iPhone hacker chpwn has posted an informative look into how Carrier IQ is incorporated into iOS. Unlike the version Trevor Eckhart discovered in his Android devices, Carrier IQ for both iOS versions 3 and 5—version 4 is still unknown—is disabled by default. If the appropriate setting is enabled on iOS 5, the user can disable it with a single setting change.

When enabled, does Carrier IQ on iOS capture the same level of data that was seen in Trevor Eckhart’s Android demo? No, it appears Apple has limited much of what Carrier IQ will monitor. Below are chpwn’s findings:

• CoreTelephony
  • your phone number
  • your carrier
  • your country
  • active phone calls
    • (However, I only saw it noting that a phone call was active, not what number was dialed or it was received from. But, I am not going to claim it doesn’t do that: it’s certainly possible, but didn’t see it.)
• CoreLocation
  • your location (Only, however, if Location Services are enabled.)
  • (Possibly more I haven’t yet found.)

As Carrier IQ claims in their video, communication with the remote server is all done via SSL. Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely.

1. Launch “Settings”
2. Select “General”
3. Select “About” (first entry)
4. Select “Diagnostics & Usage” (towards bottom)
5. Select “Don’t Send” if not already selected