Germany Questions Apple Over Carrier IQ Use

| News

Germany’s Bavarian State Authority for Data Protection has sent Apple a letter requesting information about how the iPhone maker uses Carrier IQ to track user activity. The request follows reports that smartphone makers have been logging user activities without their knowledge.

Germany wants to know how Apple uses Carrier IQApple has already acknowledged that it has been using the software, but stopped supporting it with the release of iOS 5. The company also plans to remove all traces of the code with a future software update, and that it has never logged keystrokes, unlike Android-based phones.

“We read in the press about the privacy concerns the software may pose and decided to ask Apple about the details,” commented Thomas Kranig, head of the regulatory agency, according to Bloomberg. “If Apple decided to cease the use, all the better.

Carrier IQ came under fire when Trevor Eckhart showed that the software was logging all of the keystrokes on his Android-based phone. Carrier IQ denied the accusation, and sued Mr. Eckhart over the claims.

While Carrier IQ may appear somewhat insidious on Android devices, it appears it was far less so on iOS. Apple gathers basic data only after users expressly give permission, doesn’t track keystrokes, and anonymizes any data that may be transmitted.

“With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information,” said Apple spokesperson Natalie Harrison.

Senator Al Franken is interested in finding out what Carrier IQ is up to, as well. He issued an open letter to the company questioning what types of information is gathered from smartphones, and how it is collected.

Previously, the Senator called Apple to task over location tracking data it was collecting from iPhone users.

Apple has not commented on Germany’s request for information.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

9 Comments Leave Your Own

Garion

Germany?s Bavarian State Authority for Data Protection could have saved an envelope and a postage stamp if they’d only cared to read Apple’s official statement on the matter.
It states quite clearly how Apple used Carrier IQ and more importantly, how not.

daemon

Germany takes it’s citizens’ privacy rather seriously. After the actions of Nazi Germany and the attempted genocide of anyone without blonde hair and blue eyes, people with an iq below 85, homosexuals, and dirty hippies can you really blame them and the rest of Europe for going the extra mile to keep personal information personal?

I hope Tim Cook is prepared for this.

Nemo

Dear daemon:  I think that Mr. Cook and Apple’s lawyers are well prepared.  Perhaps, you haven’t been following this story, but the implementation of Carrier IQ on Apple’s devices was opt-in.  That is, to transmit any data off the iPhone, Apple’s customer had to opt-in by activating that option.  Also, unlike the HTC Android phone and many other Android phones here in the U.S., Carrier IQ on the iPhone only collected some limited data.  This is Apple’s statement on the matter:

We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

And an independent third-party investigation verified that statement:

Update: chpwn notes that initial research indicated that Carrier IQ?s software may only be active when the iPhone is in diagnostic mode. In a blog post, chpwn confirms that, based on his initial testing, Apple has added some form of Carrier IQ software to all versions of iOS, including iOS 5. However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default. Finally, the local logs on iOS seem to store much less information than what has been seen on Android, limited to some call activity and location (if enabled), but not any text from the web browser, SMS, or anywhere else. We?ll let you know when more details arise.

So the only information collected was some call activity and the user’s location, which was collected only if the user enabled location tracking, and even that information was not transmitted anywhere, unless the user opted-in to permit that.  So I think that Apple, under the facts that we know now, will be okay even under Europe and Germany’s more stringent privacy laws, and Apple, therefore, shouldn’t have any problems in Germany or the EU, much less encounter the kind of sanctions and trouble that Google and Facebook have suffered in the EU.

geoduck

But that begs the question. If as it says in the article that this is “invidious” on Android devices then why are they grilling Apple? Or did they also send letters to The other manufacturers and we just haven’t heard about it.

Nemo

Geoduck:  That is a good question.  Let me speculate.  Carriers in the EU may simply have chosen to not install Carrier IQ on cell phones in their domestic markets because of the EU and certain nations in the EU much more stringent privacy laws.  So there may simply have been no market for the Carrier IQ software in the EU, and, thus, no carrier or OEM installed Carrier IQ on smartphones headed for the national markets in the EU.  Indeed, Apple may not have installed any version of Carrier IQ on its iPhones for EU markets, not even the non-invasive and limited version that has been found on iPhones here.

But if my speculation about the installation of Carrier IQ on EU phones is incorrect and if Carrier IQ is prevalent on cell phones in the EU, I would expect the appropriate department of the EC to query those responsible for installing it, using it, sharing data collected from it, and/or otherwise benefiting from Carrier IQ on EU phones.

iJack

I’m still waiting for someone here to discuss the possibility, or even probability, that some US Government agency had a hand in ensuring the ubiquity of CarrierIQ on cell phones.

I’ve seen it mentioned elsewhere, but it’s been strangely quiet here at TMO.  John?  Jeff?

And no, I don’t wear a foil hat, and I think they caught the right guy for shooting JFK.  I simply no longer trust my government.

daemon

That is, to transmit any data off the iPhone, Apple?s customer had to opt-in by activating that option.

Trevor Eckhart has demonstrated that trying to “op-out” of data collection resulted in no change of Carrier IQ’s software’s actions of recording and transmitting data back to it’s servers. Further he demonstrated that Carrier IQ’s claims that Carrier IQ does not record keystrokes or personal messages and retransmit them back to their servers are false.

In short Nemo, the evidence is against you.

Nemo

Dear daemon:  You are the one who is wrong, because Carrier IQ worked differently on the iPhone.  As the researcher that I cited, supra, discovered, Carrier IQ worked on the iPhone only to collect the very limited amount of data that I described in his direct quote, supra, and even then, unlike many Android phones, Carrier IQ on the iPhone could only transmit data, if and only if the user opted-in by enabling DiagnosticsAllowed.  I know of no evidence from any expert, credible or not, that disputes the findings of researcher that I cite supra in the slightest degree.

So, if you have some credible evidence more than just your fanciful musing to support your presently false notion that Carrier IQ on the iPhone isn’t opt-in but is opt-out, as it is on so many Android phones, please present or at least cite to that evidence here, so that we will have some reason to think that you are doing more than simply talking through your hat.

daemon

Nemo, you have no software expertise to speak of and have multiple times on these forums, even before you were made staff, perpetuated false information in regards to software development and functions.

You know about as much about Carrier IQ as you’ve read in Apple’s PR statements, statements that are identical to AT&T and Sprint that have been demonstrated by Eckhart as false.

If only you didn’t always parrot Apple’s party line I might have been persuaded by you Nemo.

Log-in to comment