The Carrier IQ scandal has broken everywhere since we first reported it yesterday morning. The invasive rootkit is installed on over 140 million phones the world over, and logs everything you do with your device, from the numbers you dial to the smutty pictures you send to your girlfriend.
Yesterday, we reported the story as one proving Steve Jobs right about how Android tracks everything you do, but a day later, things seem a lot less black and white. Carrier IQ’s software comes pre-installed on other devices besides Android, like BlackBerrys and Nokias, and as even the name of the software suggests, seems to be something installed by carriers. And, as it turns out, some iPhones. Luckily, disabling it is the easiest thing in the world, and it logs none of your personal information, unlike the software’s more nefarious Android counterpart.
Developer and hacker chpwn explains how Carrier IQ works:
Carrier IQ, the now infamous “rootkit” or “keylogger”, is not just for Android, Symbian,BlackBerry, and even webOS. In fact, up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone. However, it does appears to be disabled along with diagnostics enabled on iOS 5; older versions may send back information in more cases. Because of that, if you want to disable Carrier IQ on your iOS 5 device, turning off “Diagnostics and Usage” in Settings appears to be enough.
In other words, all you need to do is install iOS 5 and turn off “Diagnostics and Usage” and Carrier IQ is nuked. Even if you don’t, though, it’s far less dangerous on iOS:
Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely.
So it seems on iOS, at least, Carrier IQ is fulfilling its function of allowing carriers and Apple to diagnose problems with a handset. It stores only a limited amount of information, none of it personal, and can easily be opted out on. On Android devices, however, it logs everything, may or may not be sending your personal data to external servers and is impossible to shut off. So while Carrier IQ may not be unique to Android, the nefarious aspects of the software certainly seem to be,