Oh well,
back to carrier pigeon for me then.
Seriously though, WTF!? Has anyone had a play with the iPhone to see if St. Jobs has snuck something similar on his gadget? Wouldn't be surprised (sadly) after the 'consolidated.db' fuss.
An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users. In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ …
The article says that while it was demonstrated on an Android handset software from the same company with similar functionality is present on Blackberry and Nokia handsets too. Parent asks, not unreasonably, whether anyone has checked whether it is also on another rather popular phone model.
This is software that the phone companies add to phones on their network. Probably in the phone software, but it might even live in the SIM card?
The only customer testimonial on their website is from a 'Tier 1 Carrier' saying how much money they save with this monitoring software that 'can drill down to individual users' and provide detailed network traffic data. They use it to decide where and how to provide more capacity and quality of service where it is needed, apparently.
The issue is that, effectively, each carrier has a monopoly on phones that work on their network. I'm sure this would have come up before had we been forced to purchase laptops / PCs from our ISP. Since phones these days use software defined radios, my guess is that the difference between a iPhone 4 for one carrier and an iPhone 4 for another carrier is a simple reprogramming of an FPGA chip so that it speaks a particular carrier's transmission protocol. Really quite ridiculous that the carriers are allowed to control the cell phone market as they do.
Ahh yes, the redoubtable IP over Avian Carrier (IPoAC, rfc1149). Although I'd probably opt for IP over Avian Carriers with Quality of Service (RFC2549).
It's bandwidth is pretty impressive (how many 32GB micro-sd cards can you tape to the leg of a pigeon?) but it's latency is a bit high for a MMORPG let alone a FPS,
Pretty typical fandroid response there - millions of Android phones potentially compromised and the first thing you can say is "ah, but the evil iPhone must be MUCH worse.."
Of course it must. Google is your best pal after all, I'm sure this is all just some misunderstanding... Just thank god you don't have one of those AWFUL iPhones eh..
I'd expect this to have been found a long time ago it if were present on iphones, but it's taken a while to come to the fore on android. However, since the article doesn't say this doesn't exist in iphones, it's legitimate to wonder if it's been found not to exist or if it's not been tested. The commenter even gives a reason that we should wonder about it - it's not out of hatred, envy or anything! Asking that question is not an attack on apple, and it's not a claim that apple is better or worse than anyone else. Just grow up!
a very quick google search returns a lot of results of "iphone packet sniffer" so i'd suggest that if it was possible for some developer or carrier to get some malicious software like this installed onto an iPhone, someone would have already found it and there would have been a lot more shouting and accusing going on by the Androiders.
As I understand it, the only way to get this level of reporting on an iPhone is to either be Apple, or to have jailbroken your phone and then installed some dodgy piece of homebrew.
The poster appeared antagonistic because of his statement that he "wouldn't be surprised (sadly) after the 'consolidated.db' fuss."
The consolidated.db was a file on iPhones that cached information for location services. It was synchronised to your computer via iTunes. Due to a bug in the first few iterations of iOS 4 it accumulated data indefinitely rather than merely caching recent data. As a result, if a malicious user had access to your computer then he could extract a history of your movements going back to whenever you started using iOS 4.
That information wasn't collected for any purpose and it wasn't forwarded to anyone. In other words, it's completely unlike the application in this story, the offensive part of which is that it's deliberately collecting data and forwarding it.
So to say "I wouldn't be surprised if Apple have taken a deliberate conscious decision to monitor how its customers use their phones because, you know, they made a coding error once" is so nonsensical that it could be construed as deliberate flame bait.
Probably it's just that if you don't use an iPhone then you wouldn't pay that much attention to the specifics of any particular bug — the original author was correctly aware that the iPhone had previously made it possible for third parties to monitor users in some way and had incorrectly assumed malice.
Actually, he said I'm going back to carrier pigeons so quite clearly he finds it pretty abhorrent, and merely wondered what Apple had snuck in. To be honest, I don't blame him for wondering.
