“We’re on a fishing boat out at sea and we’re catching fish that are too small and they go back in. And they go back in for two reasons: One, the holes in the net don’t catch small fish, i.e. the filtering, and/or the fish is the wrong type and it gets thrown out of the boat, hopefully while it’s still alive.”
The above is not some sort of zen meditation exercise. It is the explanation offered by Carrier IQ VP of marketing Andrew Coward used to describe the way the analytics software works. Coward skillfully admits that Carrier IQ does log things such as key strokes and location data while downplaying the extent to which this information is leveraged. It’s a shame that he chose a fishing metaphor, as the concept doesn’t stray too far from the sort of phishing associated with malware known for stealing personal data…but I digress.
Coward goes on to explain how information that is not useful to the work that Carrier IQ is doing, such as regular every day text messages, is thrown out quickly. Carrier IQ does collect info on the number of successfully delivered texts from any one number (to monitor network reliability, assumedly), but that the contents of text messages are “never stored and never transmitted.” Likewise, key strokes are monitored for character combinations such as codes entered while speaking to tech support. These “earmarked” codes help with Carrier IQ’s diagnostics.
There is much more from Coward’s interview with The Register, a must-read for anyone who has been following the events of the past couple weeks. We’ll leave it up to the reader to decide if Carrier IQ’s defense checks out or if they are simply covering their tail.