You might have seen this term been written in many tech sites lately. Carrier IQ is a piece of software that has been found in many handsets. A video turn viral when security researcher Trevor Eckhart released a video detailing what it is and more disturbing, what it can do.
Carrier IQ software is wildly used on mobile devices (deployed in over 141 million devices) to help companies track the usage of the mobile handsets to see where they are doing well and where they aren't. It collects data from the performance of the mobile handsets, but as we can see in Trevor's video it does a little bit more.
The video shows how it can track almost anything you do, from SMS texts to pressing keys and more. This is a direct violation of privacy policies as there is no way to turn it off. The "app" is shown running on the background, pre-installed with no way of disabling it.
The Company explanation
Who has it?
Latest Android handsets like HTC, RIM BlackBerries (although they deny it), Nokia (although they deny it) and iOS devices.
Although RIM and Nokia deny it, they express that they do not allow carriers to insert the code. So if its there, then somebody is putting it there.
Later HTC continued:
Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we'd advise them to contact their carrier.
It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application.
Apple issued a statement shortly after iPhone Dev Team member Chpwn stated that Carrier IQ is found on iOS 5.
We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.
If you have an Apple device running iOS 5 you can disable it, even though is not doing anything according to Apple by going to Settings >About > Diagnostics & Usage and mark "Don't Send".
What about the carriers?
Verizon said they are not putting Carrier IQ on the devices they are carrying. Meanwhile AT&T, Sprint and T-Mobile had this to say.
We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool," she said via email.
The information collected is not sold and we don't provide a direct feed of this data to anyone outside of Sprint.
T-Mobile utilizes the Carrier IQ diagnostic tool to troubleshoot device and network performance with the goal of enhancing network reliability and our customers’ experience . T-Mobile does not use this diagnostic tool to obtain the content of text, email or voice messages, or the specific destinations of a customers’ internet activity, nor is the tool used for marketing purposes.
Carrier IQ issued a statement saying that they are in compliance.
We measure and summarize performance of the device to assist Operators in delivering better service.
A security expert from Infidel Inc does not agree with the findings Eckhart recorded.
Having examined the Carrier IQ implementation it is my opinion that allegations of keystroke collection or other surveillance of mobile device user’s content are erroneous, Rebecca Bace of Infidel Inc.
Judge by yourself. One of the biggest problems here is that there is no opt-out option so the customer knows that this tool is on the phone and that you can deny the use of it. Do you really think we are being spied? this year we have seen many complaints regarding privacy on mobile devices and it really is a frightening matter.