Carrier IQ Gets Fishy with their Defense, Admits Data Collected but Downplays Privacy Issues

“We’re on a fishing boat out at sea and we’re catching fish that are too small and they go back in. And they go back in for two reasons: One, the holes in the net don’t catch small fish, i.e. the filtering, and/or the fish is the wrong type and it gets thrown out of the boat, hopefully while it’s still alive.”

The above is not some sort of zen meditation exercise. It is the explanation offered by Carrier IQ VP of marketing Andrew Coward used to describe the way the analytics software works. Coward skillfully admits that Carrier IQ does log things such as key strokes and location data while downplaying the extent to which this information is leveraged. It’s a shame that he chose a fishing metaphor, as the concept doesn’t stray too far from the sort of phishing associated with malware known for stealing personal data…but I digress.

Coward goes on to explain how information that is not useful to the work that Carrier IQ is doing, such as regular every day text messages, is thrown out quickly. Carrier IQ does collect info on the number of successfully delivered texts from any one number (to monitor network reliability, assumedly), but that the contents of text messages are “never stored and never transmitted.” Likewise, key strokes are monitored for character combinations such as codes entered while speaking to tech support. These “earmarked” codes help with Carrier IQ’s diagnostics.

There is much more from Coward’s interview with The Register, a must-read for anyone who has been following the events of the past couple weeks. We’ll leave it up to the reader to decide if Carrier IQ’s defense checks out or if they are simply covering their tail.

[The Register via Engadget]

Continue reading:

  • Keith Mcelhinney

    Dear CarrierIQ,
      In reading of your defense it comes to mind that I don’t know much about you and your company.  Please send me every employees records along with social security information, mothers maiden names, full addresses, every phone call and text message they have ever sent and the password to every single website that they visit.  I am only using the information to validate if you are a company that can be trusted with all of my information.  Don’t worry I won’t do anything bad with the information.  You can validate my credibility by just accessing the records you alread have on me.

    Thanks – Keith

    • Kyle Walker


    • Covert_Death

      hmmm ill take a copy of the CEO please… and this andrew COWARD guy, really like his last name, its fitting

    • nemesys06

      Can’t forget their credit card information.

  • Kevin Tatar

    Ok you can probably go tell this story to five year old if you want him to believe you. Why would you collect text messages and other information if at the end of the day you throw it out? This is all a lie. I’m glad you bastards got caught. 

  • sc0rch3d

    ok verizon…waiting to see your witty commercial. you could probably capture quite a few att/sprint defects from this.

  • mesername

    See, what we do is, we collect the fish’s location, swimming habits, fish(key)strokes, favorite [feeding] sites, pictures of the fish, all the known school-mates, and virtually everything else ever on the fish….and then we go fishing; we catch as many fish as we want.

    Second comment…what sort of VP of marketing makes a fishing reference where the customer is the fish.  Fish get hooked, gutted, cleaned, and eaten by the fisherman….AND IS HE SAYING WE SMELL?!

  • Nemesys06

    They should have made this an app people could voluntarily installed. Maybe I made a mistake leaving tmobile.

  • MarcusDW

    These waters need a fishing license which gives you PERMISSION to take fish out of the water.  

    Dumbest fuckin defense ever for something this serious.

  • c4v3man

    Are you really expecting a better response from a Coward?

    • essohdee

      i see what you did there

  • ScottColbert

    We can blame CIQ as much as we want, but they wouldn’t be in business if the carriers didn’t use them. When you have a car accident, you don’t blame Ford for it. 

    • c4v3man

      Personally I would say it’s more like purchasing a Colt AR15, intended to put a bullet where you want it within 400 yards. When I shoot it, I don’t expect it to hit targets in the shooting lanes next to me, while also hitting the target I’m shooting at. I expect it to hit the target I’m shooting at exclusively. 

      While the carriers are absolutely to blame, I think a large part of the problem is that CarrierIQ is collecting far more information than the carriers are requesting (if the carriers are to be believed). Honestly this comes off as lazy, since instead of writing the software to collect the information requested by the carrier, CarrierIQ simply collects everything, and uses some sort of configuration to decide what gets sent to the carriers. 

      Carrier IQ needs to stop using a net, and start using a single hook with bait specifically tailored to the data it’s requested to gather. 

  • Sgs Captivate

    Im not trippin. I flashed Apex 9.3 a LONG time ago and the carrier iq malware is NOT on my phone. Check if its on yours by using lookouts new app to detect carrieriq on your device. Search it on market.

  • jonathanbond110111

    Carrier IQ: look. We saw your data, but there is no privacy issues. Promise

    Customer: ???

  • BrianHatesYou

    The fishing metaphor was put forth by the interviewer. The quote here was just the guy’s answer. Kind of a misleading post by Mr. Krause. Odd that most of you didn’t bother to read the article and find that out for yourselves. You might have also found that this is all much ado about nothing. No matter. When the internet is up in arms, reason flies out the window.

    • Randroid

      Yeah, data being collected and sent to some company I don’t know exists, without my consent by a keylogger among other tools… definitely “much ado about nothing”.

      If you have no problem with a company having your credit card number, bank account number, every password to every account you view on your phone, and basically everything else you do on your phone – you need to take a good look at the world my friend. Whether they admit to using this data or not, people should not be trusted with this amount of information.

      • BrianHatesYou

        You need to read the article, my friend. Nobody has your credit or banking info. Nobody has your passwords. This is what I mean by reason going out the window. Read the article. If you read it, read it again. Slowly. The answers are there.

        • Dandapani

          Key strokes are logged. These might be cc numbers, etc.

        • Randroid

          I have not only read this article, but I have read many others. ALL key presses are being logged, and potentially sent somewhere. And as I said above… “Whether they admit to using this data or not, people should not be trusted with this amount of information.”

          As for me, it doesn’t matter what they are doing. I have a Droid 2, which is on Verizon, who has said (and proved to be telling the truth) that they do not use CarrierIQ. Even if they did though, I have CM7 installed, so I in no way have this software on my phone. BUT, it’s still an issue that I am following, because something needs to be done about it for everyone else.

  • Covert_Death

    so what your telling me is that i have to accept and agree to known permissions just to install a facebook app on my phone so it can use data and mess with my contacts to make my experience better, BUT for carrier IQ, i don’t get ANY warning about ANYTHING they have permission for and it’s all intended to be hidden from the user so they never know?!?!?!

    this is total BS

  • Andrew

    Why would a company need a net for information on a smartphone? Is it really that hard to, say, put a command in that only reads keystrokes WHEN YOUR ACTUALLY talking to customer support? I mean it might just be me, but I don’t think Sprint changes their phone number much. And there is no option to opt out of their data collecting, I’m sorry, but I thought when I bought something it actually became mine… I call shenanigans!!!

  • david brand

    As far as i know this isnt on tmobile, at least not on the G2…..but as ive said in other forums, if someone is intent on getting your info, or bank accounts or whatever, there are much more efficient ways of doing it. Your laptop or desktop on your home network is more vulnerable and has more info on it then your lowly cell phone…believe me , no one is interested in your emails or texts, youre not that special. 

  • Richey

    If they never store or transmit the contents of our text messages, why is their software reading the contents of the messages? I want to see what comes out of these investigations.