“You cannot solve a problem from the same consciousness that created it. You must learn to see the world anew.” Albert Einstein

Your Android & iPhone Phone are Secretly Recording Everything You Do

It was discovered that most (but not all) Android phones (and BlackBerries, and others) are recording every keystroke you make. Now, references to the same software have been discovered in Apple’s iOS. But in this case, it only logs technical data and it’s off by default.

Last night, prominent iOS hacker chpwn tweeted that he had found reference to the same, now notorious Carrier IQ software in iOS 3. After just a little more poking and prodding, it was confirmed that these references exist all the way up to modern day iOS 5, they’re just under a different name: /usr/bin/awd_ice2. But wait, before everyone starts returning their iPhones (none of you were going to do that anyway), there’s a bit of good news.

It seems that the data Carrier IQ has access to is much more limited than it is on Android. From chpwn’s blog: "…it does not appear the daemon has any access or communication with the UI layer, where text entry is done." That is extremely good news if it proves to be true, because it would mean that iOS wouldn’t be logging your passwords, emails, SMS messages, etc. Even more good news: CarrierIQ only kicks in when the iPhone is in Diagnostic Mode, which is off by default. So you’d have to actively tinker with settings you never use for it to work.

When activated, though, CarrierIQ does appear to log your name, phone number, carrier information, some info about the calls you are making, and your location (if Location Services are enabled). There may well be more, they just haven’t found it yet. We’ll update as we learn more.

What Is Carrier IQ?

Last week, 25-year old Eckhart discovered a hidden application on some mobile phones that had the ability to log anything and everything on your device—from location to web searches to the content of your text messages. The program is called Carrier IQ, and unlike the Android malware that’s been causing such a stir, it actually comes preinstalled by the manufacturer of your phone. In fact, you can find it on a bunch of different devices, including Android, Nokia, and BlackBerry phones. It’s what’s known as a rootkit—a program with massive amounts of privileges that hides its presence from the user. It was originally designed to log things like dropped calls and bad data connections for troubleshooting purposes, but manufacturers like HTC and Samsung have modified it to run in the background, completely undetectable, with no option to opt out of its "services". At best, it slows down your phone, and at worst, anyone on the other end of the application could, in theory, read your text messages, see what you search on the web, and much more.

Worst of all, after being confronted, phone manufacturers, wireless carriers, and Carrier IQ themselves have tossed around blame, saying they aren’t doing anything wrong. Some have and their privacy policies aren’t super specific on what they collect and use. Sprint claims they are "unable to look at the contents of messages, photos, or videos" using Carrier IQ, but Eckhart claims differently. I highly recommend reading Eckhart’s article for a deeper look at how Carrier IQ works and how it’s manifested itself on certain devices.

Update: Our original article stated that the software also came preinstalled on iPhones and dumphones, which has not been confirmed. That information came from this article at Geeks.com, and we actually believe that to be a typo. Considering it hasn’t been mentioned in any other source, and that the iPhone isn’t on Eckhart’s list of affected devices, we’re removing it until other sources say otherwise. Thanks to everyone who pointed this out.

Update #2: It looks like Carrier IQ does, in fact, run on iOS, but in a much more stripped down version that isn’t so offensive to the privacy-conscious. It’s also very easy to turn off. Check out this blog post for more information.

How to Tell If It’s Running On Your Phone

Right now, Android users are the only ones able to detect and remove the program. However, depending on your phone, you may have to be rooted to do so. Once rooted, running the "CIQ Checks" task in this app on XDA will tell you whether it’s running on your system. On HTC phones, you can also search for the app in Settings > Applications as described in the video above, but using the Logging Checker app is the most reliable way to check.

Note also that if you’re running an Android Open Source Project (AOSP) based ROM—like CyanogenMod—you do not have Carrier IQ installed on your system. These apps are based on the original, open source version of Android, and don’t include any carrier or manufacturer additions like Carrier IQ. If you’re using a modded version of your manufacturer’s ROM, however—for example, a modded HTC Sense or Samsung TouchWiz ROM—you could still have it installed. To avoid this, either flash AOSP based ROMs, or flash ROMs with Carrier IQ specifically removed (many will say NOCIQ or something similar on their description pages).

How to Remove It From Your Device


If you want to remove it from your device, you have two choices. Either flash a custom ROM that doesn’t contain Carrier IQ (as described above), or use Eckhart’s Logging Test App to remove it. Both solutions require rooting your phone.

To remove it with the Logging Test App, download the original app and then buy the $1 pro license from the Android Market. Then, open it up, hit the Menu button, and tap "Remove CIQ". This will completely remove it from your device.

Update: Some of you are noting problems with this function of the Logging Test App, So be wary if your phone isn’t one of the devices it’s confirmed to work on. As always, make a backup before you use anything with heavy root permissions. If you’d rather not deal with the Logging Test App, I highly recommend flashing a custom ROM like CyanogenMod instead.



One response

  1. Keep up the good work!

    December 1, 2011 at 11:42 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s