Web Development

Carrier IQ's MSIP: Spyware according to some

Carrier IQ's MSIP client is on millions of smart phones. More than a few people are wondering why, and what to do about it.

Smart phones and associated apps are coming under increased scrutiny from privacy groups. Still, software from Carrier IQ - Mobile Service Intelligence Platform (MSIP) - escaped their watchful eye. What's more, the "who's who" of telecom providers - except Verizon -- have been using MSIP since 2006. That tidbit was also missed.

Then, Trevor Eckhart started poking around the Carrier IQ website and the innards of his Android smart phone.

Initial optimism

Eckhart was able to get a stock copy of the MSIP client:

"It has surveys users can fill out if they get a dropped call, browser ends unexpectedly, etc. It makes its presence known by putting a checkmark in the status bar. This could potentially be pretty useful information from a network administration standpoint, and is made clear to users it is running."

The following slide is a screen shot of the stock MSIP client app. Note the encircled check box (courtesy of Trevor Eckhart):

Eckhart's initial conclusion:

"Great! Less dropped calls, better network experience. It sounds good on the surface."

Wait a minute

Remember I said the above slide was from the stock version of MSIP version. Well, Eckhart started checking out his HTC phone. What he found was nothing like what was described on the Carrier IQ website.

The MSIP client remains hidden, runs as "user root", has access to all sorts of sensitive data, and can phone home. Eckhart's website offers the following as proof:

If that sounds familiar, it should. According to Wikipedia:

"A rootkit is a stealthy type of malicious software (malware) designed to hide the existence of certain processes or programs from normal methods of detection and enables continued privileged access to a computer."

The only debatable difference from the Wiki definition is whether MSIP is malicious or not. Eckhart describes why he likens MSIP to malware on his Android Security Test website, Part One and Part Two. In addition, Eckhart provides a YouTube video, further explaining his research.

Second source

I wouldn't be worth much if I didn't second source Eckhart's claims. I knew that the Electronic Frontier Foundation (EFF) was involved, so I wandered over to their website. Peter Eckersley's post Some Facts about Carrier IQ offered the following:

"This post will attempt to explain Carrier IQ's architecture, and why apparently conflicting statements about it are in some instances simultaneously correct. The information in this post has been synthesized from sources including Trevor Eckhart, Ashkan Soltani, Dan Rosenberg, and Carrier IQ itself."

Read what Eckersley has to say. It sheds significant light as suggested by the slide below (courtesy of EFF and Parker Higgins):

What does it mean?

To make sense of all this, I decided to ask the experts. William Francis for one, I never take an Android step without my fellow smart-phone investigator.

Kassner: William, what do you think about the Carrier IQ debacle? Francis: I'm not really sure about the Carrier IQ thing. My gut says it encrypts data before packaging it and sending over the network to carriers. The YouTube video shows someone looking at debug logs locally. Debug-out messages shouldn't be left in production released code, but it's not uncommon.

My impression; the real issue with Carrier IQ falls on the carriers. Carrier IQ is designed to be able to collect a lot of information. But the carrier configures what information, and how much actually gets collected before shipping the phones.

Unless Carrier IQ is transmitting unencrypted data over the public cell network, I think the carriers should be answering any questions about privacy concerns. The carriers being the party who chose to include the app on the phone's read-only memory and the party who ultimately decided what info will be collected and transmitted back to them.

Kassner: What would you do if the MSIP client was installed on your phone? Francis: Good question. To my surprise, the Carrier IQ MSIP app is not there. So I don't have a good answer. My gut tells me I'd wait for the carrier to do the right thing and update my device with a Carrier IQ-free or at least a more-transparent version of Carrier IQ in the mix.

I really believe Carrier IQ has been largely exaggerated as a threat. And, for your average phone user, the complications of removing it aren't worth it.

Thanks, William.

On the surface, William's hope that carriers do the "right thing" seems prophetic. Sprint is removing the app from phones under their control. One reason might be to avoid a lawsuit naming them along with Carrier IQ, Apple, Samsung, Motorola, AT&T, and T-Mobile.

