Apple has finally weighed in on the Carrier IQ debacle according to AllThingsD. In a statement issued moments ago, the company said while it has used Carrier IQ’s network diagnostic software in the past, it recently stopped supporting it and plans to remove it from its mobile devices in a future software update. It also denied collecting any personal information.
We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.
Privacy concerns surrounding Carrier IQ were initially brought to light by Trevor Eckhart, a security researcher who became alarmed by the extent of information accessible by the analytic software. In the following video, Trevor presents much of his findings, which seemingly demonstrate Carrier IQ’s keystroke logging, location tracking and ability to intercept text messages. Even information that should be transferred only within encrypted sessions is captured in plain text by Carrier IQ.
During the entire demonstration, Trevor’s phone was in airplane mode, operating only over WiFi. Although his actions were outside the scope of his wireless carrier (Sprint), the software continued to monitor his every key press. On his Android device, it’s evident that Carrier IQ is running, even though it does not appear in the list of active processes. Further, the application doesn’t respond to “Force Quit” commands, and it’s set to startup when Android launches.