Apple Stopped Supporting Carrier IQ in iOS 5, Complete Removal Coming in Future

[BaldiMac]

Thanks. At least he hasn't found any so far. It doesn't matter, though, since the text and key watching is only done to allow command entries. Nothing evil or even unusual about that.

That's an oversimplification. Carrier IQ on Android has access to this information regardless of what it is using it for. There is a obvious potential for abuse by a third party that owner of the device is unaware of and does not have the choice to opt out of (let alone opt in).

Hacker Chpwn said that even with diagnostics turned off in the UI, the iOS version _still_ logged all the information... it just didn't send it.

"However, despite those restrictions and never enabling the above checks, I do see Carrier IQ log files stored on all of the devices I tested: iOS3,4,5."

So? All that information is logged on the device anyway. It's not like the log files are storing additional information. The only problem would be if they were stored less securely than the other files logging the same information.

 

[Tech198]

Thats one bad Apple....

"A group of three law firms late last week announced (via BGR) the filing of a class action lawsuit against Apple, Carrier IQ, and five other companies over privacy issues related to Carrier IQ's logging software The list of defendants also includes hardware manufacturers HTC, Samsung, and Motorola, and carriers AT&T, Sprint, and T-Mobile."

Sounds like a very similar issue here, or could even be related somewhat, with the "Location services" option that freaked out Apple uses a while back.

Seems, its all Privacy related.... Only Apple can get themselves in trouble No one else comes this close.

 

[kdarling]

That's an oversimplification. Carrier IQ on Android has access to this information regardless of what it is using it for. There is a obvious potential for abuse by a third party that owner of the device is unaware of and does not have the choice to opt out of (let alone opt in).

Oh for goodness' sake

CarrierIQ is not software that got put on accidentally. Nor it is from just anywhere. It is code that has been used by the carriers for years to help improve their service via anonymous diagnostic information.

So what are you proposing? That a rogue CarrierIQ developer could abuse his power? From that viewpoint, there's also potential for abuse by programmers at Apple itself, as they have full access to everything too.

The sheer fact of the matter is this: many people apparently do not understand the difference between spyware and diagnostics, or between debug logs and diagnostic files, or especially between just watching keystrokes pass through your app, and actually collecting them.

I totally support your previous response to someone above, that the logs don't slow anything down, and they're not ill-purposed. And nobody should be upset if carriers are checking for the reasons for dropped calls. The only thing wrong here is that someone left too much debug logging turned on, and it's possible that someone could steal your device and see the last half hour of action that they shouldn't. That needs to be fixed.

 

[samcraig]

The only thing wrong here is that someone left too much debug logging turned on, and it's possible that someone could steal your device and see the last half hour of action that they shouldn't. That needs to be fixed.

Much like how the location database size was set too high and collected information and never purged it so you were walking around with a complete history of where you had been since day 1.

 

[BaldiMac]

Oh for goodness' sake

CarrierIQ is not software that got put on accidentally. Nor it is from just anywhere. It is code that has been used by the carriers for years to help improve their service via anonymous diagnostic information.

So what are you proposing? That a rogue CarrierIQ developer could abuse his power? From that viewpoint, there's also potential for abuse by programmers at Apple itself, as they have full access to everything too.

The sheer fact of the matter is this: many people apparently do not understand the difference between spyware and diagnostics, or between debug logs and diagnostic files, or especially between just watching keystrokes pass through your app, and actually collecting them.

I totally support your previous response to someone above, that the logs don't slow anything down, and they're not ill-purposed. And nobody should be upset if carriers are checking for the reasons for dropped calls. The only thing wrong here is that someone left too much debug logging turned on, and it's possible that someone could steal your device and see the last half hour of action that they shouldn't. That needs to be fixed.

I understand the difference and never called it spyware. I said that Carrier IQ on Android logs information that it shouldn't and makes this information available to third parties that the owner of the device is unaware of and has no chance to opt in or opt out. That's a problem however good the intentions. I'd be fine trusting Carrier IQ if they popped up a notification on my device that said, "Here is what we are doing. Here is the information we are collecting. Here is our privacy policy. If you don't like it, here is how you opt out." Apple takes it a step further and requires opt in.

