Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
[Carrier IQ] Android tracking your EVERY move
- Thread starter garybUK
- Start date
- Sort by reaction score
1) The Carrier IQ software may have references in iOS, but it's not running. Show me evidence that it's running. Running, as on Android and RIM and Symbian.
2) Google lets the carriers install whatever the hell they want on the phones, which is why CarrierIQ is on them. Apple doesn't, and that's why I think that those references in iOS were just that: references.
3) My title is correct. Android is the only real competing OS on the list of three. RIM is either dead or dying. Symbian is dead.
The people who are saying that iOS has it have not offered any proof other than "I've done it so you should believe me". Show me proof.
2) Google lets the carriers install whatever the hell they want on the phones, which is why CarrierIQ is on them. Apple doesn't, and that's why I think that those references in iOS were just that: references.
3) My title is correct. Android is the only real competing OS on the list of three. RIM is either dead or dying. Symbian is dead.
The people who are saying that iOS has it have not offered any proof other than "I've done it so you should believe me". Show me proof.
On 4.3.X, at least, it never runs under its name. But it does spawn a new process called CommCenterMobileHelper. This may be its doing.
And if you really want your own proof, go grab the binary file in question and look for yourself. See post number 6.
Really sometimes I really wish I had an Android phone just so I could install CM or something and avoid this kind of crap.
----------
Sorry that doesn't make sense. "References"? I don't care what you term them, I'm sure it does something in iOS... I don't want this **** on my phone, period.
----------
Sorry that doesn't make sense. "References"? I don't care what you term them, I'm sure it does something in iOS... I don't want this **** on my phone, period.
Not even close, but it does appear that most of the tracking and keylogging is occurring on Android devices.
At this point iOS only seems to reference Carrier IQ. It's not clear that anything is active on iOS (except when in diagnostic mode).
Hahahahaha. Symbian is dead? Symbian is the #2 most used Mobile OS in the world. iOS is #3.
http://www.gartner.com/it/page.jsp?id=1764714
Just checked all of my devices fir CIQ and this is what I've found.
Samsung Galaxy S II GTii9100 GSM unlocked with stock firmware.
Not installed.
Samsung Nexus S GT-i9020 GSM unlocked with stock firmware.
Not installed.
Samsung Galaxy Nexus GT-i9250 GSM unlocked with stock firmware.
Not installed.
My ZTE Blade is running CyanogenMod7.1 which as we know is an AOSP build and does not feature the rootkit but as it is non-stock, I can't comment if it was ever on the device.
It'd be handy if an extensive list of which phones actually had the rootkit installed was produced as I suspect it's on a limited set of hardware and is limited to certain carriers.
It seems the facts are getting washed away with sensationalist headlines blaming entire manufacturers (Nokia & Verizon - who have dienied using the software, RIM, Symbian and Android as a platform). Now we're seeing references to CIQ in iOS.
Lets see how much more disimformation is spread in the quest for page hits.
---EDIT---
A more sinister way of looking at it could be like this:
Is CarrierIQ pre installed on....?
OS:
Android AOSP/Stock: No
Android OEM builds: No/Yes*
Symbian: Yes**
iOS: Yes***
BlackBerryOS: Yes**
Brand:
BlackBerry: Yes**
iPhone: YES***
Nexus: No
Galaxy S: No/Yes*
Evo: Yes*
Manufacturer/Distributor:
Apple: Yes***
RIM: Yes**
Google: No
Samsung: No/Yes*
HTC: Yes
Nokia: No****
Carrier:
Sprint: YES
Verizon: No****
*Some HTC and Samsung builds have been confirmed.
**According to research
***Refrences to CIIQ in iOS builds from 1.0 to 5.0.x
****Manufacturer/Brand denies using CIQ
Samsung Galaxy S II GTii9100 GSM unlocked with stock firmware.
Not installed.
Samsung Nexus S GT-i9020 GSM unlocked with stock firmware.
Not installed.
Samsung Galaxy Nexus GT-i9250 GSM unlocked with stock firmware.
Not installed.
My ZTE Blade is running CyanogenMod7.1 which as we know is an AOSP build and does not feature the rootkit but as it is non-stock, I can't comment if it was ever on the device.
It'd be handy if an extensive list of which phones actually had the rootkit installed was produced as I suspect it's on a limited set of hardware and is limited to certain carriers.
