Software developer Trevor Eckhart discovered a secret data logging app on Android, BlackBerry and Nokia phones that logs the user’s keystrokes and dispatches them off to Carrier IQ’s servers, as Wired reported on Tuesday. References to the spy software have now been found hidden in all versions of iOS as well, according to a report by The Verge.
Updated with more detailed information from iPhone developer Grant Paul below.
Carrier IQ, as Eckhart demonstrates in the video below, secretly records the numbers a user calls, their text messages, the content of Web searches (including encrypted ones) and a whole mess of other data. It then sends this data off to Carrier IQ’s servers, even if the phone itself is in airplane mode and connected to the Internet over WiFi.
Eckhart labeled the tracking software as a “rootkit”, an application that gains (or has been given) root access to a system without permission from the user, which led Carrier IQ to threaten him with legal action. The company later backed off when the Electronic Frontier Foundation (EFF) came to Eckhart’s aid.
Given Apple’s much more closed ecosystem and tighter control over both the hardware and software of its phones, and its famed refusal to let the carriers dictate what comes preinstalled on an iPhone, it had seemed unlikely that its operating system would have any traces of Carrier IQ’s software, but that has turned out to not be the case.
iPhone jailbreak developer Grant Paul (@chpwn) tweeted today that he’d found references to Carrier IQ in versions of iOS as recent as 3.1. ‘Intell’ on MacRumors Forums then found similar references in iOS v4.0 and up, and Paul himself later tweeted that Carrier IQ was included in iOS 5 as well, but under the name of “awd_ice#”.
It is not entirely clear right now if the software is enabled by default or not and how much data it tracks, if any, and if it then sends that over to remote servers. Paul did find that the carrier, phone number and location data appeared to be used by the tracker, but he says that it may only go into action when diagnostic logging is enabled on the phone (which it isn’t by default).
It is definitely not clear right now exactly how much data the Carrier IQ software is gathering on Apple’s iOS and whether it is then sending it over to the company’s servers, like it does on the other phones mentioned above. We have reached out to Apple for comment and we will update this article accordingly.
Update: Grant Paul has since published a blog post detailing everything he has discovered about Carrier IQ so far. He confirms that it is present on iOS versions 3 to 5 and does indeed seem to be logging the user’s details (such as their phone number, carrier and country) and GPS-based location (when location services are enabled).
Although he found various checks within the system that are supposed to prevent logging of data unless diagnostic logging is enabled on the device, he also saw logs in all three iOS devices he tested, despite his never having enabled the logging.
However, he is pretty certain that the tracking software does not have enough access to the system to be able to log your keystrokes, so it is not tracking the numbers you dial or text messages you send. He is also not certain how much of this data is sent to remote servers, if any at all, although he says that any data that is sent is sent over a secure SSL connection.
He ends on the note that the amount of data the software is logging, at least according to what he has been able to uncover so far, is harmless enough that he would not mind sharing it for analytical or diagnostic purposes, but “would definitely prefer if it was more transparent”.
So would we.