Carrier IQ: Not Just an Android Issue

Unless you’re currently trekking through the Gobi, you’ve probably caught some of the fuss about Carrier IQ, accused of conduct resembling a rootkit more than legitimate logging. I think that some of the indignation has been a little overdone, as I commented here, but there are certainly legitimate reasons for concern.

Of course, there’ve been many concerns raised around security and Android in recent months, as Dan Raywood mentioned here, and indeed I let off a little steam myself, though that was mostly at Chris DiBona’s ill-judged attack on the anti-malware industry. But this isn’t all about Android, though Trevor Eckhart’s analyses are mostly focused on HTC devices: some sources claim that Carrier IQ’s software is running on Nokia devices, Blackberries and even iPhones (I’ll come back to that).  
An article by Tim Worstall notes some inconsistency in these reports: for example, Research in Motion claims that it "does not install nor authorize its carrier partners to install “Carrier IQ” monitoring software on its BlackBerry smartphones", though I have to agree with John Gruber that this statement isn’t quite the same as saying that the software isn’t installed on any BBs. Worstall also suggests that its use on Android is restricted to North America.
iPhone-wise, though, it appears that iPhones do carry it, though chpwn’s blog indicates that the Apple implementation isn’t quite the same as the Android descriptions I’ve seen. More to the point, it includes some pretty detailed information on how it can be disabled, if it isn’t already. Caveat: I don’t have an iPhone of any description, and can’t therefore try these out personally.

What’s Hot on Infosecurity Magazine?