There’s a storm of controversy flaring up over Carrier IQ, cellphone software that logs user activity and relays at least some of that information to wireless carriers. The carriers say they’ll use that data to improve their networks. But anything that’s peeking in on what you’re doing on a phone raises a host of privacy concerns, and many users are suspicious.
Carrier IQ is so controversial for a few reasons:
It’s hidden. Short of rooting, or removing certain software safeguards to obtain “administrator” access to your phone, it’s almost impossible to know if it’s there.
It’s everywhere. The software reportedly exists on millions of handsets on several carriers, including many Android phones and even some versions of the iPhone.
It’s not opt-in. Without the user’s explicit approval, the software is enabled and gathering data on the phone.
It’s voracious. According to Trevor Eckhart, who created the recent explosion of attention on Carrier IQ with a video he posted on YouTube earlier this week, the software logs every keystroke and incoming text message. However, there’s some question about how much of this information is actually sent to the carriers.
Here are the most important things you should know about this previously little-known piece of software:
What is Carrier IQ?
Carrier IQ, made by a Mountain View-based company of the same name, is software that runs in the background of your cellphone or mobile device. It’s there to examine how your information travels over your wireless provider’s network. Basically, it looks at how well your texts are going through, how fast your emails are getting delivered, and how much you’re clogging up things by watching Netflix all the time — with the intention of relaying that information to carriers so they can find ways to optimize their networks.
Wait a second… so the carriers are watching everything I do on my phone?
In a statement, Carrier IQ says the software is only “counting and summarizing performance, not recording keystrokes or providing tracking tools.” It goes on to say that it shares the data only with its customers, the wireless carriers, and that the carriers have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the carriers.”
The man who first pointed out the issue, Trevor Eckhart, demonstrated that Carrier IQ indeed was logging keystrokes on his HTC EVO 3D smartphone, among other activity. When Carrier IQ sent him a cease-and-desist letter for saying the software was acting as a keylogger, the Electronic Frontier Federation (EFF) came to his defense. Carrier IQ backed off, issuing an apology.
This all sounds, uh, bad. Is this legal?
Paul Ohm, a former prosecutor with the Justice Department says no way. He recently posted on Twitter: “If the Carrier IQ/cellphone rootkit story is accurate, this is a clear, massive, felony wiretap. Not a close case.”
Senator Al Franken, who raised privacy concerns over location tracking on cellphones earlier this year, also had a strong message for Carrier IQ, saying, “The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling. This news underscores the need for Congress to act swiftly to protect the location information and private, sensitive information of consumers. But right now, Carrier IQ has a lot of questions to answer.”
Is the software only on smartphones?
Carrier IQ says its software is on feature phones, smartphones, and tablets.
Is it on my phone?
Carrier IQ is running on 141 million devices in the U.S., according to InformationWeek. Among the major carriers, Sprint and AT&T have confirmed that they use it, and Verizon Wireless told Mashable that it doesn’t. Update: In an email to Mashable, a T-Mobile spokesperson wrote, “T-Mobile utilizes the Carrier IQ diagnostic tool to troubleshoot device and network performance with the goal of enhancing network reliability and our customers’ experience. T-Mobile does not use this diagnostic tool to obtain the content of text, email or voice messages, or the specific destinations of a customers’ internet activity, nor is the tool used for marketing purposes.”
On the manufacturer side, both RIM and Nokia made statements that said it doesn’t install or authorize its carrier partners to install Carrier IQ on phones. Nokia similarly denied installing Carrier IQ on its products. If you’re an iPhone owner, Apple told AllThingsD that it removed Carrier IQ “in most of its products” when it released iOS 5, with plans to remove it completely in a future software update.
How do I get rid of Carrier IQ?
If you have an Android phone, you can find out whether or not Carrier IQ is installed by using Eckhart’s Logging Test App, and you can use the app to remove the software for the cost of a dollar. The app requires rooting your phone, however, so proceed with caution and be warned: Some reports say it’s not always successful.
On an iPhone, it may already be absent from your iOS 5 device, according to Apple, but if you want to be 100% safe, TechCrunch says you should open your settings, go to “Diagnostics & Usage,” and select “Don’t Send.”
How likely is it that data collected by Carrier IQ could be accessed by a third party?
Considering there are no reports of this ever happening, you might conclude that it’s extremely unlikely. In its statement, Carrier IQ says the data it gathers is encrypted in its own network, or the carriers’ networks.
It’s unclear how secure the data stored on the phone itself is, however. Eckhart managed to access it, albeit on his own phone. It’s all hypothetical, but if you take into account the recent emergence of Android malware that’s able to “root” a phone, it’s impossible to rule out the idea that someone could design a piece of malware that could root the phone and access the data. In theory, it’s possible, but again, there are no reports that anyone’s done it.