Carrier IQ tracking iPhone customers too, hacker says
The mobile tracking company that has been the source of much debate in the Android ecosystem is also running its software on iPhones, a new report claims.
Carrier IQ, a company that provides tracking tools to carriers and phone vendors, has come under fire as of late for monitoring Android-based devices. And now, the company's software has been found on the iPhone.
Carrier IQ's software is running on every iOS version dating back to iOS 3, well-known iPhone hacker "Chpwn" said yesterday in a blog post. Chpwn dug through the iPhone's operating system for any sign of Carrier IQ and found it deeply embedded in the operating system's "/usr/bin/" directory.
Yesterday, CNET reported on Carrier IQ's deep integration in Android. According to Android researcher Trevor Eckhart, who is one of the more outspoken critics of the Carrier IQ's technology, the company's software running on Android devices can record and relay all kinds of information, including keystrokes, SMS messages in plain text, and even browsing history. What's worse, Eckhart says that removing the software is nearly impossible.
"The Carrier IQ application is embedded so deeply in the device that it can't be fully removed without rebuilding the phone from source code," Eckhart said in a blog post. "This is only possible for a user with advanced skills and a fully unlocked device. Even where a device is out of contract, there is no off switch to stop the application from gathering data."
However, Chpwn seems to believe that Carrier IQ works much differently on the iPhone. In fact, disabling its tracking in iOS is as simple as tapping over to the "Diagnostics and Usage" menu in the settings pane and toggling it off. Upon doing so, Chpwn says, no information is shared with Carrier IQ.
For those who don't turn the feature off, Chpwn claims Apple's Carrier IQ installation shares much less information than Android devices. He found that iOS shares "your phone number, your carrier, your country, active phone calls, and your location." However, unlike Android, Apple's installation doesn't share the phone number a user has dialed and only includes location information when "location services are enabled."
"I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely," Chpwn wrote.
The controversy surrounding Carrier IQ arose last month when Eckhart detailed how the software works, eventually labeling it a "rootkit." Carrier IQ, by contrast, has argued that its service, which is running on over 130 million mobile devices worldwide, is a "diagnostic tool" designed to "improve the quality of the network, understand device issues, and ultimately improve the user experience."
Sprint, which uses Carrier IQ's technology, echoed that sentiment in a statement to CNET last month, but reassured customers that it doesn't collect private information.
"Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service," Sprint told CNET. "We also use the data to understand device performance so we can figure out when issues are occurring."
"We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool," Sprint continued.
Neither Apple nor Carrier IQ immediately responded to CNET's request for comment on Chpwn's findings.
(Via The Verge)