Cell phone companies are scrambling amid growing concerns over the Carrier IQ (or “CIQ”) software that has shipped preinstalled (and undisclosed) on many, many smartphones across several carriers, as demands for full disclosure and accountability increase, Federal representatives demand answers, and some suggest that the use of the software, which is alleged to log keystrokes, websites visited, and location, violates Federal wiretapping law. Trevor Eckhart, who first discovered and outed what Carrier IQ was doing, went so far as to call it a “rootkit”.
So far carriers AT&T and Sprint have admitted to using it, as have smartphone suppliers Apple, HTC, and Samsung.
Verizon, Research in Motion (RIM) and Nokia have declared that they do not use it.
What this means is that, at least in theory, if your smartphone is a Nokia from Verizon, or a Blackberry, you should be fairly safe.
We say “in theory” because Eckhart claims to have found Carrier IQ on devices from RIM, Verizon and Nokia.
And if your phone is from AT&T or Sprint – or you have an HTC or Samsung phone, or an iPhone – and particularly if you have one of these phones from AT&T or Sprint, the odds are good that Carrier IQ is on your phone and has been tracking what you do.
Carrier IQ has been surreptitiously installed on an estimated 141 million smartphones.
If you have an Android phone, Eckhart has developed an app that will test to see if Carrier IQ is installed and running on your phone. But, it will only work if you have rooted your phone. You can find the app here.
Apple has said that no device that is running iOS 5 has Carrier IQ running on it, except for the original iPhone 4. Says Apple:
|No Paywall Here! The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?|
We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.
In Sprint’s mea culpa, Sprint says that “Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service. We also use the data to understand device performance so we can determine when issues are occurring and how to resolve them. We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.”
Says Charles King, an analyst with Pund-IT, “The fact that they’re surreptitiously collecting keystroke information, websites visited and the general location of the user at the time they’re accessing different websites or information with their smartphone, without the express permission of the users, is stupid beyond description.”
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Meanwhile, Senator Al Franken has written to Carrier IQ’s CEO, Lawrence Lenhart, expressing serious concern, and saying, in part:
I am very concerned by recent reports that your company’s software—pre-installed on smartphones used by millions of Americans—is logging and may be transmitting extraordinarily sensitive information from consumers’ phones, including:
• when they turn their phones on;
• when they turn their phones off;
• the phone numbers they dial;
• the contents of text messages they receive;
• the URLs of the websites they visit;
• the contents of their online search queries—even when those searches are encrypted; and
• the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.
It appears that this software runs automatically every time you turn your phone on. It also appears that an average user would have no way to know that this software is running—and that when that user finds out, he or she will have no reasonable means to remove or stop it.
These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.
We agree with both King (“stupid beyond description”) and Senator Franken (“potentially a very serious matter”), and we will keep our readers posted as the story develops.
Finally, Carrier IQ has issued a statement about the matter, which says, in full:
Carrier IQ would like to clarify some recent press on how our product is used and the information that is gathered from smartphones and mobile devices.
Carrier IQ delivers Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers. We do this by counting and measuring operational information in mobile devices – feature phones, smartphones and tablets. This information is used by our customers as a mission critical tool to improve the quality of the network, understand device issues and ultimately improve the user experience. Our software is embedded by device manufacturers along with other diagnostic tools and software prior to shipment.
While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools. The informationgatheredbyCarrierIQisdonesofortheexclusiveuseofthat rd customer, and Carrier IQ does not sell personal subscriber information to 3 parties. The information derived from devices is encrypted and secured within our customer’s network or in our audited and customer-approved facilities.
Our customers have stringent policies and obligations on data collection and retention. Each customer is different and our technology is customized to their exacting needs and legal requirements. Carrier IQ enables a measurable impact on improving the quality and experience of our customers’ mobile networks and devices. Our business model and technology aligns exclusively with this goal.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!