Skip to main content

Carrier IQ is on some iOS devices, but doesn’t appear as nefarious as on other platforms

The bad news is that yes, Carrier IQ is running on iPhones right now, as we speak.  Carrier IQ, you’ll recall is the rootkit that Carriers put on many of their phones to monitor customer usage.  As a security researcher found out, Carrier IQ monitors keystrokes and sends that back to its own servers.  On Apple’s devices, it appears to have been cut off from such activities.  Developer chpwn breaks it down:

Carrier IQ, the now infamous “rootkit” or “keylogger”, is not just for Android, Symbian,BlackBerry, and even webOS. In fact, up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone. However, it does appears to be disabled along with diagnostics enabled on iOS 5; older versions may send back information in more cases. Because of that, if you want to disable Carrier IQ on your iOS 5 device, turning off “Diagnostics and Usage” in Settings appears to be enough.

So it appears that on iOS it stores less information, and it doesn’t seem to be sending anything as long as ‘Diagnostics and Usage’ (iOS 5) is turned off – which is the default (you are asked to enable it during the iOS5 setup). On older versions of iOS, especially v3, it appears to be sending data without a toggle.

Verizon representatives have said that they do not run Carrier IQ on their devices which include iPhones, iPads, and Android, Blackberry and other devices.  Other carriers have yet to make a statement on the matter but Carrier IQ brags on its homepage that it tracks information on 141 million devices (and counting) which is about half of the US population.

On iPhones where Carrier IQ is activated, it appears to send the following information back to the servers:

  • CoreTelephony
    • your phone number
    • your carrier
    • your country
    • active phone calls
      • (However, I only saw it noting that a phone call was active, not what number was dialed or it was received from. But, I am not going to claim it doesn’t do that: it’s certainly possible, but didn’t see it.)
  • CoreLocation
    • your location (Only, however, if Location Services are enabled.)
  • (Possibly more I haven’t yet found.)
Interestingly, the only devices found to be entirely free of Carrier ID are Google’s Nexus products and Windows Phone 7.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel