Who does, or does not, use the Carrier IQ 'rootkit' in their devices?

Apple: We Stopped Supporting Carrier IQ With iOS 5

As the realization sinks in with various organizations that "Holy sh*t, we'd better say something about Carrier IQ," folks are doing just that. A number of entities have come forth and either confirmed --- or denied --- that they have anything to do with the now renowed "rootkit," as a researcher first called the logging software.

First off, the 800-pound gorilla in the room, Apple, has confirmed that it "used to" use Carrier IQ, but dumped it with the recently released iOS 5. Of course, that doesn't make anyone who hasn't upgraded their device to iOS 5 happy --- and some can't upgraded their devices to that version.

Apple said, "We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so."

Reportedly, the Nexus One, Nexus S, and Galaxy Nexus do not carry the software either. Neither does the Motorola Xoom. That makes sense: those devices were all supposed to be "genuine Android devices," without add-ons like Sense or Touchwiz --- or Carrier IQ, we surmise.

Next up is Nokia. Although originally reported to have phones with Carrier IQ embedded in them, the Espoo, Finland-based company said, “Nokia is aware of inaccurate reports which state that software from CarrierIQ has been found on Nokia devices. CarrierIQ does not ship products for any Nokia devices, so these reports are wrong.”

RIM also says that despite initial reports that BlackBerry devices were "infacted" with Carrier IQ, its devices are IQ-free.

Ah, but Carrier IQ was supposed to help carriers determine issues on their devices. It was supposed to help fix issues such as dropped calls, etc., but the recent report by developer Trevor Eckhart found that it was actually logging keystrokes and far, far more.

Among the top three U.S. carriers, Verizon has confirmed that it's not using Carrier IQ in any of its handsets. Using software provided by XDA Developers, which only works on rooted devices, by the way, we have determined that neither a Droid X nor a Droid 3 we tested carried Carrier IQ.

However, both AT&T and Sprint have confirmed that their handsets DO have Carrier IQ.

AT&T and Sprint insist that the software is being used only to improve wireless network performance. That's hard to swallow when one looks at the video evidence, although just because Carrier IQ is recording keystrokes doesn't mean it's sending those keystrokes off to the mother ship. T-Mobile has not yet commented.

OEMs HTC and Samsung say their devices carry Carrier IQ because carriers have asked for it. Motorola has not commented.

So, a quick run-down of who does and does not cast their lot with Carrier IQ, among the top handset manufacturers and U.S. carriers:

Carriers:

Verizon: No

AT&T: Yes, for network improvement purposes

Sprint: Yes, for network improvement purposes

T-Mobile: No comment, yet

Handsets:

Samsung: Yes

Apple: not any longer

HTC: Yes

Motorola: No comment

BlackBerry: No

Nokia: No

Just as with any of the other security and privacy FUBARs that have occurred in the past, the big problem is lack of information. Neither the carriers nor the majority of OEMs have been forthcoming enough on Carrier IQ.

Certainly, Carrier IQ hasn't helped. It first threatened to sue Eckhart, but then backed down after he received aid from the Elecronic Frontier Foundation (EFF).

This is not over, not by a longshot, and we wouldn't be surprised to see a number of ROM upgrades coming down the pipe ro remove Carrier IQ. That includes Apple, since they admitted that it's no longer used in iOS 5, but some devices are stuck on 4, and they would, if they so choose, need to release updated iOS 4 builds to remove Carrier IQ.

 

 

 

o