The crash logs are nothing. If you want more serious examples, try watching the phone over wireless with tcpdump (or whatever you choose). It astounds me that people are using these devices.

Some gems:

- Using apples Weather App, look at the weather for your area and note the phone does a post with your IEMI _after_ receiving the forecast.

- The phone will frequently (and for no obvious reason), ping various apple assets including

- http://iphone-wu.apple.com/7day/v2/latest/lto2.dat
- http://www.mac.com
.. etc.

Hell, I setup an email account and saw the phone grab some file from apple.com.

I’m not a crazy nut, I’ve SEEN and have logs (dumps) showing the phone doing this even without jailbreaking.

If you don’t believe me, try for yourself. If you have the ability to do so, I’d highly recommend setting up a pix and using the cisco vpn client on the phone. Then watch the fun (especially while roaming/not over wireless).

I’ve no idea what the phone does over the carriers network but I suspect the same if not worse.

Don’t even get me started on cydia either. If people had ANY idea what those applications really do in the back, the iPhone wouldn’t be allowed any where near a corporate network. It isn’t what you can see, it’s what you can’t or refuse to.

And no, I’m not for apples Killswitch, which is what I think apple is waiting to justify its use on.

Also, the first time I connected the iPhone after such a crash, iTunes asked me whether it had my permission to submit the crash data to Apple. Did you not receive the same notice? The message contained a “Don’t ask me this again” checkbox, so now such events are submitted automatically.

I don’t have a problem with my iPhone phoning home, though.

Thanks for the thoughtful reply. I am well aware that the segment of my console logs that I provided to demonstrate the issue was simply that of application hangs and crashes. However, this is merely a snapshot of the logs and doesn’t include any of the more sensitive information that was captured nor did the image include the portion of the logs that identifies what has actually been “submitted” somewhere…

The word submitted actually appears multiple times in the logs and I cannot imagine that such a term is there for no reason. Further, it was obvious to me that the ip address and other identifying information was also captured. Please don’t assume that because I preface the article with the statement that I am not a developer that this also means I am not technical.

I’ve been using computers since 1976 and know a number of programming languages. It has simply been quite some time since I was actively involved in actually writing anything more involved than web pages or CMS template revisions. That said, having been a systems administrator for more than a decade I’ve seen my share of log files across a large array of machines and OS’s and I am confident that the information that I reviewed on the log that was the impetus for the original post did indicate capture and transmission of information that I did not agree to share with any third party least of all information being transferred from one device to another and then transmitted without my knowledge using an internet connection that I pay for.

So, while I don’t disagree at all with your contention that the data does have a use and that collection on my computer is probably the best location for that data to be stored, what I still have a problem with is the fact that Apple has done this collecting and worse the transmission back to base without disclosing that this was taking place or asking my permission to collect this information in the first place..

Oliver Starr

First of all, what you can see there are crash reports. They record information about a process which crashed, along with ancillary (non-identifiable) information about the state the device was in at the time. SOME of these MIGHT be submitted to Apple automatically, such as crashes in the modem baseband, because that’s a really big problem which they want to know about immediately. However, there’s nothing to say that the information has been sent to Apple.

Look at the information in those files; here’s an example from my computer:

Version=2
IncidentIdentifier=9D88F621-55A4-452D-8B21-8E3BBD639B85
Date=2008-12-22;AP=5G77;BB=02.28.00;Model=N82AP;Machine=iPhone1,2
12:40:31 -0500 ST [clm] disconnect: duration=178;cause=kNoError;ceer=0;txPower=-9;maxTxPower=0;rat=2;cgi=302:720:60010:18805
15:37:21 -0500 ST [clm] disconnect: duration=76;cause=kNoError;ceer=0;txPower=-13;maxTxPower=0;rat=2;cgi=302:720:60010:20114
17:50:23 -0500 ST [clm] disconnect: duration=152;cause=kNoError;ceer=0;txPower=-28;maxTxPower=0;rat=2;cgi=302:720:60010:18446

I don’t see any identifying information there. I just see a record of baseband connection failures. No logging of the call I make or the apps I’ve installed. And I only see them recorded fairly sporadically, too.

Now look at the information in your screenshot. Do you really think there’s something vulnerable in there? The only app you’re running is NYTimes, an app I’ve been told is prone to frequent crashes. It doesn’t look as though you’ve got any ‘evil hacking programs’ running, so it looks like the crash was legitimate in nature. Note that this file is NOT sent anywhere, it’s just stored somewhere you can reach it should you request support from the NYTimes app authors.