One more opinion

Next, I talked to the people at Lookout Mobile Security (you will see why in a bit). Alicia diVittorio, in charge of communications, responded:

Kassner: Why are telecom providers using Carrier IQ's MSIP system? diVittorio: Carrier IQ is diagnostic software that comes pre-installed on some mobile devices. Mobile network operators use information gathered on your location and call activity to improve network coverage and reduce instances of dropped calls.

We feel the tone of most commentary on the subject has improved from initial speculation of a ‘rootkit' to rational evaluations of what personal data is collected, and when. One of the most informative examples of the latter was Peter Eckersley's December 13th overview of the Carrier IQ architecture at EFF. (Note: diVittorio and I referenced the same EFF post.)

What's the plan?

Well, I'm thinking the first step is to see if the dang thing is installed on our phones.

That's why Lookout and diVittorio are here. They have an app for determining if the MSIP client is installed:

"It can be difficult for non-technical users to determine whether or not their handset is affected. We've developed the Carrier IQ Detector to aid in this process in an effort to keep mobile users fully informed about what their phone is doing."

With Lookout Carrier IQ detector installed, you will see one of the following slides:

I had a few more questions for Alicia:

Kassner: Experts are saying detection is difficult to accomplish, what does the Lookout app do to determine if the Carrier IQ software is installed? diVittorio: We built a repository of all the different files that could be related to Carrier IQ, and used this in our Detector App. Kassner: Developers are claiming they can disable Carrier IQ. Is that possible? If so, why doesn't Lookout offer that capability? diVittorio: Carrier IQ software is deeply integrated with handset firmware -- you would have to root your phone in order to remove it. As you well know, side effects of rooting a device have the potential to put users at further risk of malware infection while making devices ineligible to receive firmware updates in the future.

Thanks, Alicia.

Remove MSIP client

Eckhart agrees with diVittorio:

"The only choice we have to ‘opt out' of this data collection is to root our devices because every part of the multi-headed CIQ application is embedded into low-level, locked regions of the phones."

With that in mind, I started looking at what's required. William was not kidding. Removing the MSIP client is far from simple. For example, here's one method I found:

  • First, the phone needs to be rooted.
  • Next, Logging Test App is installed to locate the files.
  • Then, the Logging Test App is updated using Pro Key to unlock the removal process.
  • Finally, the offending MSIP client software can be removed.
Update: Member Michael Jay reminded me I should mention that when talking about removal, I was only concerned with Android phones. Removing the MSIP client from Blackberry and iPhone devices is relatively easy as mentioned at Geek.com.

Final thoughts

For the most part, I'm going to let the dust settle on this. I do have a question though: If code, such as Carrier IQ's MSIP is benign, why be so secretive?

About

Information is my field...Writing is my passion...Coupling the two is my mission.

17 comments
BALTHOR
BALTHOR

I see svc host.exe as the biggest virus in the computer.It looks to be cross linked to system functions.In other words you end process for svc host.exe and some computer function will shut down.There was some commotion about in the past.Somebody got it out as a virus then somebody complained.

Michael Kassner
Michael Kassner

You have provided much to think about. Thank you and I am glad you are back. We were worried about you.

BALTHOR
BALTHOR

Not no space in the nuclear dimensionless point and not electron fringe mass space but subspace between the electron shells.

BALTHOR
BALTHOR

I see the Cell Phone as a digital transceiver.You have zero to twenty four volts.The digital sine wave is pulsed out between zero and twenty four volts.It looks like analog but it isn't.An IP address at the header and everybody is different.You could never have enough power if it was analog.The higher the clock frequency the better the wave.This digital method seems to me to be a node like transmission.It might not even be electron.How would you study a Cell Phone?A first approach would be study the software.Maybe erase everything and see what you've got.You're not finished until you have a total true understanding.

BALTHOR
BALTHOR

I think that my computer has a rootkit in it.I know that the BIOS is real big and deep but it appears that somebody else and not I has access to it.There's the designers of the phone,then the manufacturers of the phone,then I suppose it's tested and shipped.Somewhere in there Jason gets his hands on it and there she goes.It could even be the stuff we purchase isn't brand new.I don't like the word code.