It doesn't require stealing the device to have access to the logs on Android, because they are available to Carrier IQ and possibly their customers. That means they are less secure than normal log files on the device.

 

[kdarling]

I understand the difference and never called it spyware. I said that Carrier IQ on Android logs information that it shouldn't and makes this information available to third parties that the owner of the device is unaware of and has no chance to opt in or opt out.

In other words, you're just repeating what's been said: that there is extra info in an onboard rolling temporary log that another app could view. It's not being sent anywhere by CarrierIQ itself.

ALL that CarrierIQ's onboard software is doing, is noting critical diagnostic info that the carrier-side cannot see, such as device battery and signal levels. The diagnostics are not used for any personal info or ads. They're only used to figure out why an area has dropped calls, etc.

This is such common and necessary info collection, that it actually should be built into the baseband or OS on every phone, but it just happens that some carriers subcontract that part to CarrierIQ (and no doubt other similar companies).

As for opt in or out, as ex-MI, I'm a big privacy buff, but I don't that's necessary for such electromechanical diagnostic info. Security wise, it's pretty meaningless, especially compared to the fact that the carrier already knows who we call, text, and for how long, for billing purposes.

It doesn't require stealing the device to have access to the logs on Android, because they are available to Carrier IQ and possibly their customers. That means they are less secure than normal log files on the device.

Um, I'm not sure what you're talking about here. What do you think is "less secure than normal log files"?

Cheers!

 

[BaldiMac]

In other words, you're just repeating what's been said: that there is extra info in an onboard rolling temporary log that another app could view. It's not being sent anywhere by CarrierIQ itself.

ALL that CarrierIQ's onboard software is doing, is noting critical diagnostic info that the carrier-side cannot see, such as device battery and signal levels. The diagnostics are not used for any personal info or ads. They're only used to figure out why an area has dropped calls, etc.

This is such common and necessary info collection, that it actually should be built into the baseband or OS on every phone, but it just happens that some carriers subcontract that part to CarrierIQ (and no doubt other similar companies).

I pretty sure we agree on the facts, but I'm concerned about the potential for abuse, and you are not. The fact that they, for whatever reason, log additional information than what they need for diagnostic purposes, including personal information, is a problem. These log files are available to Carrier IQ and possibly it customers. I have no reason to trust Carrier IQ to only access the diagnostic-related information. They have offered no privacy policy or other notification to device owners that they are accountable to.

They may have done nothing wrong to date. But the problem should still be fixed. Just like the location issues on the iPhone. There was no abuse. Just fix the problem and tell the device user what data you are collecting and why. Show them a privacy policy.

As for opt in or out, as ex-MI, I'm a big privacy buff, but I don't that's necessary for such electromechanical diagnostic info. Security wise, it's pretty meaningless, especially compared to the fact that the carrier already knows who we call, text, and for how long, for billing purposes.

Sure, but Carrier IQ is not the carrier. And obviously there is additional information gathered or there would be no point.

Um, I'm not sure what you're talking about here. What do you think is "less secure than normal log files"?

Well, they are available to Carrier IQ and their customers.

Cheers!

 

[Bigchef89]

New

I have a iPhone 4 with iOS5 and a iPad 2 ios5, I read some of your posts are you def love apple, there's no truth to the opt out, you cannot turn a root kit off with a toggle. The comment they made that scared me was they weren't going to support it, that leaves many users open to oob hacks. They also said other products, I'm prolly going to say hands down any intel iMac right now. Anyway point is its a government thing, apple is amazing at data mining I've seen it but the whatever company its called now I can tell it was forced on both iPhone and android neither of them want permission issues. Any way I'm writing a paper on a company called absolute , computrace on apples site it's LoJack. You will not find anything negative on them I traced domains down and they own over 300 domains. I need someone that understands how the nvram gpu and thee logic board itself and how it works with lion. The software works the same exact way as this iq root kit and I'm at the end of my rope I have been researching for about a year, letting myself get hacked messing with the services and some crazy attacks happened, it's not limited to just macs, "dual bios" pcs are on the line too, pretty much if you can program some or damn even attack me,obv preplaned I will promise you when the paper gets published your name will be on it. Damn if your that good ill throw in the iMac I don't care I just wanna finish. It's not a homeroom paper it will be ACM accredited and not on here but some of the names if your into security you'll know. There has been stuff put out but nothing like this. I'd prefer you weren't a Mac freak haha but then I wouldn't be asking for assistance. I'll check back and that's my email so any questions please email me. . Also no ones going to get in trouble for this logging, it was a company that doesn't even have stock or make a profit "silent partners" if you want it out you have to jail break only way, or get a android hahah jk the rest of the email was honest tho

 

[Hammie]

I feel people really need to chill out about this.

