Carrier IQ: You Cannot Control Your Phone

Here’s the takeaway from the Carrier IQ fiasco: Mobile phone owners have no clue what data-gathering tools are running on their devices, and little ability to control them.

The flap began late last month after Android developer Trevor Eckhart released a 17-minute YouTube video indicating that the little-known application was sending everything you do on your phone back to your carrier — including what websites you visit, what your texts say and what keys you press.

Carrier IQ sends innocuous data from your phone back to your carrier like when and where you sent a text message, when and where a call dropped, and what apps are draining your battery. That information helps carriers find problems. It doesn’t send your keystrokes, the content of your text messages or what websites you visit to your carrier. The log exposed on Eckhart’s video, captured on an HTC EVO 3D from Sprint, turned out to be a specific, one-off issue.

Carrier IQ is installed on an estimated 150 million mobile devices, but the specific problem Eckhart uncovered appears to be limited to a small handful of devices. Each carrier it works with chooses to gather different information from their customers’ phones, and the scope varies widely. But cell phone owners have been largely left in the dark about what carriers are collecting.




Carrier IQ: Phone Manufacturers are to Blame

This week, Carrier IQ concluded an internal investigation and released a report on its findings. The company’s analysis confirmed that its software does not, by itself, record users’ keystrokes. Instead, the report affirmed the Carrier IQ’s prior suspicions that the recording is being triggered on the handset manufacturers’ end.

Carrier IQ’s investigation was a response to developer Trevor Eckhart’s 17-minute YouTube video, which showed how the software secretly runs on his HTC EVO 3D Android phone and logs every key press, every text, and the full URL of every website he visits. It recorded that data even from websites that use security encryption designed to prevent that kind of tracking.

Carrier IQ’s report said that what the Eckhart video displays is actually the result of separate tools put in place by the handset manufacturer. The data recording was being done in what’s known as a debug log is intended to help software developers understand what happened if something goes wrong with an application. It stashes information in the phone’s memory and remains stored until the device is powered down.

Though Carrier IQ is installed on more than 150 million phones worldwide, the debug logging problem appears to only exist on HTC and Samsung smartphones. HTC did not respond to multiple requests for comment. A Samsung spokesman confirmed to CNNMoney that Samsung was storing data in its phones’ logs, but declined to say why the manufacturer had turned on that functionality.

Still, Carrier IQ isn’t completely off the hook. The company discovered that it had been accidentally sending users’ text messages to carriers. Its sudden thrust into the national spotlight illustrates that even those who build, sell and service our phones may not know everything that’s hiding inside Pandora’s box.



Image: Gizmodo