Carrier IQ tracking iPhone customers too, hacker says

Carrier IQ, a company that provides tracking tools to carriers and phone vendors, has come under fire as of late for monitoring Android-based devices. And now, the company's software has been found on the iPhone.

                         Apple's iPhone is running Carrier IQ's software too, according to Chpwn.

(Credit: Apple)

Carrier IQ's software is running on every iOS version dating back to iOS 3, well-known iPhone hacker "Chpwn" said yesterday in a blog post. Chpwn dug through the iPhone's operating system for any sign of Carrier IQ and found it deeply embedded in the operating system's "/usr/bin/" directory.

Yesterday, CNET reported on Carrier IQ's deep integration in Android. According to Android researcher Trevor Eckhart, who one of the more outspoken critics of the Carrier IQ's technology, the company's software running on Android devices can record and relay all kinds of information, including keystrokes, SMS messages in plain text, and even browsing history. What's worse, Eckhart says that removing the software is nearly impossible.

"The Carrier IQ application is embedded so deeply in the device that it can't be fully removed without rebuilding the phone from source code," Eckhart said in a blog post. "This is only possible for a user with advanced skills and a fully unlocked device. Even where a device is out of contract, there is no off switch to stop the application from gathering data."

However, Chpwn seems to believe that Carrier IQ works much differently on the iPhone. In fact, disabling its tracking in iOS is as simple as tapping over to the "Diagnostics and Usage" menu in the settings pane and toggling it off. Upon doing so, Chpwn says, no information is shared with Carrier IQ.

For those who don't turn the feature off, Chpwn claims Apple's Carrier IQ installation shares much less information than Android devices. He found that iOS shares "your phone number, your carrier, your country, active phone calls, and your location." However, unlike Android, Apple's installation doesn't share the phone number a user has dialed and only includes location information when "location services are enabled."

"I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely," Chpwn wrote.

The controversy surrounding Carrier IQ arose last month when Eckhart detailed how the software works, eventually labeling it a "rootkit." Carrier IQ, by contrast, has argued that its service, which is running on over 130 million mobile devices worldwide, is a "diagnostic tool" designed to "improve the quality of the network, understand device issues, and ultimately improve the user experience."

Sprint, which uses Carrier IQ's technology, echoed that sentiment in a statement to CNET last month, but reassured customers that it doesn't collect private information.

"Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service," Sprint told CNET. "We also use the data to understand device performance so we can figure out when issues are occurring."

"We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool," Sprint continued.

Neither Apple nor Carrier IQ immediately responded to CNET's request for comment on Chpwn's findings.

(Via The Verge)

Your Android Phone Is Secretly Recording Everything You Do.

If you have any decently modern Android phone, everything you do is being recorded by hidden software lurking inside. It even circumvents web encryption and grabs everything—including your passwords and Google queries.

 

Worse: it's the handset manufacturers and the carriers who—in the name of "making your user experience better"—install this software without any way for you to opt-out. This video, recorded by 25-year-old Android developer Trevor Eckhart, shows how it works. This is bad. Really bad.

Update: Nokia wrote to us saying that Carrier IQ's spyware is not included in any of their cellphones.

Fast forward to 9:00 for the damning sequence.

The spying software is developed by a company called Carrier IQ. In their site, the company says they are "the only embedded analytics company to support millions of devices simultaneously, we give Wireless Carriers and Handset Manufacturers unprecedented insight into their customers' mobile experience."

Who has this problem?

 

It seems like a good goal and, indeed, most manufacturers and carriers agree: according to Eckhart, the spyware is included in most Android phones out there.

Eckhart claims that Carrier IQ software is also included in Blackberry and Nokia smartphonestoo. It probably works exactly the same in those smartphones as well. However, there's no proof showing these problems in those phones. There's no mention about Apple's iPhone.

It also doesn't even matter if your telephone was purchased free of carrier contracts. As Eckhart shows in this video, it's always there.

The problem is that it does a lot more than log anonymous generic data. It grabs everything.

