Carrier Iq Is On Some Ios Devices But Doesn T Appear As Nefarious As On Other Platforms

The bad news is that yes, Carrier IQ is running on iPhones right now, as we speak.  Carrier IQ, you’ll recall is the rootkit that Carriers put on many of their phones to monitor customer usage.  As a security researcher found out, Carrier IQ monitors keystrokes and sends that back to its own servers.  On Apple’s devices, it appears to have been cut off from such activities.  Developer chpwn breaks it down:

So it appears that on iOS it stores less information, and it doesn’t seem to be sending anything as long as ‘Diagnostics and Usage’ (iOS 5) is turned off – which is the default (you are asked to enable it during the iOS5 setup). On older versions of iOS, especially v3, it appears to be sending data without a toggle.

Verizon representatives have said that they do not run Carrier IQ on their devices which include iPhones, iPads, and Android, Blackberry and other devices.  Other carriers have yet to make a statement on the matter but Carrier IQ brags on its homepage that it tracks information on 141 million devices (and counting) which is about half of the US population.

On iPhones where Carrier IQ is activated, it appears to send the following information back to the servers:

• CoreTelephony

• your phone number

• your carrier

• your country

• active phone calls

• (However, I only saw it noting that a phone call was active, not what number was dialed or it was received from. But, I am not going to claim it doesn’t do that: it’s certainly possible, but didn’t see it.)

• CoreLocation

• your location (Only, however, if Location Services are enabled.)

• (Possibly more I haven’t yet found.)

• your phone number

• your carrier

• your country

• active phone calls

• (However, I only saw it noting that a phone call was active, not what number was dialed or it was received from. But, I am not going to claim it doesn’t do that: it’s certainly possible, but didn’t see it.)

• (However, I only saw it noting that a phone call was active, not what number was dialed or it was received from. But, I am not going to claim it doesn’t do that: it’s certainly possible, but didn’t see it.)

• your location (Only, however, if Location Services are enabled.)