Either way, the referring to anyone as a Fandroid really doesn't come across as a very neutral ... if you were attempting to go for the moral high ground of course.
Of course though, who fsking cares. It's a phone. I got bored of iPhone jabber from friends years ago, and now Android is growing quickly, now I have to endure endless shlong waggling about what is best. I tend to buy Android phones, though not exclusively... I buy what I like and fits my needs. I really don't care about anyone else.
Some serious egg on face from the Apple crowd here today.
Their holier than thou approach has turned sour as it transpires every single iPhone ever made (with the possible exception of the original iPhone) has Carrier IQ build right in as standard regardless of which network you bought your phone from, or which country you live in:
iOS 3: /usr/bin/IQAgent
iOS 4 and 5: /usr/bin/awd_ice2 or /usr/bin/awd_ice3
This is clearly much worse that the situation where SOME Android/Blackberry/Nokia/WebOS phones had it....
That said however, the whole thing is yet another storm in a teacup... But it makes me laugh when iPhone "protectors" are made to look like total retards yet again.
Good thing you waited for the story to play out before getting on your shiny bandwagon. Egg on face? From that article:
"Update: chpwn notes that initial research indicated that Carrier IQ's software may only be active when the iPhone is in diagnostic mode. In a blog post, chpwn confirms that, based on his initial testing, Apple has added some form of Carrier IQ software to all versions of iOS, including iOS 5. However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default. Finally, the local logs on iOS seem to store much less information than what has been seen on Android, limited to some call activity and location (if enabled), but not any text from the web browser, SMS, or anywhere else. We'll let you know when more details arise."
Which do you think is worse now?
Oh come on you can't blame Android for it's phones needing a four core processor to work properly.
Obviously the problem is they have all this spyware working in the background, that's why people find they work a lot faster after being flashed with a custom ROM.
Sucks if you don't custom ROM it though, but that's the users' own fault for being dumb.
What a petty, arrogant little tech-snob you are? People want a phone, they would like it to work properly and they do not have time to take a 6 month course in Unix just to be able make a few phone calls, send a few SMS and sling a few birdies around the screen when killing time.
Perhaps we should get some people in to laugh at you as you most likely cannot crochet an intricate lace doily, plan and cook a 6 course meal for 30 people or play Chopin to concert standard, 'because "it's your fault for being so dumb"!
But's thats what expected with Android isn't it? I don't really know, just read the comments around here.
Reminds me a bit of that old joke:
Linux Air
Disgruntled employees of all the other OS airlines decide to start their own airline. They build the planes, ticket counters, and pave the runways themselves. They charge a small fee to cover the cost of printing the ticket, but you can also download and print the ticket yourself.
When you board the plane, you are given a seat, four bolts, a wrench and a copy of the seat-HOWTO.html. Once settled, the fully adjustable seat is very comfortable, the plane leaves and arrives on time without a single problem, the in-flight meal is wonderful. You try to tell customers of the other airlines about the great trip, but all they can say is, “You had to do what with the seat?”
Full list here: http://www.linuxscrew.com/2007/10/07/fun-linux-unix-windows-os-x-and-dos-airlines/
Nobody's buys into astroturfing posts by MS "technical evangelists" any more, since James Plamondon, your first boss, did his mea culpa.
Your data joke about an open-source airline merely means that you haven't seen, run or used a Linux distro since 2000. I find it interesting that the KDE4 desktop is so powerful, beautiful and easy to use that Win7 copied it from installation screen to desktop design. Imitation, the sincerest form of flattery.
but he is right. Best thing what happened to my HTC Desire was the Oxygen V2 Custom ROM and it's pretty easy to install. Ok, I've got some 20 years experience in Unix and some 30 with computers, but I used a prepackaged kit on Windows to install it with a few mouse clicks. I use computers because I'm lazy :)
Mines the one with the key to the room with the big shelf with system 7 manuals.
