Apple released a statement indicating that it stopped using Carrier IQ in most of its devices with the release of iOS 5, and that they “will remove it completely in a future software update.” Apple’s statement follows:

“We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”

[Via AllThingsD]

Verizon has also released a statement clarifying that none of their devices have Carrier IQ installed. From GigaOm:

“Any report that Verizon Wireless uses Carrier IQ is patently false,” Verizon Wireless spokesperson Jeffrey Nelson said in an email. In an email follow-up, spokeswoman Debra Lewis elaborated. “We did recently notify customers about new privacy programs; we were transparent about how customer information will be used and gave clear choices to customers about whether they want to participate in these programs,” she said (the privacy policy is here). “Carrier IQ is not involved in these programs.”

According to Business Insider, Nokia has stated that their devices do not come loaded with Carrier IQ. From the article:

Nokia says it does not authorize Carrier IQ on its devices. Nokia calls reports of Carrier IQ being found on its phones “inaccurate.” Nokia also says that Carrier IQ doesn’t support Nokia phones, so it’s impossible to be installed later.

RIM has also stated that none of its BlackBerry devices come with Carrier IQ. From the article:

RIM is aware of a recent claim by a security researcher that an application called “CarrierIQ” is installed on mobile devices from multiple vendors without the knowledge or consent of the device users. RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to CarrierIQ.

This contradicts Trevor Eckhart’s original assertion that BlackBerry devices—in addition to Android devices—have Carrier IQ installed.

iPhone hacker chpwn has posted an informative look into how Carrier IQ is incorporated into iOS. Unlike the version Trevor Eckhart discovered in his Android devices, Carrier IQ for both iOS versions 3 and 5—version 4 is still unknown—is disabled by default. If the appropriate setting is enabled on iOS 5, the user can disable it with a single setting change.

When enabled, does Carrier IQ on iOS capture the same level of data that was seen in Trevor Eckhart’s Android demo? No, it appears Apple has limited much of what Carrier IQ will monitor. Below are chpwn’s findings:

• CoreTelephony
  • your phone number
  • your carrier
  • your country
  • active phone calls
    • (However, I only saw it noting that a phone call was active, not what number was dialed or it was received from. But, I am not going to claim it doesn’t do that: it’s certainly possible, but didn’t see it.)
• CoreLocation
  • your location (Only, however, if Location Services are enabled.)
  • (Possibly more I haven’t yet found.)

As Carrier IQ claims in their video, communication with the remote server is all done via SSL. Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely.

1. Launch “Settings”
2. Select “General”
3. Select “About” (first entry)
4. Select “Diagnostics & Usage” (towards bottom)
5. Select “Don’t Send” if not already selected

Android app developer Trevor Eckhart discovered that hidden in his Android phone was tracking software by Carrier IQ, which he feels exhibits the traits of a rootkit. So what does it track? How about key presses, geographic locations, and messages received by its users.

On Monday, Trevor posted the following video to YouTube, exposing what the Carrier IQ software monitored on his stock HTC EVO handset:

Amazingly enough, the users are never informed of this app, nor are they given the ability to toggle whether the monitoring service should run. Instead they are forced to trust Carrier IQ, and Carrier IQ’s customers, for the privacy of any data collected.

Performing damage control, Carrier IQ has posted a Media Alert, clarifying how their software is used by customers. I find the following snippet interesting:

While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools.

The video clearly shows the monitoring software is capable of recording keystrokes. What’s more concerning is how the software can see variables passed via an encrypted website as if they were never encrypted.

If you think that avoiding Android powered devices will exempt you from this privacy invasion, think again. In addition to Android, Carrier IQ also has software available and installed on BlackBerry, Apple iOS and Nokia devices.

Update: It has been determined that iOS devices also contain Carrier IQ.

[Via The Register]