It seems the facts are getting washed away with sensationalist headlines blaming entire manufacturers (Nokia & Verizon - who have dienied using the software, RIM, Symbian and Android as a platform). Now we're seeing references to CIQ in iOS.
Lets see how much more disimformation is spread in the quest for page hits.
---EDIT---
A more sinister way of looking at it could be like this:
Is CarrierIQ pre installed on....?
OS:
Android AOSP/Stock: No
Android OEM builds: No/Yes*
Symbian: Yes**
iOS: Yes***
BlackBerryOS: Yes**
Brand:
BlackBerry: Yes**
iPhone: YES***
Nexus: No
Galaxy S: No/Yes*
Evo: Yes*
Manufacturer/Distributor:
Apple: Yes***
RIM: Yes**
Google: No
Samsung: No/Yes*
HTC: Yes
Nokia: No****
Carrier:
Sprint: YES
Verizon: No****
*Some HTC and Samsung builds have been confirmed.
**According to research
***Refrences to CIIQ in iOS builds from 1.0 to 5.0.x
****Manufacturer/Brand denies using CIQ
Last edited:
Just checked all of my devices fir CIQ and this is what I've found.
Samsung Galaxy S II GTii9100 GSM unlocked with stock firmware.
Not installed.
Samsung Nexus S GT-i9020 GSM unlocked with stock firmware.
Not installed.
Samsung Galaxy Nexus GT-i9250 GSM unlocked with stock firmware.
Not installed.
My ZTE Blade is running CyanogenMod7.1 which as we know is an AOSP build and does not feature the rootkit but as it is non-stock, I can't comment if it was ever on the device.
It'd be handy if an extensive list of which phones actually had the rootkit installed was produced as I suspect it's on a limited set of hardware and is limited to certain carriers.
It seems the facts are getting washed away with sensationalist headlines blaming entire manufacturers (Nokia & Verizon - who have dienied using the software, RIM, Symbian and Android as a platform). Now we're seeing references to CIQ in iOS.
Lets see how much more disimformation is spread in the quest for page hits.
You can add Atrix 4G running Stock OS (Gingerbread) is clear.
It pretty much been confirm that it is only certain phones on certain carriers.
Right now in the US it is Sprint and Verizon are the carriers and HTC and samsung phones.
So both need to be true for it to be on their.
well that could be the process that is running. It access all the other files but since those files are being used for calls they never show up as running since they never span a new process.
It sounds like CarrierIQ and things like this is hitting the fan. Hopefully this will push Carriers and what not to change it to at least an opt out. I personally think it should be an Opt in thing only.
I can see the use for the logging and this information for improving the system and software.
Also the data transmittion could be happen during those phantom late night data being used late night on some people iPhones. *joking* but we do know the iPhone does phone home every now and then.
Last edited:
Thanks. Lots of good reporting in there.
Looks like my initial feelings were right. What's on the iPhone is nothing at all like what it does on Android. No key-logging, no info on web usage, and it seems easy to disable.
We still don't fully know what they do on the other platforms, but it seems as though iPhone users don't need to be worried. Seeing as I have that diagnostic setting turned off already I guess I have nothing to worry about here.
As I posted in the most recent thread - one of the things I'm curious about is whether or not Carrier IQ and phone manufacturers/carriers are in violation of several compliance issues. IE PCI compliance and HIPAA compliance (healthcare) for having access to such information, transmitting and storing. Even if encrypted - if it's not done according to compliance - they could face MILLIONS if not Billions of dollars in penalties.
I've got the diagnostics + usage bit running on my dev phone. Yep, there's a huge list of log files in there, all starting with "awdd_".
Looking through it, I see stuff like:
- bluetooth connections (just reports whether the connection was successful or not, no other info)
- network connections (seems to just report when it took a long time to connect, no other detail)
- "reminders app". Guess this is a crash report or something, but again there's no real detail.
- location services approvals - i.e. if I approve an app to use my location, that gets sent. Just the app's ID and whether it was approved or not, no location.
- location requests from apps. No issue again, just the name of the app, the request time, the requested accuracy and the delivered accuracy (i.e. how accurate a fix it managed). No actual location.
- "carrier bundle change", probably when i changed plan with my network. No details.
- "modem reset"
- Airplane mode turned on/off
- wifi etc. turned on/off
- "camera calibration"
- various crash reports (nothing interesting unless you want to fix a bug..)