How does it work?

 

Carrier IQ's software is installed in your phone at the deepest level. You don't know it's there. You are never warned this is happening. You can't opt-in and you certainly can't opt-out.

The commercial spyware sits between the user and the applications in the phone so, no matter how secure and private your apps are, the spyware intercepts anything you do. From your location to your web browsing addresses and passwords to the content of your text messages.

This even happens using a private Wi-Fi connection instead of the carrier 3G or 4G connection.

The company denied all this in a public statement (PDF):

While we look at many aspects of a device's performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools

But the video clearly demonstrates that this is not true: Keystrokes submit unique key codes to Carrier IQ. Even secure connections are intercepted by the spyware, allowing it to record your moves in the open. These connections to the web are encrypted but, since Carrier IQ's spyware sits between the browser and the user, it grabs it and sends it in plain text.

The spyware can even log your location, even if the user declines to allow an app to know where it is. The hidden Carrier IQ app ignores your desires, intercepts the data and gets your location anyway.

What can you do to avoid it?

 

Unfortunately, not much. The hidden spyware is always running, and there's no option in any of the menus to deactivate it. Unless you're a grade-A blackbelt hacker, you're out of luck. Even Eckhart, who is a developer, finds it difficult to remove:

Why is this not opt-in and why is it so hard to fully remove?

It's an excellent question. One that urgently needs an answer, from Carrier IQ but especially from every handset manufacturer and carrier involved in this situation.

The solution to this problem is not installing a custom ROM. That's something that shouldn't be required from consumers, something that normal people will not be willing to do. Products must respect privacy rights out of the box. Consumers must be informed about this the moment they turn on their phones in a clear way. They should have the possibility to opt-in and opt-out whenever they want, with a single click. This matter should be solved now by Carrier IQ, the handset manufacturer and the carriers.

Fire in the Sky: iPhone Ignites on Australian Flight.

An Apple (Nasdaq: AAPL) iPhone 4 began emitting smoke and appeared to spontaneously combust on a recent Regional Express flight to Sydney, Australia.

The phone was emitting a significant amount of dense smoke, accompanied by a red glow, according to Regional Express.

Standard safety procedures were followed and no one on board was injured. The phone was handed over to the Australian Transport Safety Bureau for further investigation.

No such incident had happened on a Regional Express flight before, a spokesperson for the airline said, and there was nothing otherwise significant or unusual about that flight in particular.

Apple did not respond to our request to comment for this story.

Apple Explosions

It's not the first time an Apple product has apparently spontaneously combusted. Reports of flaming iPods and iPhones burning users or starting small fires have come up in the past, such as a 2009 report from Liverpool, England, where a father claimed his daughter's iPod touch exploded; he was reportedly offered a new one on the condition he sign a confidentiality agreement.

That and other reports, such as an iPhone 3G burning a significant hole through a car sear, have not been confirmed by the company.

In some cases it's been found that other technologies are at fault. For example, in 2010, a user reportedly complained that an iPhone 4 caught fire and burned his hand; it was later concluded that a faulty USB port was to blame.

However, when a mobile gadget does flame up on its own, it's often related in some way to the device's battery.

Apple has in the past recalled its first-generation iPod nanos sold between September 2005 and December 2006 because of the risk of batteries overheating. However, the problem isn't limited to Apple or handheld devices.

"There have been several issues with these batteries in the past, although the vast majority of the problems were with laptop batteries," Bill Morelli, director of mobile technologies and convergence at IMS Research, told MacNewsWorld. "A few years back there were several issues with laptop batteries manufactured by Sony (NYSE: SNE) that were related to problems in the manufacturing and ultimately led to a recall,"

Lithium Lags

Part of the reason mobile device battery safety risks persist is because of the highly complex chemistry needed to develop longer-lasting battery power. While advances in areas such as hardware and integrated systems have made giant leaps over the past decade, lithium ion battery technology is still a relatively recent development.

