Carrier IQ: Mobile App Crap Must Stop - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Carrier IQ: Mobile App Crap Must Stop
Threaded  |  Newest First  |  Oldest First
Bob O
50%
50%
Bob O,
User Rank: Apprentice
12/1/2011 | 4:02:32 PM
re: Carrier IQ: Mobile App Crap Must Stop
It is being reported by The Verge that well known hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5.
NotTellinYou
50%
50%
NotTellinYou,
User Rank: Apprentice
12/2/2011 | 12:58:49 AM
re: Carrier IQ: Mobile App Crap Must Stop
This is not a correct representation:

http://arstechnica.com/tech-po...
Counsel-or
50%
50%
Counsel-or,
User Rank: Apprentice
12/1/2011 | 4:07:09 PM
re: Carrier IQ: Mobile App Crap Must Stop
Except, it had been found in iOS devices... it isn't on all Android or other devices... Did you read the whole blog post?
NotTellinYou
50%
50%
NotTellinYou,
User Rank: Apprentice
12/2/2011 | 12:59:14 AM
re: Carrier IQ: Mobile App Crap Must Stop
DavidMichael
50%
50%
DavidMichael,
User Rank: Apprentice
12/1/2011 | 4:15:22 PM
re: Carrier IQ: Mobile App Crap Must Stop
So the app is getting all the keystrokes - what is it doing with this data, that's the question.
AmberB
50%
50%
AmberB,
User Rank: Apprentice
12/1/2011 | 5:03:42 PM
re: Carrier IQ: Mobile App Crap Must Stop
That is only the first question. The next question is Who will they be sharing it with, and Will the originator of the data even be notified? We all know that law enforcement can, without a warrant and without any notification to the target, obtain all your email contacts and who you've been sending and receiving emails to along with all of your internet searches from Google, who btw is more than willing to provide the information when requested.

What their original intentions are in collecting this data, unless they are outright selling it, are almost a secondary matter.

The police have the capability to use mobile cell phone towers to identify all cell phones within range, and to spoof the real towers to intercept all messages from all phones in range. They are currently testing this out in Britain. The argument I hear is "if you're not doing anything wrong, you have nothing to worry about", but this is so short-sighted. How about the UC Davis protesters? How secure do the people standing around with their cell phones feel if the police can capture the identity of every cell phone in range and match it up with the IQCarrier data? What if a couple of those police are upset at some of those students because they feel they were made into a fool? Police corruption is not just something in movies.

I am so pleased that the EFF got involved in this. All of us as citizens need to be aware of privacy issues. The reason we have our constitutional rights is so people can have a fighting chance to expose and protect ourselves against corruption in our police departments and government. We need to stop just this kind of incursion, even if their reason for collecting the data is supposed to help us.
SIR000
50%
50%
SIR000,
User Rank: Apprentice
12/1/2011 | 4:43:40 PM
re: Carrier IQ: Mobile App Crap Must Stop
From the Verge updated: Apple has added some form of Carrier IQ software to all versions of iOS, including iOS 5. However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default. Finally, the local logs on iOS seem to store much less information than what has been seen on Android, limited to some call activity and location (if enabled), but not any text from the web browser, SMS, or anywhere else. We'll let you know when more details arise.
NotTellinYou
50%
50%
NotTellinYou,
User Rank: Apprentice
12/2/2011 | 1:00:22 AM
re: Carrier IQ: Mobile App Crap Must Stop
This is not correct. The only iOS 5 device that still includes this software is the iPhone 4 and will be removed in an update. In any case the software only sends the data if the user opts in.
brenna1
50%
50%
brenna1,
User Rank: Apprentice
12/1/2011 | 5:24:36 PM
re: Carrier IQ: Mobile App Crap Must Stop
Well all that fear mongering and gloating over the "perfect and not being spyed upon" iphone is out the window, eh? This article reads like an ad for the iphone and makes one wonder what the motivation might be to write something of this nature?
jfeldman
50%
50%
jfeldman,
User Rank: Ninja
12/6/2011 | 11:18:03 PM
re: Carrier IQ: Mobile App Crap Must Stop
I talk a little bit about my relationship with Apple in my follow-up story. I think you'll be satisfied. http://bit.ly/ryUv6J
jfeldman
50%
50%
jfeldman,
User Rank: Ninja
12/6/2011 | 11:24:42 PM
re: Carrier IQ: Mobile App Crap Must Stop
Brenna, I talk about my relationship with Apple in my follow up post: http://www.informationweek.com.... Thanks.
david_400
50%
50%
david_400,
User Rank: Apprentice
12/1/2011 | 5:58:57 PM
re: Carrier IQ: Mobile App Crap Must Stop
Mr. Feldman,, please do some research and find out if Eckhart's allegation is true before you add to all the hype. His video looks like Logcat in Eclipse when USB debugging is enabled on the phone. The data goes over the usb cable to your computer only, where you can view it for debugging purposes. I just did it myself and saw sms messages, keystrokes, etc. This is normal. I'd like to see proof that the data is actually getting logged by CarrierIQ on the phone. -David, developer.
MSUKA000
50%
50%
MSUKA000,
User Rank: Apprentice
12/2/2011 | 9:12:57 PM
re: Carrier IQ: Mobile App Crap Must Stop
It's clear Apple has allowed this stuff on their phones. A giant oversight by you Mr. Feldman. Regardless of whether or not you have to opt in, Apple let this garbage on their phones too. The 'Steve Jobs' model simply means Apple can outright choose for you what can and cannot go on the device. The Steve Jobs model is just shifting around control. Nothing more!