- aggregated logs. These contain a list of all your apps, how many times they were launched, how big the backups were, lots of data on disk usage, and power usage. Nothing of major concern, but pretty interesting!
- low memory reports
- call ended (not seen call started though, guess they're only interested in calls dropping or not?). No phone numbers, nothing, just a date and time really.
All of these contain my device ID, and a profile ID, but no other personal info. This is all pretty anonymous, and mostly harmless - at least compared to what we've seen on android!
Stuff I haven't seen:
- Personal details of any kind (except my device ID - although apple have my details on file and could link it if they wanted to)
- Phone numbers, email addresses, names, etc.
- Content of any kind of message
- Anything relating to web searches, or *any* kind of browsing data
- Locations (plenty of location-related events, but none contained any location data at all)
Basically, apple are collecting data that looks genuinely useful for tracking down problems with networks, crashes and battery life. I've not seen any evidence of anything suspicious, and the logs are openly accessible in the settings app. Unless there's some kind of secret additional logging going on that we can't see, I don't think there's any issue here at all, and I'm happy to keep the logging enabled
Looking through it, I see stuff like:
- bluetooth connections (just reports whether the connection was successful or not, no other info)
- network connections (seems to just report when it took a long time to connect, no other detail)
- "reminders app". Guess this is a crash report or something, but again there's no real detail.
- location services approvals - i.e. if I approve an app to use my location, that gets sent. Just the app's ID and whether it was approved or not, no location.
- location requests from apps. No issue again, just the name of the app, the request time, the requested accuracy and the delivered accuracy (i.e. how accurate a fix it managed). No actual location.
- "carrier bundle change", probably when i changed plan with my network. No details.
- "modem reset"
- Airplane mode turned on/off
- wifi etc. turned on/off
- "camera calibration"
- various crash reports (nothing interesting unless you want to fix a bug..)
- aggregated logs. These contain a list of all your apps, how many times they were launched, how big the backups were, lots of data on disk usage, and power usage. Nothing of major concern, but pretty interesting!
- low memory reports
- call ended (not seen call started though, guess they're only interested in calls dropping or not?). No phone numbers, nothing, just a date and time really.
All of these contain my device ID, and a profile ID, but no other personal info. This is all pretty anonymous, and mostly harmless - at least compared to what we've seen on android!
Stuff I haven't seen:
- Personal details of any kind (except my device ID - although apple have my details on file and could link it if they wanted to)
- Phone numbers, email addresses, names, etc.
- Content of any kind of message
- Anything relating to web searches, or *any* kind of browsing data
- Locations (plenty of location-related events, but none contained any location data at all)
Basically, apple are collecting data that looks genuinely useful for tracking down problems with networks, crashes and battery life. I've not seen any evidence of anything suspicious, and the logs are openly accessible in the settings app. Unless there's some kind of secret additional logging going on that we can't see, I don't think there's any issue here at all, and I'm happy to keep the logging enabled
You Android fans should be thanking Apple for the iPhone, without which you wouldn't have the Android device you're using today in the first place.
It goes both ways.
No. It was only a cache of cell tower locations on iOS. This doesn't even compare.
I wouldn't say this is an "Android" thing, as it has nothing to do with Android itself...it's the carriers doing it. Not every Android phone has it, for whatever reason certain carriers and certain phones do, example the AT&T version of the SGII does not have CarrierIQ.
Apple install it, and they're not a carrier. It's probably a mix of manufacturers AND carriers.
Verizon users can breathe a sigh of relief - Carrier IQ is not found on any Verizon devices: http://www.droid-life.com/2011/12/01/verizon-carrier-iq-is-not-on-verizon-wireless-phones/
I don't usually resort to big letters, but it seems called for this time.
Just because something is written to a debug log...
it does NOT automatically mean it is being sent outside the device.
(Or even really processed.)
As any developer knows, often debug code is left in that just logs input. It's very likely that is what happened here.
It's not much different than when Apple's developers accidentally set up that location cache to last forever, instead of truncating it.
Such mistakes are what happens when developers are rushed or inexperienced, something that is far too common these days.
Just because something is written to a debug log...
it does NOT automatically mean it is being sent outside the device.
(Or even really processed.)
As any developer knows, often debug code is left in that just logs input. It's very likely that is what happened here.
It's not much different than when Apple's developers accidentally set up that location cache to last forever, instead of truncating it.
Such mistakes are what happens when developers are rushed or inexperienced, something that is far too common these days.