"Battery science is unfortunately a limited science and does not follow advancements likeMoore's Law with semiconductors," Ben Bajarin, director of Creative Strategies, told MacNewsWorld.

In larger-scale products such as battery-powered automobiles, the limitations pose a much greater challenge. On the consumer device level, though, the safety hazards aren't usually so great that a recall is necessary. In the case of an iPhone or another mobile handset, especially, reports of mobile device flare-ups are relatively few and far between.

"There have been no widespread reports of problems with the iPhone batteries, so I suspect this particular incident is more of an anomaly," said Morelli.

Man builds girlfriend $125 iPad.

We are great supporters of love here at Technically Incorrect.

 

Which is why this tale of amorous electronic ingenuity far beyond using pepper spray on Black Friday, brings us to a state close to stinging tears of wonderment.

The way China Daily hums it, Wei Xinlong, a college student at the Northeast Normal University in Changchun, really wanted to make his girlfriend, Sun Shasha, very happy.

He knew she would love to be in possession of the world's No. 1 passion possession, the iPad. However, he didn't have the money to effect that love. So he set about building an iPad from scratch.

So imagine something that looks a little like this, but thicker and with rhinestones.

(Credit: CC Pedro Eugenio Artunes/Flickr)

 

Like all resourceful students, he took to the Web and learned as much as he could about the way tablets are built.

Then he bought a touch screen and a battery--online, naturally--and set to work. He reportedly cobbled together parts from an old laptop he bought, also online: the motherboard, the display, and the memory, for example. Then he finished it off with some pretty little rhinestones all the way round the outside. (A picture is here.)

"One can read, download, watch movies, play games by just touching the screen," he told China Daily News.

Oddly, though the home-made creation is Windows 7 enabled, it does seem to have an Apple logo on it-- something that might amuse a few lawyers and stimulate a few counterfeiters.

The whole cost of the homemade machine was 800 Yuan, which, at today's inflated prices seems to be $125.

Sun Shasha, for her part, couldn't have been more deliriously happy. She told China Daily News: "This is the best gift I've ever had, and I will keep it forever."

Surely, with so many vast technical brains in the U.S., some dashing gent must have tried to make his lover a personally crafted iPad. 

Or has love lost its creative power over here in the West?

Cell-phone tracking mall operator has second thoughts

It seems that the Cleveland mall operator who last week declared it was tracking mall shoppers in California and Virginia via their cell phones has had a change of, perhaps, heart.

CNN reports that Forest City Commercial Management might have been encouraged to change its mind, heart, and attitude by a phone call from the office of Sen. Charles Schumer (D-NY).

The phone call might have directly relayed the substance of a press conference the senator gave on Sunday.

In it, he suggested that perhaps a more polite way to go about these things was to ask shoppers if they'd like to be part of such tracking, rather than posting small signs that told them the fun had already started.

Shoppers in Temecula, Calif., and Richmond, Va., had already been tracked on Black Friday. ("Oh, look! Mrs. Teagle has jumped on top of Johnny Hegel, trying to be first to the video games!")

However, today Forest City issued a statement that said: "We have temporarily suspended further trial of the technology while we work with the system developer on possible enhancements, and in deference to concerns raised by Senator Schumer."

The only way shoppers on Black Friday could have resisted tracking would have been to turn off their phones. But this would have been entirely inconvenient when so many would have wished to text all their friends to boast about the bargains they'd secured.

For its part, Forest City and the manufacturers, U.K.-based Path Intelligence insist that no personal information--for example, names and phone numbers--is obtained by the sleight of signal.

Indeed, Path Intelligence's fine Web site offers that the company is using this so-called FootPath technology merely to bring "online analytics to the offline world."

The only problem is that not everyone is yet comfortable with online creepiness. If we have to confront it in the physical world too, it just feels, well, double creepy.

Some would see no problem with tracking cell phones. After all, Google maps uses our cell phone location to help us get out of the three-foot lake we have accidentally wandered into after a night celebrating our third round of funding.

