[Update: While CNET's Declan McCullagh reports that Carrier IQ has been falsely accused of keylogging and that the private data being collected is not being transmitted to carriers by Carrier IQ, serious privacy issues still remain. Dan Rosenberg, the researcher McCullagh cites, doesn't let them off the hook entirely. Rosenberg notes in InfoWorld, "Carrier IQ does a lot of bad things. It's a potential risk to user privacy, and users should be given the ability to opt out of it." The issue remains that a lot of data is being stored on devices without user consent or the ability to opt out, leaving open the threat that the information could be compromised by unauthorized parties.]
When intrepid system administrator Trevor Eckhart released his disturbing findings about the Carrier IQ "analytics program," he touched off a real firestorm of questions and outrage about just how much we're being snooped on by carriers who use this software on mobile devices to collect data, ostensibly, data that provides performance feedback only, no doubt to improve our mobile "experience." However, Eckhart's research — conducted using his own HTC device — seemed very clearly to illustrate that Carrier IQ is providing much more.
Eckhart found evidence that the software was recording keystrokes and text messages of users and transmitting that data to Carrier IQ servers. There is evidence of the program in Android and Blackberry devices and others have claimed that it is also on Apple devices. According to the Washington Post report:
"[Up] through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone," wrote security researcher Grant Paul on his blog. He said that the program appears to be controlled by the "Diagnositcs and Usage" setting on Apple devices, meaning that it appears users can disable the program on those phones. He wrote that he's "reasonably sure that it has no access" to text messages, browsing history or Web history.
Unsurprisingly, anyone who is concerned about basic privacy rights, is outraged. And then there are those pesky wiretap laws that may have been violated, as pointed out by Forbes.com. You know, when the U.S. Senate starts talking about anything technology related, there's bound to be trouble. Senator Al Franken is on the case:
Senator Al Franken, chairman of the Senate subcommittee on privacy, technology and law, sent a letter to Carrier IQ on Thursday asking the company to address a number of concerns that have arisen after security expert Trevor Eckhart revealed the software might allow wireless carriers to spy on customers. "I am very concerned by recent reports that your company's software - preinstalled on smartphones used by millions of Americans - is logging and may be transmitting extraordinarily sensitive information from consumers' phones," Senator Franken wrote in his letter.
But if you want to get a sense of the problem, straight from the horse's mouth, watch Trevor Eckhart's video explanation, which is up on Youtube:
- CNET:How Carrier IQ was wrongly accused of keylogging
- CNET:What does Carrier IQ do on my phone—and should I care? (FAQ)
- ZDNet:Which phones, networks run Carrier IQ mobile tracking software?
- ZDNet: Finding and cleaning out your smartphone's Carrier IQ poison
- ZDNet: How to disable the Carrier IQ 'rootkit' on your iPhone
- CNET: Android researcher: Carrier IQ 'diagnostic' tool really a rootkit spy
Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and IT Security blogs.