If Carrier IQ on iOS only collects information about calls and location data during those calls and if it is turned off by default and if Apple is explicit about the data they collect† then there is no problem.
It seems obvious to me that carriers or manufacturers can collect that data if the user explicitly agrees to it (by actually flipping a switch without being forced or tricked into doing so).
Carrier IQ is only a problem if it is turned on by default and if it collects more data than is explicitly said∆.
—
† If the Diagnostics & Usage switch indeed controls Carrier IQ then we already know that the last two conditions are met.
∆ This is only the minimum viable evilness. Worse kinds of evil are imaginable, like not telling users anywhere that data is being or collected or making it hard for users to turn the collection of data off.
I disassembled the iOS version of Carrier IQ, and it exits on startup if not enabled. Even when enabled, it runs as an unprivileged user and connects via SSL so should not be any "attack vector".
I am still wondering why I was down voted into oblivion for suggesting carrier IQ is not supposed to be the main party to be angry with http://news.ycombinator.com/item?id=3298924
Can someone please explain why the rage is not directed at phone manufacturers who asked for, and put this software in the phones they sold to customers?
> Can someone please explain why the rage is not directed at phone manufacturers [...]
Because every single statement from phone manufacturers have indicated that it was the carriers that demanded this be put on the handsets (or did it themselves in cases of operator modifications).
The only carrier I've heard say very clearly that they are not using Carrier IQ is Verizon.
Because every single statement from phone manufacturers have indicated that it was the carriers that demanded this be put on the handsets
Aww. Poor vulnerable and naive billion dollar phone manufacturers! </sarcasm>
How does that exonerate the phone manufacturers? At the very least they should have disclosed this to the people they sold phones to.
Even at that why is the rage not directed at the carriers? In addition, I doubt the carriers can make such modifications without the active participation of the phone manufacturers.
I imagine their behaviour of trying to chill security researchers into silence with a C&D[1] drew the ire of the HN crowd, but I certainly don't disagree with you about where the responsibility ultimately lies.
People rarely want to admit they were wrong. They were wrong to choose the manufacturer or carrier when they bought the phone with this. But they didn't choose the spyware/analytics software vendor, therefore they're not wrong and you're not attacking their intelligence and choice making by putting the blame on Carrier IQ.
People gave up their privacy on the web (hey, you don't get mad at Google for sites having Google Analytics tracking code all over the web do you), now it'll slowly transfer to other platforms.
I'm surprised the author didn't jump on this sentence:
"With any diagnostic data sent to Apple, customers must actively opt-in to share this information..."
As I understand it, Carrier IQ is about sending data to carriers. Apple only denied that data was silently sent to Apple. That's completely different than saying no data has been transmitted at all.
While that is a good observation, it has been proven that no statistical data is sent to CarrierIQ when the preference is disabled. This has been determined by reverse engineering the daemons used for CarrierIQ reporting on various iOS versions.
From the description of "Diagnostics & Usage" reporting on the device itself, it sounds as though the carriers can only obtain that data via Apple. This would reconcile that wording with the finding that selecting "Don't Send" appears to disable Carrier IQ logging as well.
[..] To help Apple’s partners and third-party developers improve their apps, products and services designed for use with Apple products, Apple may provide such partners or developers with a subset of diagnostic information that is relevant to that partner’s or developer’s app, product or service, as long as the diagnostic information is aggregated or in a form that does not personally identify you.
I'm sorry but upon Chpwn's investigation, didn't iOS version of the Carrier IQ software only record a few items such as your phone number, your country, your active phone calls and location data if activated? Any of which your carrier would already know anyway?
At the risk of driving an accusation of conspiracy theory, I'm reading that sentence exactly the same way. This is a "non-denial denial". They're denying something not alleged in the hopes that it distracts or confuses people about the real issue.
Has anyone actually found evidence of Carrier IQ software ACTUALLY STORING personal data such as key-presses on Android or iOS? All I have seen is log events being generated from adb logcat, which is not the same thing, by any means.
Why on earth would they be doing keylogging? What data can they get that doesn't violate my privacy? If they aren't using that data, then why the fuck is that code there tracking the keys pressed?
Ostensibly, they are looking at keystrokes to see if a particular key sequence is pressed while talking to customer support, thus indicating that it should send the diagnostics data to the operator. Ostensibly.
The log itself is at least temporarily persistent, so you can argue the mere existence of the logcat info is 'storage'. The issue then being that such logs could be read by third party apps, representing a security risk.
CarrierIQ itself isn't the problem, it's a diagnostic device with legitimate functionality for mobile devices(we want our service to get better, this requires certain aspects of reporting.)