We've already seen Apple doing its own tracking for its own purposes.

arstechnica.com/apple/news/201...

Just how exactly is that any different? From the enterprise or user perspective, there is no difference in relation to a carrier forcing Samsung to put CarrierIQ on their devices. No model which 100% prevents garbage like this from getting on your phone.

Mr. Feldman also seems to forget about Sony installing a rootkit in years past ("We all knew that spyware existed on PCs, but the big difference is that spyware and rootkits got installed by malicious third parties,"). That's a big swing and a miss don't you think?

en.wikipedia.org/wiki/Sony_BMG...

It drives infosec people up the wall when someone says you need the Apple way of thinking to be secure. It's simply NOT TRUE and the sooner people realize this, the better off everyone will be.
MSUKA000
50%
50%
MSUKA000,
User Rank: Apprentice
12/2/2011 | 9:14:13 PM
re: Carrier IQ: Mobile App Crap Must Stop
I'm against pre-loading app garbage as much as the next person, Still, asking for the Steve Jobs model is no where close to the answer. It's clear Apple has allowed this stuff on their phones. Regardless of whether or not you have to opt in, Apple allowed it on their phones too. The 'Steve Jobs' model simply means Apple can outright choose for you what can and cannot go on the device. The Steve Jobs model is just shifting around control. Nothing more!

We've already seen Apple doing its own tracking for its own purposes. Feel free to google "Apple tracks your location".

Just how exactly is that any different? From the enterprise or user perspective, it's ALL privacy related information. There is no difference in relation to a carrier forcing Samsung to put CarrierIQ on their devices. No model 100% prevents garbage like this from getting on your phone.

("We all knew that spyware existed on PCs, but the big difference is that spyware and rootkits got installed by malicious third parties,").

With the risk of being rude, do you live in a vacuum? You seem to have forgotten about Sony installing a rootkit in years past That's a big swing and a miss don't you think? Google "Sony BMG rootkit". Not to mention the ongoing issues with legitimate purchases of USB flash drive preloaded with viruses.

It drives infosec people up the wall when someone says you need Apple and their level of control to be secure. It's simply not true and it's perpetuating a myth.
jfeldman
50%
50%
jfeldman,
User Rank: Ninja
12/6/2011 | 11:21:43 PM
re: Carrier IQ: Mobile App Crap Must Stop
I'm not really talking about APPLE, per se, but the MODEL that Apple uses. As I say in my follow-up story, the "off" switch on the Apple platform was present because of the differing model: Apple has a relationship both with the carriers AND the end user, whereas Carrier IQ only has one with the carriers. Why would it put in a user "off" switch? Hope that helps you understand where I'm coming from.
YMOM100
50%
50%
YMOM100,
User Rank: Apprentice
12/3/2011 | 2:46:41 PM
re: Carrier IQ: Mobile App Crap Must Stop
Only recently with iOS 5 Apple no longer bundles CarrierIQ with iPhones. So it isn't as if Apple is soooooo much more upfront and honest about this.
ATTcellguy
50%
50%
ATTcellguy,
User Rank: Apprentice
12/5/2011 | 6:45:49 PM
re: Carrier IQ: Mobile App Crap Must Stop
My comments about Carrier IQ, also posted on Verge and Washington Post.

I have worked in the Cellular Industry as a engineer since 1980. For the past 30 Years, ALL carriers have had access to this information (even in the old analog days)! Cell Towers pass a lot of 'tracking' information to the MSC (Mobile Switching Center) used in call delivery and hand-offs etc. This information includes mobile numbers, location (cell site/antenna face (direction)/etc.), RSSI (Receive Signal Strength Indicators), phone power settings, network call set up info (channel/time slot/authentication/cell tower, etc). This is separate than the "Billing Information" which is also collected (numbers dialed, times, etc.) It also logs 'dropped calls', failed hand offs and other network problems from the cell phone ! A carrier already has access to ALL this information (How else could you send your SMS/TXT, be routed to your WEB page or even complete your call? They DO NOT NEED "Carrier IQ" for anything especially in relation to "System Performance".

This information is stored on the MSC for a short period of time (usually a few days) and is then automatically overwritten (for storage reasons). BUT during those few days this information can be Accessed and downloaded, to provide ALL the information the Carriers say they NEED !
This information is 'buried' deep in the switch were very few engineers have the log-on authority and permission to access it, even under Court Orders (yes the government can order carriers to provide it) - BUT it's there I know, I was one of the few (for AT&T).

Carrier IQ goes way beyond this and records "Key Strokes". This root program knows what your typing BEFORE it gets encrypted (by the network) or even reaches a HTTPS/SSL 'secure' web page (like your bank).

As pure speculation in respect to AT&T, I'd almost bet, It's a case of the "Marketing Department" NOT talking with the Network Engineers or being told "No". Wanting this information, they could easily 'influence' the phone manufactures to include Carrier IQ. They are the people that do the 'buying' (ordering) of the phones to be sold buy the carrier. The VP of Marketing will ALWAYS out rank the VP of Engineering when it comes to sales and 'Gross Adds' (customers).

Sincerely,

ATTcellguy


2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Slideshows
10 Top Cloud Computing Startups
Cynthia Harvey, Freelance Journalist, InformationWeek,  8/3/2020
Commentary
How Enterprises Can Adopt Video Game Cloud Strategy
Joao-Pierre S. Ruth, Senior Writer,  7/28/2020
Commentary
Conversational AI Comes of Age
Guest Commentary, Guest Commentary,  8/7/2020
Register for InformationWeek Newsletters
Video
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll