Saturday, 3 December 2011

Your Phone May Be Spying you? What is Carrier IQ??

What is Carrier IQ?

Carrier IQ is described as a “embedded analytics company” and Carrier IQ is its product. The company boasts that the software is currently found on upwards of 140 million devices around the world.
So, what is it?
Very plainly, Carrier IQ is a piece of software that has been installed on devices, either by carriers, manufacturers or at the request of carriers, and it gathers data to pass along  to its clients.
What kind of data?
Well, according to Trevor Eckhart, the guy that found it installed on Nokia, BlackBerry and Android phones, it can track everything from keystrokes to phone calls to your location.
But according to Carrier IQ, the software only does good. Says Andrew Coward, Carrier IQ’s VP of Marketing:
“If there’s a dropped call, the carriers want to know about it,” says Coward. “So we record where you were when the call dropped and the location of the tower being used. … Similarly, if you send an SMS to me and it doesn’t go through, the carriers want to know that, too. And they want to know why — if it’s a problem with your handset or the network.
We don’t read SMS messages. We see them come in. We see the phone numbers attached to them. But we are not storing, analyzing or otherwise processing the contents of those messages.
What’s actually gathered, stored and transmitted to the carrier is determined by its end-user agreement. And as I’m sure you’re aware the carriers are highly sensitive about what data they’re allowed to capture and what they’re not allowed to capture.”
The data, according to Coward, is generally stored for around 30 days. So, it would appear that the data collected isn’t anything harmful and it’s only done so when users agree to it.
But what about Eckhart’s video?
Coward says:
What the Eckhart video demonstrates is that there’s a great deal of information available on a handset. What it doesn’t show is that all information is processed, stored, or forwarded out of the device.
Alright, kind of, sort of reassuring. We guess.

Who Uses Carrier IQ?

Now that this issue has spiraled into a full-fledged privacy scandal, manufacturers and carriers have started speaking out about Carrier IQ. Here is how carriers and manufacturers have responded.
First, the major U.S. carriers:
AT&T:
“In-line with our privacy policy, we solely use CIQ software data to improve wireless network and service performance.”
So, if you have an AT&T handset, you might have Carrier IQ installed on your phone.
Sprint: 
“We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool.
The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.”
Sprint, like AT&T, admits that it uses Carrier IQ but that it doesn’t use it for any nefarious purposes.
T-Mobile:
T-Mobile, as far as we know, has yet to release a statement concerning Carrier IQ.
Verizon
“Reports about Verizon using Carrier IQ are false. Verizon Wireless does not add Carrier IQ to our phones, and the reports we have seen about Verizon using Carrier IQ are false.”
And unlike AT&T and Sprint, Verizon categorically denies that Carrier IQ lives on any of its phones. Interesting.

Ok, so how about the manufacturers? Here’s what they had to say.


Apple:
“We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”
Translation: Apple has stopped supporting it with iOS 5 and will be eradicating it with a future update.
BlackBerry/RIM:
“RIM can attest that it does not pre-install the Carrier IQ application on BlackBerry smartphones and has never done so. Furthermore, RIM does not authorize its carrier partners to install the Carrier IQ application on BlackBerry smartphones before sales or distribution and has never done so. RIM also did not develop or commission the development of the Carrier IQ application, nor is RIM involved in any way in the testing, promotion, or distribution of the CarrierIQ application.”
So, why did Eckhart find it running on BlackBerry OS?
That remains to be seen.
HP/webOS: 
“There is no carrierIQ in webOS.”
That statement comes from HP webOS Chief Architect Brian Hernacki. So it looks like those of you with a Pre or a Pixi or Veer or what have you are fine.
HTC:
“Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier.
It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application.”
Interesting. HTC is placing the blame on carriers.
But which?
The manufacturer failed to elaborate.

Microsoft/Windows Phone:
“Since people are asking– Windows Phones don’t have Carrier IQ on them either.”
That comes from the mouth of Microsoft’s Joe Belfiore. So, it would appear, those of you with a Windows Phone 7 or 7.5 device are safe.
For now.
Motorola:
As far as we know, Motorola hasn’t commented on the situation.

Nokia:
“CarrierIQ does not ship products for any Nokia devices.”
That is a statement from the company supplied to Reuters. Like RIM, Nokia denies using Carrier IQ, even when Eckhart found it to be there. Carriers fault? Damage control? It’s hard to say what exactly is going on here.
Samsung:
According to BusinessInsider, Samsung, like HTC, has said that its devices have Carrier IQ on board but that it’s the carriers that insisted on it being installed. It also stated that it doesn’t collect any of the data, only carriers do.

So, What Now?

This is probably going to get much worse before it gets any better. Carrier IQ is currently under investigation by the U.S. Senate and it’s possible that the service might violate violate federal wiretap laws.
That means that the answer to “Is my phone spying on me?” is far from over. It’s a question that will likely be answered with more spin then a Barry Zito curveball. And what about the other questions, questions like:
What kind of communication, if any is there between OEMs and carriers? Have carriers been installing this without their knowledge?
The responses from Nokia and RIM sure make that seem like a possibility.
What happens if the 140 million people who unknowingly had this software installed on their device don’t want it anymore?

No comments:

Post a Comment