Dec 1st, 2011

Carrier IQ, although known about by the development community for a long time, has been in major news recently regarding its “mobile phone diagnostics” service that it provides to carriers and OEMs. Carrier IQ and those who use their services say no sensitive information is collected and that the device only logs and transmits data that directly helps carriers improve their service for consumers.

Developer Trevor Echkart thought otherwise. He demonstrated what’s happening inside Carrier IQ when certain actions on the phone are performed. The application logs sensitive data such as keystrokes, incoming text messages and more. Read more about his findings here. It hasn’t been confirmed whether or not this information is being transmitted to carriers, OEMs and themselves.

Senator Al Franken is concerned and curious, though. What better way to ease all of that with a concise letter asking them to disclose all of their practices and what sort of functionality their application really has? It’s hardly a full-blown investigation but coming from a Senator of our government it’s definitely going to capture the attention of Carrier IQ.

[I]t appears the software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches and the websites they visit.

These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.’

Hopefully this will let us know once and for all what the carrier IQ application really is doing. Trying to figure out what information it really is sending looks to be a near-insurmountable task for Trevor and any developer as sniffing encrypted packets isn’t a nice walk in the park so it’s up to a mild investigation like this to hopefully bring the truth (whatever it is) to light.

Oh, and Sprint uses Carrier IQ, but anyone who frequents their favorite phone’s section at XDA or probably already know that as there are a variety of ROMs available that highlights the absence of the service. Sprint says that they only get diagnostics data that’s necessary to improve their network and service and that no one outside of Sprint has ever received whatever it is that they get from Carrier IQ. [via GigaOM, Gizmodo]

[Update]: AT&T also uses Carrier IQ, while Canadian carriers Rogers and Telus do not.