The other items in there are crash logs. That’s all, just crash logs. They list a stack backtrace of all threads in the app that crashed, in non-symbolified format (i.e. it’s a list of addresses, not function names). Those don’t get sent anywhere, but they do get copied to your Mac because, well, how else are you going to be able to send them to the developers to get the crash fixed? Telepathically read the data from the iPhone?

The console log, which records anything that applications choose to log for informational or debugging purposes, appears to be completely unavailable outside of using the Xcode development tools to access it directly from the (tethered) iPhone. This in particular is making my job difficult right now, because I need to see if any errors were logged on a user’s iPhone, but I can’t find that out. He’s not getting a crash, so there is no information stored anywhere that he can provide to me.

In short: it’s all your data. Delete it from your computer if you don’t like it, but things like crash reports and backed-up data needs to be stored somewhere, and your computer is the right place, no? As opposed to sending it somewhere outside your reach?

Your point would be good if I had activated my device via iTunes, however I along with millions of others activated my iPhone 3G at an Apple store.

During the activation process I did sign a document – the new two year contract required by AT$T for service provisioning to this particular locked device – I read it as well – and unless I missed a major term in the agreement there was nothing in it that authorized Apple to log information about applications, performance or content on my phone, transfer these logs to my computer during the synchronization process, store this information on my computer without my knowledge (and also without my consent), and then again without my knowledge or permission, utilize my Internet connection to transfer this data to Apple.

As I stated in a prior post concerning the backdoor that Apple clandestinely placed in the device to allow them to shut down “malfunctioning” applications if Apple felt that allowing (or more to the point creating) these methods of access and information retrieval was really of benefit to the end user then why did they attempt to keep this information secret?

If Apple felt it was morally “right” to have a back door why did they not point it out as a benefit that differentiated the iPhone from others by virtue of the fact that Apple could “protect” the end user from malicious code by virtue of said backdoor? Or in the case of the logging and reporting that I have just discovered, why is it not shown as part of the synchronization process? I mean, when you sync the iPhone to iTunes each step of the process is displayed: syncing addresses, syncing mail, syncing iTunes music, syncing photos… so why doesn’t it display syncing system performance data or syncing crash logs or even just syncing third party application information?

Of course the “why” is rhetorical. Apple doesn’t make this activity transparent to the end user because Apple doesn’t want the end user to know that it’s happening.

Further, the idea that I would have to submit to a violation of my privacy in order to have a telephone activated is simply absurd – providing a consumer with technology that he or she purchased should never give a company the implicit right to log information about what is stored on said device or how said device is being used by the consumer unless – and this is a very big “unless” – the company makes the end user conspicuously aware that such logging and transmission of this information is taking place.

Further, in the event that a company would still be willing to capture this information albeit with the consent of the consumer- they should take every possible precaution to make certain that no personally identifiable information is flowing back to the company or which could be intercepted by a third party at some point in the process.

Apple is clearly not doing this and is, in fact, very obviously capturing personally identifiable information including the IP address of the machine as well as the user name of the account holder. This of course ties (probably automatically) to Apple’s iTunes user database and from there they have everything including your credit card number and physical location and your billing address. How many people do you think WANT Apple to have all this detail about them? How long until Apple does what the carriers have been doing and gives this data over to the federal government for some more illegal spying on the population?

It’s somewhat amazing to me that more isn’t being made of this issue. With the uproar about the domestic wiretapping and other telco-based illegal spying that has gone on, I’m truly surprised that what Apple is doing isn’t national news. After all it’s not like there are only a couple thousand iPhones out there now. There are millions and millions – certainly enough that this is a large public interest story.

How Apple manages to continue to get away with this sort of bad behavior without so much as a spanking by the media really makes me scratch my head and wonder if the mainstream press is nothing more than a big bunch of syncopates all dancing to the beat of their corporate oligarchs.

There has to be a limit established beyond which a company simply has no right under any circumstances to gather data about me, my activities, my preferences or the contents of my personal files.

Remember that almost every contract has a provision that states that any tenet of the agreement to be found unenforceable does not invalidate the remainder of the agreement. Why do you think that is? Could it just be that it’s because companies know that they are pushing the boundaries of the law and are trying to protect themselves in the event that these boundaries prove less elastic then they’d hoped?

For me the bottom line here is simple. Apple needs to offer up a truly convincing argument as to why it is necessary to collect this information and they also need to show me that given that such a need really exists, that the information will be collected in such a way that it does not compromise my privacy or security or diminish in any way (including by taking up space that would otherwise not be used)the utility, value or my enjoyment of anything I purchase. Finally, Apple should be compelled to make this process known to the consumer, and patently obvious during any collection or transmission process.

If Microsoft has the courtesy to request permission to capture information about an application hang why can’t Apple act thusly as well?

Oliver

And yes, I know many people don’t read those. But this is a reason why you should.