A researcher named Trevor Eckhart found that a logging software from a company named Carrier IQ is installed on a number smartphones from multiple manufacturers and carriers, and it tracks every keypress, message and location and sends this information out – all without the user’s knowledge.
Trevor’s research using his Android-running HTC EVO 4G smartphone led to the discovery of this software from Carrier IQ.
You can watch the video of his demonstration below:
Carrier IQ claims that the information collected is to help improve the user experience on mobile devices.
Who Is Guilty?
Carrier IQ is not built into any mobile OS, but is installed at the point of customisation or manufacture by either the carrier or device manufacturer.
HTC have come out to say that they run an opt-in system and have no direct involvement in installing Carrier IQ ion their devices. They point at the carriers.
Microsoft have boldly stated that Carrier IQ is not installed on any Windows Phone. See tweet by Microsoft’s Joe Belfiore.
Apple, who have been recently hit by a privacy storm, have stated that they stopped supporting Carrier IQ in iOS 5, and would completely remove it in future updates.
Through its Blackberry Advisor, Mark Sohm, RIM has stated that it does not pre-install the CarrierIQ application on BlackBerry smartphones and has never done so or authorised its installation.
Eckhart’s original report has shown that Carrier IQ has been discovered on HTC and Samsung devices, and that CarrierIQ counts Sprint among their domestic carrier clients. AT&T also appears to use Carrier IQ on their devices: a member of the XDA-dev forums called AT&T and was told that Carrier IQ is indeed preloaded on the HTC Vivid. Other carriers, including Verizon, Vodafone, and O2 have all denied that they use Carrier IQ on their devices.
Nokia and RIM were also among the companies that Eckhart claimed CarrierIQ provided their “mobile intelligence” services to, but they have vociferously denied the connection. The Verge also reports that the three devices in Google’s Nexus line are free of the logging service, so Nexus devotees can rest easy.
RIM has responded that “If the CarrierIQ application is present on a BlackBerry smartphone, it does not mean that the CarrierIQ application has “hacked” the BlackBerry platform. It means that either the BlackBerry smartphone user or the user’s BlackBerry Enterprise Server admin explicitly installed the application and authorized it to run“.
The whole Carrier IQ scandal seems to be a US-only issue, so not everyone in the world has to worry about it. Of course, if your phone was imported from the US, especially if branded by one of the fingered carriers, chances are that you are in the picture too.
Stay In the Know
If you use an Android phone – and it is rooted or you are willing to root it – you can run a quick check to find out if Carrier IQ is installed on your phone.
Download Eckhart’s free Logging Test app. Once installed, hit ‘CIQ Checks’ to run the test.
If manufacturers and carriers need user feedback, it should be an opt-in system, not something that runs hidden in the system. Also, exactly who is the info sent to, and what is it used for? How safe are the users from exposure?
The US justice department has shown interest in this, and talks of lawsuits are already in the air. This can get very messy, but in my opinion, the public has a right to know what is going on.
This will certainly get more interesting. Comments welcome!