All hell broke loose yesterday when it was discovered that some Android phones (and BlackBerries and others) are recording every keystroke you make. Now, references to the same software have been discovered in Apple's iOS. It's gimped, but it's there.
Last night, prominent iOS hacker chpwn tweeted that he had found reference to the same Carrier IQ software in iOS 3. After just a little more poking and prodding, it was confirmed that these references exist all the way up to modern day iOS 5, they're just under a different name: /usr/bin/awd_ice2. But wait, before everyone starts returning their iPhones (none of you were going to do that anyway), there's a bit of good news.
It seems that the data Carrier IQ has access to is much more limited than it is on Android. From chpwn's blog: "...it does not appear the daemon has any access or communication with the UI layer, where text entry is done." That is extremely good news if it proves to be true, because it would mean that iOS wouldn't be logging your passwords, emails, SMS messages, etc. Even more good news, it seems that you may be able to turn this off by simply disabling "Diagnostics and Usage" in iOS's Settings, which would be a relief.
At the same time, it does appear that it logs your name, phone number, carrier information, some info about the calls you are making, and your location (if Location Services are enabled). There may well be more, they just haven't found it yet. We'll update as we learn more. [chpwn via The Verge via TheNextWeb]
Update: Apple's weighed in on the Carrier IQ poo-storm, and says it's basically washed its hands of the controversial rootkit with iOS 5. Post-iOS 3 software had been found to have references to Carrier IQ, but Apple says it's going to completely wipe out whatever's left in a future update.
Here's the full statement from Cupertino:
"We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so."
This flies against HTC's statement that some carriers require Carrier IQ on all handsets, but then, Apple's got a lot more muscle to ensure that it's in control of its hardware and software. Seems like one of those times that Apple being able to bully everyone into getting its way is a good thing for you. [All Things D via The Next Web]