com/patent/8010081.html AT&T has very close ones, I didnt look at apples because they prolly have a patent for things that would never come around. I miss my tri color Motorola hahah

Bigchef89
Dec 8, 2011, 08:24 PM
I feel people really need to chill out about this.

People are are being monitored more than they know it. As others have said, this is diagnostics information. If you can decipher some of the logs, then you will see that there is no personal information being collected. I would be more wary of apps you get for jail broken iPhones. Who knows what tracking code is embedded into those apps, especially the password and financial apps.

Most likely, if you are on the Internet and in a corporate environment, all of your Internet activities are being watched/monitored. I have deployed software at quite a few places where traffic is watched for 3-6 months, then sites get blocked. However, there have been instances where employees have been fired or arrested for what they were looking at on the company dime.

Also, look at ISPs. They also monitor their users. In some cases, VPNs are forbidden because this is typically a business application. If a user plans on using a VPN, many ISPs will push you to a business plan.

Then you have the situations when keystrokes are monitored. This can depend on your job position, the company you work for, or even the country you live in.

People, we have much greater threats in the world than CarrierIQ. Last time I checked Carrier IQ was not a terrorist threat. Trust me, this is nothing...


Ok so honestly you think this is not bad if not worse then sending unencrypted data to their call centers, I'll find it if you want to read it some tech blogger brushed one of the guys into a interview, he pretty much said that it doesn't even go to iq first it goes to the carrier, he asked about https logging and the guy strutted, so what I'm getting is if I VPN somewhere then after my connection is closed the info goes there, that's weird. And yeah we are being monitored, people kill and rape everyday so you wouldn't call out a crime? I know not the same level just if your gunna steal my **** let me know, cause your taking battery life, I have unlimited bandwidth so I don't care, but if I didn't I'd be so pissed off. And in my first post your right even our comps are being monitored, but your not gunna tell me or lie, monitor fine, data mine me not cool. Into ashamed of anything, but I have a big family I don't want their personal stuff out there. No one responded I was really serious about the iMac giveaway if you can help, I have one of those time capsule/ routers too. Apple has my service along with AT&T until my contract is over then I'm getting like metropc or something with a phone just a hey what's up phone.