Craig_B
Craig_B

In this Information Age, it seems like it???s even more important to have full disclosure and transparency of information especially in an organization of power and trust, as word will get out in another way. It used to be that an organization could simply state ???we collect anonymous data to help improve your experience???. This statement may be quite true and for the majority of people they are fine with it however someone will find out that this anonymous data contains other data they would not reasonably expect to be included, such as location or ip address, etc. When this happens, the person who discovered it presents it in a way of their choosing and gets picked up by a bunch of others who present it in different ways yet again. The bottom line is information is presented in a variety of ways which may or may not truly represent the original idea, concept or intention. It seems if the original organization would simply present their statement ???we collect anonymous data to help improve your experience??? and then provide an example of the data they collect or at least a definition of what anonymous data is then we could make better choices to begin with. Do we want to purchase the product to begin with, knowing the risks/rewards of making the choice? We can make informed decisions, instead of after the fact having concerns about a product. Or maybe our innocence is lost again, as we now can???t trust anyone but then again that is choice we can make.

authorwjf
authorwjf

To get on my soapbox for a moment, the real issue that makes me crazy with this whole CIQ fiasco is simply how painless it is to design in an "opt out" up front. As a developer for mobile apps, in a world where privacy and security concerns are always an issue, I never release an app that doesn't allow the user to turn off features. Its so easy to plan for at the onset, and if you set the default state to on, and your features really are there with the best interest of the user experience in mind, a very small percentage of people who download your app will actually take the time to disable said feature anyhow. Just allowing the user the option to disable any sort of metric collection your app does puts most users at ease. It gives your software transparency and its such a simple effort for the programmer that when a developer or a carrier puts anything on a consumer device without such basic configuration parameters as an on/off switch its just inexcusable in my mind.

Michael Kassner
Michael Kassner

"The idea is very good but without Expensive Safeguards it's also very Dangerous." I am an eternal optimist, but it's really becoming a drag.

HAL 9000
HAL 9000

In relation to your finial question [i]"I do have a question though: If code, such as Carrier IQ???s MSIP is benign, why be so secretive?"[/i] It's like all software installed for the end user benefit. It's hidden so as it doesn't Confuse or Worry the End user. I've lost count of the number of people who expect the Police to show up because their Computer told them that they Performed an Illegal Operation, or the ones who want to know if they are Girl Scout or Chocolate Chip Cookies that they are getting when their computer tells them about Cookies. Anything that is put on any Device is their for your Benefit as it helps your Telco provide a better service don't you trust anyone? :^0 :D :^0 :D :^0 :D :^0 :D [/Maniacal Laughter] Actually I'm being very serious above as that is exactly the reasoning that the [b]Powers That Be[/b] at the Telcos used originally, but being Accountants who thought that they where getting something for almost free they completely failed to comprehend any Adverse Outcomes, just like that School handing out NB's with Web Cams and Software that can be remotely accessed to take pictures with the Web Cams to see where any Lost/Stolen NB where. The idea is very good but without Expensive Safeguards it's also very Dangerous. ;) Col

Michael Kassner
Michael Kassner

New post: There is lots of confusion regarding Carrier IQ and MSIP. Find out what and more importantly, if the MSIP client is on your phone.

Michael Kassner
Michael Kassner

My poor attempt pales in comparison to what you so eloquently stated. Well done.

Michael Kassner
Michael Kassner

That is what many have been fighting for when it comes to behavioral advertising.

Michael Kassner
Michael Kassner

With Blackberry and iPhone devices, it is easy. Androids are the tough one. The link you mentioned is referring to the same approach for Android phones that I outlined above. Thanks for tweaking me on this. I should have been clearer in the original article.

Michael Jay
Michael Jay

I did not read the whole article I linked to as my concern is mainly for the Blackberry as I support several hundred Blackberry customers split about 50/50 ATT and Verizon. The Verizon version should not be an issue but I will be checking the ATT models. Note to self: always read the whole article I link to. While I do not believe this to be a large issue, any perceived security problem is something I am concerned about. Thanks for another interesting blog, keep them coming.

Michael Kassner
Michael Kassner

You reminded me -- nicely, I might add -- to make sure and tell what devices I was referring to. Thank you.