Apple Clarifies CarrierIQ in iOS, Promises Removal

iPhone PrivacyApple has issued a statement clarifying its use of the controversial CarrierIQ software in iOS, and promised to remove all traces of the logging product in an unspecified future update. The company said it has never logged keystrokes, that it anonymizes the data, has always made participation an opt-in function, and stopped supporting CarrierIQ in the first place with iOS 5.

CarrierIQ became a hot button issue this week as a demonstration of what the software was logging on HTC Android devices was published to YouTube. That demonstration found that CarrierIQ hid itself from the list of running apps, logged every keystroke (including text messages) and button push the user made, logged phone numbers dialed, and even search terms made over what should have been an encrypted connection.

While the self-titled company denied that it was doing many of the things shown in the demonstration, heat immediately mounted against the company from users and privacy advocates concerned about all of this data being logged and sent to CarrierIQ servers without the knowledge or permission of users.

Late on Wednesday, another security researcher, chpwn, published findings that showed references to CarrierIQ in Apple’s iOS, meaning the software was present in one way or another on Apple’s iPhone. From a blog post by chpwn:

Carrier IQ, the now infamous “rootkit” or “keylogger”, is not just for Android, Symbian, BlackBerry, and even webOS. In fact, up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone. However, it does appears to be disabled along with diagnostics enabled on iOS 5; older versions may send back information in more cases. Because of that, if you want to disable Carrier IQ on your iOS 5 device, turning off “Diagnostics and Usage” in Settings appears to be enough.

He went on to detail how and when the software was activated, stipulating that it was only active when the user agrees to send diagnostic data to Apple. He also laid out what data was collected, writing, “I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely.”

On Thursday, Apple issued a statement that effectively matches chpwn’s research findings. The company said:

We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

CarrierIQ’s use on smartphones is a big deal, and it has already attracted the attention of Senator Al Franken (D-Minnesota), who wrote the company an open letter asking for detailed answers on what kind of information is being collected.

For iPhone users, Apple’s statement is a mostly positive development. On the one hand, the company used the software in the past, but on the other hand, it was an opt-in function that didn’t collect the kinds of personal data that is the most alarming about what was found on Trevor Eckhart’s HTC Android device.

At the same time, Apple said it stopped using the software in iOS 5—likely having developed its own home-grown solution for collecting diagnostic data—and pledged to remove any trace or reference of it from the operating system in a future update.

There’s a place in the cell phone industry for collecting diagnostic data—it can be very useful in improving performance on both the networks and devices we rely on. At the same time, it’s too easy for the corporations involved to lose sight of the differences between what they need, what they can get, and what they would like to have.

To that end, if you’ve made it to the end of this letter, you should take a moment to thank security researchers like chpwn, Trevor Eckhart (and the EFF for defending Mr. Eckhart against a CarrierIQ-threatened lawsuit) for exposing this kind of issue, and Senators like Al Franken who are concerned about privacy.

We should also note that Apple has issued its statement and that Nokia has also said it does not install CarrierIQ on its Symbian or Windows Phone devices (note that researchers have nonetheless found it on Nokia devices), but that other companies involved in this story have yet to do the same.