The problem stems from CarrierIQ being implemented poorly, and reporting information which is not reasonable for diagnostic uses or privacy reasons.
As such I feel like this is being blown out of proportion, Apple's use of carrier IQ has never been anything to worry about. A user can optionally choose to participate. (I.e it's not an opt-out scenario) and the information it sends is benign and not personally identifiable.
The issue has been that some vendors have been adding full-capability CarrierIQ to android handsets which then have been shown to be reporting more than what can be considered reasonable, including allegations of key logging. This is obviously wrong and should be corrected. (Or simply removed.)
> have been shown to be reporting more than what can be considered reasonable
Funny how you first lament that the issue is being blown out of proportion wrt Apple and then blow it out of proportion yourself. Nobody has shown what data is being reported or indeed, evidence that any data is being reported at all.
They primary issue at this point seems to be that the temporary local logging of the data represents a security risk on these devices even if it is never reported.
No evidence yet that this information is being sold to third parties, or even used internally for sales purposes. Although the latter would be pretty obvious and not surprising (to me at least). Is there something buried in the TOS that alludes that they may do this?
All it would take is someone who knows what they are doing to go check real quick. report back whether or not the phone is throwing out information or not.
I think what's really remarkable about this is that Apple issued a statement seemingly less than 24 hours after it became an issue. In the past, Apple has tended to wait a week or so before issuing statements, resulting in a lot of criticism and the issues sometimes steamrolling simply due to the fact that the charges aren't answered.
I'm not at all surprised that Apple isn't violating users privacy.
Apple's delays in PR announcements normally seem like they're the result of not wanting to say anything until they have something substantive to say. They're really not big on "we know it's a problem, hang tight..." announcements.
In this case they're coincidentally a bit ahead of the ball, so there's no need to wait and formulate a plan.
I'm pretty sure Apple's "wait a week" clock began ticking when the initial flurry of reports about CarrierIQ on Android started circulating, not yesterday...
Where 'wait a week' probably is: some high level manager or vp asks people to investigate this to get all the details before putting out any statements.
All due respect, Apple should not need to use CarrierIQ.
They are a hardware company that sells the hardware it makes direct to consumer. They are perfectly positioned and quite capable of writing their own "rootkits".
Of course, when they do everything possible to prevent you from "rooting" the phone you purchase from them it's a tad more difficult to check for such things.
For the average non-technical iPhone customer it would seem next to impossible.
True, but it seems that CarrierIQ is, as its name implies, a service for the carriers. Since Apple doesn't let ATT et. al. customize iOS, it likely got into the OS as part of the bargain with them.
Right. The way I see it, CarrierIQ gives carriers the kind of information that Apple could, in theory, gather quite easily. Maybe that was the idea behind CIQ? Just taking a wild guess.
haha! must be hard to realise for some ppl that not only the gov is spying on them, but almost everyone else too. and you've paid thousands of dollars for this feature!
You're missing the point. Carrier IQ enables several different levels of functionality. It can allow anonymous usage tracking (like what Apple allows you to opt-in to), or it can log every keystroke. Apple hasn't ever had the key-logging installed. They're guilty of using a product that others used poorly. There's a big difference between asking users to opt-in to anonymous tracking and key logging; equating the two is a gross exaggeration.
Apple acknowledges that some references to Carrier IQ are still in iOS 5, but the limited functionality has been completely disabled. The next step is to remove all the deactivated references. Doesn't seem to be anything inconsistent with their statements there.
do I detect some Apple employees/shareholders in here?
I think the (CIQ)video made pretty clear the fact that YOU CANT TURN IT OFF and that THERE IS NO OPT IN/OUT button because you would have to be digging around like a technophile to find it in the first place. I would not be at all surprised if Apple uses something like this. Wireshark anyone?
The CIQ video was of the Android software. Initial analysis of the iOS version of the CIQ software indicates it isn't nearly as intrusive as the Android version.
And from all indications (the researcher vs. what Apple states) is that you can explicitly turn it off.
Do you have a link to the video of CIQ on an Apple product where it cannot be disabled or opted out of? Or are you citing a video covering an Android phone and incorrectly drawing conclusions about an Apple product?
It seems obvious to me that carriers or manufacturers can collect that data if the user explicitly agrees to it (by actually flipping a switch without being forced or tricked into doing so).
Carrier IQ is only a problem if it is turned on by default and if it collects more data than is explicitly said∆.
—
† If the Diagnostics & Usage switch indeed controls Carrier IQ then we already know that the last two conditions are met.
∆ This is only the minimum viable evilness. Worse kinds of evil are imaginable, like not telling users anywhere that data is being or collected or making it hard for users to turn the collection of data off.