Growing Concerns Over Carrier IQ – What it Is and How to Tell If Your Phone is Likely to Have It

The Internet Patrol - Patrolling the Internet for You

Cell phone companies are scrambling amid growing concerns over the Carrier IQ (or “CIQ”) software that has shipped preinstalled (and undisclosed) on many, many smartphones across several carriers, as demands for full disclosure and accountability increase, Federal representatives demand answers, and some suggest that the use of the software, which is alleged to log keystrokes, websites visited, and location, violates Federal wiretapping law. Trevor Eckhart, who first discovered and outed what Carrier IQ was doing, went so far as to call it a “rootkit”.

So far carriers AT&T and Sprint have admitted to using it, as have smartphone suppliers Apple, HTC, and Samsung.


Verizon, Research in Motion (RIM) and Nokia have declared that they do not use it.

What this means is that, at least in theory, if your smartphone is a Nokia from Verizon, or a Blackberry, you should be fairly safe.

We say “in theory” because Eckhart claims to have found Carrier IQ on devices from RIM, Verizon and Nokia.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

And if your phone is from AT&T or Sprint – or you have an HTC or Samsung phone, or an iPhone – and particularly if you have one of these phones from AT&T or Sprint, the odds are good that Carrier IQ is on your phone and has been tracking what you do.

Carrier IQ has been surreptitiously installed on an estimated 141 million smartphones.

If you have an Android phone, Eckhart has developed an app that will test to see if Carrier IQ is installed and running on your phone. But, it will only work if you have rooted your phone. You can find the app here.

 

Apple has said that no device that is running iOS 5 has Carrier IQ running on it, except for the original iPhone 4. Says Apple:

We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

In Sprint’s mea culpa, Sprint says that “Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service. We also use the data to understand device performance so we can determine when issues are occurring and how to resolve them. We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.”

Says Charles King, an analyst with Pund-IT, “The fact that they’re surreptitiously collecting keystroke information, websites visited and the general location of the user at the time they’re accessing different websites or information with their smartphone, without the express permission of the users, is stupid beyond description.”

Meanwhile, Senator Al Franken has written to Carrier IQ’s CEO, Lawrence Lenhart, expressing serious concern, and saying, in part:

I am very concerned by recent reports that your company’s software—pre-installed on smartphones used by millions of Americans—is logging and may be transmitting extraordinarily sensitive information from consumers’ phones, including:

• when they turn their phones on;
• when they turn their phones off;
• the phone numbers they dial;
• the contents of text messages they receive;
• the URLs of the websites they visit;
• the contents of their online search queries—even when those searches are encrypted; and
• the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.

It appears that this software runs automatically every time you turn your phone on. It also appears that an average user would have no way to know that this software is running—and that when that user finds out, he or she will have no reasonable means to remove or stop it.

These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.

We agree with both King (“stupid beyond description”) and Senator Franken (“potentially a very serious matter”), and we will keep our readers posted as the story develops.

Finally, Carrier IQ has issued a statement about the matter, which says, in full:

Carrier IQ would like to clarify some recent press on how our product is used and the information that is gathered from smartphones and mobile devices.

Carrier IQ delivers Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers. We do this by counting and measuring operational information in mobile devices – feature phones, smartphones and tablets. This information is used by our customers as a mission critical tool to improve the quality of the network, understand device issues and ultimately improve the user experience. Our software is embedded by device manufacturers along with other diagnostic tools and software prior to shipment.

While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools. The informationgatheredbyCarrierIQisdonesofortheexclusiveuseofthat rd customer, and Carrier IQ does not sell personal subscriber information to 3 parties. The information derived from devices is encrypted and secured within our customer’s network or in our audited and customer-approved facilities.

Our customers have stringent policies and obligations on data collection and retention. Each customer is different and our technology is customized to their exacting needs and legal requirements. Carrier IQ enables a measurable impact on improving the quality and experience of our customers’ mobile networks and devices. Our business model and technology aligns exclusively with this goal.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

One thought on “Growing Concerns Over Carrier IQ – What it Is and How to Tell If Your Phone is Likely to Have It

  1. Actually, … living in a “very remote” area of the US (called “The Heartland”), … and having worked in technology – and the media – for decades; I have little problem with the way CIQ is claiming to work. We all need, and would benefit from, a way of telling – beyond our constant complaint to deaf ears – these “carriers” that their signal(s) suck at important times and in important places, … especially while in motion.
    Besides, from all the innumerable conversations it has been our misfortune to be exposed to in stores, on sidewalks, malls, restaurants, etc., I can not feel that any company or group wants to log into and track such inane conversations (if “conversations” is even appropriate in this context).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.