Are you concerned about your phones actions being recorded by Carrier IQ?
Make no bones about it, the following article is potentially one of immense concern to many users of mobile devices.
And centres around a little known mobile analytics’s company called Carrier IQ.
So what exactly is Carrier IQ?
Trevor Eckhart, a security researcher and other mobile security personnel and firms have found information about Carrier IQ that seems to suggest that the unknown software sits very quietly at the back of devices and is pretty difficult to remove.
In this video Trevor Eckhart explains his findings and concerns:
Carrier IQ runs hidden in the background of a users mobile device and does not require any current authorisation to function.
On the Android operating system the software can track and report on the following:
Keystrokes, storing text messages, location tracking, recording telephone calls, and other areas.
What the software looks to do is to record users movements and actions under the pretence that this will be used by manufacturers to solve bug issues and other device specific manufacturing issues relating to the 140,000,000 devices that the software is already installed on.
140 Million devices have the Carrier IQ software installed on them:
So as you may imagine the company and it’s software are not particularly in the good books of the likes of mobile security researchers, legal critics and privacy advocates.
Partners allegedly include:
Which phones and carriers have Carrier IQ installed?
So what do the carriers and device manufacturers think of this technology and how open are they all about using it?
HTC blames carriers:
In a shrewd move by HTC, they simply pass the buck to the carriers. But have said that they will now look to an opt out option, which possibly should have been always available.
“It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application.”
“Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier.”
Sprint and AT&T statement:
Sprint and AT&T have confirmed that they do use Carrier IQ on their handsets, and cite “network” performance as the sole reason for it’s adoption.
Joe Belfiore has stated that Windows phones do not use carrier IQ.
“We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”
VZW corporate communications statement:
Jeffrey Nelson of VZW corporate communications has confirmed that Carrier IQ isn’t on any of its handsets.
UK device owners not affected:
Apparently UK device owners are not affected by the Carrier IQ software we will report more on this in a later article related solely to the UK.
Opt-In Policy missing:
Wiretap laws have been violated according to one legal professional.
Paul Ohm was a former prosecutor for the Department of Justice and is currently a professor at the University of Colorado Law School.
Mr Ohm has stated that based on the companies “assumed” prior (all things being so hush hush) collection of users text messages data, then there could be calls for a class action related to privacy, especially taking into account the lack of an opt in option:
“In the next days or weeks, someone will sue, and then this company is tangled up in very expensive litigation. It’s almost certain.”
What you can do to remove the software:
Trevor Eckhart has released an application called TestApp (pro and free), which requires your phone to be rooted. Once done, there appears to be quite a good chance that you can remove the software entirely, another way you can halt Carrier IQ is to install a custom ROM.
Now check out the dislikes on this company video:
Thank to Engadget a little more clarity can be obtained related to the information contained in the above video:
“it is not recording keystrokes”
Apparently contradictory to Carrier IQ’s assertion that it “does not collect keystrokes” is the company’s patent application #20110106942, published May 5, 2011. An excerpt of the claims follows:
2. A method for collecting data at a server coupled to a communications network, comprising: transmitting to a device a data collection profile, wherein the data collection profile comprises a plurality of parameters defining a set of data to be collected by the device, a first condition under which the set of data is to be collected, and a second condition under which the set of data is to be transmitted; and receiving from the device the set of data collected in response to the second condition.
10. The method of claim 2, wherein the set of data relates to an end user’s interaction with the device.
11. The method of claim 10, wherein the interaction with the device comprises the end user’s pressing of keys on the device.
We will keep you posted on the future legal wrangles of this company and assess outcomes as and when they occur.Anthony Munns