If a custom ROM is not available for their particular phone model. I would love to add Cyanogen to my LG Optimus S but it is not available. There is a community-developed version but it appears to still be in Alpha and I am not willing to brick my phone because it is ALLEGED there is spyware installed by the carrier on it.
I am neither an iPhone or an Android fan - I have a cheap mobile phone for calling & texting clients and friends, & thats all I give a shit about for a phone. I was merely musing on the general culture of Data-harvesting these days, that it seems to be endemic & increasingly invasive and surreptitious, regardless of platform. Jeez, what a jumpy bunch! (I'm sure this post will invite a few shots as well, so for those who feel the urge rising, may I suggest counting to 10?)
"Has anyone had a play with the iPhone to see if St. Jobs has snuck something similar on his gadget? Wouldn't be surprised (sadly) after the fuss."
Firstly, just to get it out the way, as others have mentioned this is to do with carriers. Secondly, this is a very different kettle of fish to 'consolidated.db' - not saying that incident was brilliant but I think most would realistically say that this one is a heck of a lot more serious.
Anyhoo, in answer to your question, yes they have - see http://twitter.com/chpwn however, various people online have written up this research in a quite readable way. At the moment, it likes like very little information is being gathered on iOS - e.g. tower strength - and it looks look it ties in with Carrier IQ's statement. I know some will say, and it's a good point, that any information is an issue, but there's nothing like keylogging going on.
Also, with iOS, it appears that you can make sure *nothing* is sent to Carrier IQ - users need to go to Settings → General → About → Diagnostics & Usage and make sure "Send Automatically” is switched to off (if switched on, the device will send diagnostics & usage to Apple).
Incidentally, it's reported that the Google Nexus One, Nexus S, Galaxy Nexus, and the original Xoom don't have Carrier IQ installed - http://www.theverge.com/2011/12/1/2602313/google-nexus-android-phones-and-original-xoom-tablet-do-not-include
Thanks, already read up on the current discoveries - hard to avoid really! Interesting whats coming out after my first comment - also intrigued by the range of reactions to it!! If you read my second comment (about 4 above yours) I think you'll see that I don't care about device platform - a phone is a phone is a phone for me, a utilitarian thing that affords me a certain amount of convenience. That I thought out loud about the iPhone harbouring similar "features" was, in hindsight, always going to be bait to the faithful - nonetheless, it was a relevant musing that could relate to any communication device. The iconic iPhone was simply the first alternative that came to mind. Thanks for your efforts & the info - nice to see an enquiring, level-headed approach to the subject.
Is this even legal in the UK (or EU)? Surely this qualifies as interception under RIPA for starters, and it is clearly not with informed consent of the user. Maybe about time the rules made quite clear what exactly you can and can't bury 622 paragraphs down in T+Cs and still take a punt at claiming you have consent. Being spied on for gain should never, ever be a permissible condition of taking a service.
Perhaps the carriers would like to explain explicitly what uses they put the data to?
This would be very clearly illegal in my country (Finland), and I am pretty sure in most other EU countries as well. This is after all a place where even web tracking cookies are illegal in principle. But I wonder if the software even appears in Europe? I got the impression from some articles that this is something some carriers put on phones they supply in contracts, and would not be in handsets not from carriers. If so, it is the carriers that would take the heat.
it isn't on my htc Sensation... But that is an unbranded version, so it could be either down to the carriers or it is a USA only thing.
Also, the idiot in the video doesn't seem to understand the difference between a packet sniffer (pulling data packets out of the network (wi-fi or ethernet)) and a USB-Debugging tool! If the phone was in Airplane Mode, there IS NO WAY that he could have sniffed the data, because the phone couldn't have sent any data!
Likewise the bozo complains about it giving the https address information from the browser, again, this is by design, it was in debug mode and gave out the URL to the debug stream, nothing sinister here... Now, if he had ACTUALLY sniffed the data packets and the data WAS being sent to Carrier IQ, that would be another matter entirely.
He just proved, that it was running and that it output gathered information over the USB port, when in Debug mode, which is what you would expect, but alas doesn't prove anything.