Software from “Mobile Intelligence” provider Carrier IQ has been found on the iPhone, following the widely-publicized discovery of its software on Android phones. According to The Register, Android developer Trevor Eckhart posted a YouTube video on Monday showing the software running on an HTC EVO handset. In the video, Eckhart demonstrated the software’s ability to record key presses, over a cellular data connection and Wi-Fi, and even when entering the information onto a page using SSL encryption. In addition, the software appeared to be capable of forwarding text messages to the company’s servers, all without any user notification. Unsurprisingly, the findings resulted in a media uproar, leading Carrier IQ to post an obtusely-worded media alert (PDF Link) on its website, which has since been “translated” into common language by Daring Fireball’s John Gruber.
Now, Jailbreak developer chpwn—otherwise known as Grant Paul—has discovered the underpinnings for Carrier IQ software on Apple’s handsets. According to Paul, the software’s name was changed between iOS 3 and iOS 4, and with iOS 5, requires users to opt-in by enabling the “Submit Logs to Apple” option during the setup sequence. As such, it can be disabled on iOS 5 by selecting the “Don’t Send” option of the Diagnostics & Usage area of the Settings app (Settings > General > About > Diagnostics & Usage). Compared to the version running on Android devices, however, Paul says the software does not appear to have any access to the UI layer, where text entry is done; it can and does, however, record users’ phone numbers, carriers, countries, and locations. The latter happens only if Location Services are enabled; Paul admits that it is possible the software could collect and transmit other information that he has yet to discover. Apple has yet to make a statement on the matter.
Update: Apple has since issued a formal response on the matter to AllThingsD. “We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update,” the company said in its response. “With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”