However, such tracking of our cell phones actually helps us. The difference with Forest City and Path Intelligence's approach is that they seem merely to be helping themselves.

Originally posted at Technically Incorrect

$4.23 a day: On the timing of a Black Friday iPad 2 purchase

Apple released the first iPad, the 16GB Wi-Fi-only model for $499, on April 4, 2010. The $499 iPad 2 came out 342 days later, on March 11, 2011.

Another way to look at it is that you paid $1.46 a day for the original iPad before it was obsolete.

We lack the proper sample size for true statistical accuracy, but based on the number of days into a new year Apple released its first two iPads, we can take the average of April 4 (92 days in) and March 11 (69 days in), and guess that the iPad 3 will arrive 81 days into 2012. That would be March 22. That would also mean a 377-day life cycle for the iPad 2.

If you agree to play along with that projection, then the $499 iPad 2 comes out to costing $1.33 a day before obsolescence. That's a relative bargain compared with the first iPad.

But what does that mean for the value of an iPad 2 purchased this holiday buying season?

Let's take Black Friday--November 25. There are 118 days between November 25 and our March 22, 2012 guess for the debut of an iPad 3. That translates to $4.23 a day, or more than three times the daily cost of an original iPad during its life cycle as a new product. For an iPad 2 purchased (or opened) on December 25, that's only 88 days until it's out of date, or $5.67 a day.

An old iPad, of course, doesn't shed all of its value once a new model emerges. Amazon currently lists used, original iPads for $320 and used iPad 2s starting at $439. I wouldn't count on the same conditions for the used iPad market this time next year, not least because there will likely be another iPad in the mix to drive prices down. But considering current used prices, as well as the time of year, the timing looks right if you have an iPad to sell.

I don't really suspect anyone will second guess your fiscal wisdom should you purchase them an iPad 2 this holiday. As a matter of fact, my wife and I just bought one (and I don't believe this house I'm now standing in is made of Gorilla Glass).

Still, we all know that Apple likes a steady release pattern. Anomalies do happen, but going by the numbers, history says you should wait until spring to get maximum value for your tabletdollar.

Galaxy Tab ban: 'Not terribly fair to Samsung'

The Samsung Galaxy Tab 10.1

(Credit: Samsung)

Samsung's Galaxy Tab may have suffered an injustice in Australia with the imposition of a ban on sales of the tablet there, at least in the eyes of one appeals court judge.

At a hearing today in Sydney in a patent case pitting Samsung against iPad maker Apple, Federal Court Justice Lindsay Foster questioned an October ruling that quashed Galaxy Tab 10.1 sales. Samsung wants to get that decision overturned to avoid what its lawyer called "dire consequences," according to a report from Bloomberg.

"The result looks terribly fair to Apple and not terribly fair to Samsung," Foster said of the decision to put the ban in place.

A decision could come next week on Samsung's request for the injunction to be lifted. The injunction was put in place by Federal Court Justice Annabelle Bennett as an intermediary step until a full patent case can be heard sometime next year. Apple reportedly has rejected a settlement offer from Samsung.

Apple is arguing that with the Galaxy Tab 10. 1, Samsung is "blatantly copying" the hardware and software designs of its iPad. It has made a similar charge that Samsung's Galaxy smartphones are too similar to Apple's iPhone. The patent battles between Apple and Samsung extend beyond Australia to other cases in Europe and the U.S.

In a tit-for-tat effort, Samsung wants a court in Australia to impose a ban on sales of the iPhone 4S.

Also in the Galaxy Tab hearing today, Samsung argued that commonalities in tablet design extend to a great many devices, and thus to undermine the rationale for the ban on its tablet.

"Not only are there many [similar] products on the market...and there was evidence before [Bennett] that the other devices had the same functionality as the Samsung tablet," Samsung's representatives told the court today, according to CNET sister site ZDNet Australia. "Evidence of functionality was given...in an affidavit, and [it] examined and depicted by video the functions of a whole range of manufacturers, including Acer, Asus, Pioneer, Samsung, Motorola."