Update 2:10 p.m.: On Thursday afternoon, Sen. Al Franken announced that he's demanded answers from Carrier IQ about their tracking user behavior in a very detailed letter (PDF) to the company's president and CEO Larry Lenhart. He did not go easy on him:
I understand the need to provide usage and diagnostic information to carriers. I also understand that carriers can modify Carrier IQ’s software. But it appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics -- including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.
These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.
The Senator explained why so serious in a press release. "Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information," said Sen. Franken. "The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling. This news underscores the need for Congress to act swiftly to protect the location information and private, sensitive information of consumers. But right now, Carrier IQ has a lot of questions to answer."
Original Post: An Apple hacker has discovered that Carrier IQ, the shady smartphone software recently found to be logging keystrokes on Android and BlackBerry devices, is also installed on the iPhone. Don't worry, fanboys. It's off by default -- probably. After
As on other smartphones, the presence of Carrier IQ in Apple's iOS firmware is difficult to detect. Prominent iPhone jailbreaker "chpwn" discovered traces of the code on Thursday, after Android security researcher Trevor Eckhart dug into the code of his Google-made operating system to discover that Carrier IQ was recording tons of user data, even the contents of text messages. Hacker blogs are referring to Carrier IQ as a "rootkit," a type of virtually undetectable software that provides privileged access to your data. In 2007, CNET reported that rootkits were "tops on the criminal hackers' To Do lists," though Carrier IQ markets its services to mobile carriers like AT&T and Sprint, as the name suggests. It's also not a new service, as chpwn explains in a blog post (emphasis his):
In fact, up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone. However, it does appears to be disabled along with diagnostics enabled on iOS 5; older versions may send back information in more cases. Because of that, if you want to disable Carrier IQ on your iOS 5 device, turning off "Diagnostics and Usage" in Settings appears to be enough.
However, I think the blame here really belongs with the US carriers who obviously demanded this: personally, I am completely fine with this data being sent off (especially if it helps AT&T’s network improve), but I would definitely prefer if it was more transparent -- even if you can disable it with that toggle, Apple only explains that it "might contain location data".