People are are being monitored more than they know it. As others have said, this is diagnostics information. If you can decipher some of the logs, then you will see that there is no personal information being collected. I would be more wary of apps you get for jail broken iPhones. Who knows what tracking code is embedded into those apps, especially the password and financial apps.

Most likely, if you are on the Internet and in a corporate environment, all of your Internet activities are being watched/monitored. I have deployed software at quite a few places where traffic is watched for 3-6 months, then sites get blocked. However, there have been instances where employees have been fired or arrested for what they were looking at on the company dime.

Also, look at ISPs. They also monitor their users. In some cases, VPNs are forbidden because this is typically a business application. If a user plans on using a VPN, many ISPs will push you to a business plan.

Then you have the situations when keystrokes are monitored. This can depend on your job position, the company you work for, or even the country you live in.

People, we have much greater threats in the world than CarrierIQ. Last time I checked Carrier IQ was not a terrorist threat. Trust me, this is nothing...

 

[Bigchef89]

Apple

I was trying to figure out why no law makers made a really big deal and the media let it slip away. They already new, they knew when they signed the patents for Iq and AT&T that are really similar. That pog back peddled on his answers but his half ass answers were really close to the truth, did they take more I don't know can they I dunno read up, Verizon has a company like this except they bought them, they do asset management or whatever data mining is calledq today, it's possible this company is AT&Ts gay uncle they don't want anyone to know about. God and I'm not bashing apple so everyone relax, but they were exclusive to AT&T and I'm sure they received a lot of percs and AT&T had to pick up the slack somehow. If your interested t ake a look. http://www.patentgenius.com/patent/8010081.html AT&T has very close ones, I didnt look at apples because they prolly have a patent for things that would never come around. I miss my tri color Motorola hahah

 

[Bigchef89]

Sorry new

I feel people really need to chill out about this.

People are are being monitored more than they know it. As others have said, this is diagnostics information. If you can decipher some of the logs, then you will see that there is no personal information being collected. I would be more wary of apps you get for jail broken iPhones. Who knows what tracking code is embedded into those apps, especially the password and financial apps.

Most likely, if you are on the Internet and in a corporate environment, all of your Internet activities are being watched/monitored. I have deployed software at quite a few places where traffic is watched for 3-6 months, then sites get blocked. However, there have been instances where employees have been fired or arrested for what they were looking at on the company dime.

Also, look at ISPs. They also monitor their users. In some cases, VPNs are forbidden because this is typically a business application. If a user plans on using a VPN, many ISPs will push you to a business plan.

Then you have the situations when keystrokes are monitored. This can depend on your job position, the company you work for, or even the country you live in.

People, we have much greater threats in the world than CarrierIQ. Last time I checked Carrier IQ was not a terrorist threat. Trust me, this is nothing...

Ok so honestly you think this is not bad if not worse then sending unencrypted data to their call centers, I'll find it if you want to read it some tech blogger brushed one of the guys into a interview, he pretty much said that it doesn't even go to iq first it goes to the carrier, he asked about https logging and the guy strutted, so what I'm getting is if I VPN somewhere then after my connection is closed the info goes there, that's weird. And yeah we are being monitored, people kill and rape everyday so you wouldn't call out a crime? I know not the same level just if your gunna steal my **** let me know, cause your taking battery life, I have unlimited bandwidth so I don't care, but if I didn't I'd be so pissed off. And in my first post your right even our comps are being monitored, but your not gunna tell me or lie, monitor fine, data mine me not cool. Into ashamed of anything, but I have a big family I don't want their personal stuff out there. No one responded I was really serious about the iMac giveaway if you can help, I have one of those time capsule/ routers too. Apple has my service along with AT&T until my contract is over then I'm getting like metropc or something with a phone just a hey what's up phone.