Carrier IQ, although known about by the development community for a long time, has been in major news recently regarding its “mobile phone diagnostics” service that it provides to carriers and OEMs. Carrier IQ and those who use their services say no sensitive information is collected and that the device only logs and transmits data that directly helps carriers improve their service for consumers.
Developer Trevor Echkart thought otherwise. He demonstrated what’s happening inside Carrier IQ when certain actions on the phone are performed. The application logs sensitive data such as keystrokes, incoming text messages and more. Read more about his findings here. It hasn’t been confirmed whether or not this information is being transmitted to carriers, OEMs and themselves.
Senator Al Franken is concerned and curious, though. What better way to ease all of that with a concise letter asking them to disclose all of their practices and what sort of functionality their application really has? It’s hardly a full-blown investigation but coming from a Senator of our government it’s definitely going to capture the attention of Carrier IQ.
[I]t appears the software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches and the websites they visit.
These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.’
Hopefully this will let us know once and for all what the carrier IQ application really is doing. Trying to figure out what information it really is sending looks to be a near-insurmountable task for Trevor and any developer as sniffing encrypted packets isn’t a nice walk in the park so it’s up to a mild investigation like this to hopefully bring the truth (whatever it is) to light.
Oh, and Sprint uses Carrier IQ, but anyone who frequents their favorite phone’s section at XDA or AndroidForums.com probably already know that as there are a variety of ROMs available that highlights the absence of the service. Sprint says that they only get diagnostics data that’s necessary to improve their network and service and that no one outside of Sprint has ever received whatever it is that they get from Carrier IQ. [via GigaOM, Gizmodo]
[Update]: AT&T also uses Carrier IQ, while Canadian carriers Rogers and Telus do not.
The can-o-worms has been opened. This is gonna get ugly.
For CarrierIQ yes, for me…I am excited to see more attention being given to such a serious matter….CarrierIQ…better set aside a few hundred millions for the class-action lawsuit that is soon to follow!
p.s. Is this an America only thing btw? Or is it being installed globally?
Seems like an America only thing.
Thank god senators are beginning to ask questions. Hopefully this will get hammered hard and either removed or massively trailed back to not include your specific details like sms, website, pws, etc…
Really should only log things like which apps run, and the overall environment. That’s all that is really needed for logging/error checking.
its Al Franken. possibly the first politician who actually gives a flying sh*t about real world goings on.
It looks like its pretty easy to remove with an app that the researcher that found the issue released on the Android Market. I found it here http://www.android-advice.com/2011/remove-carrier-iq-ciq-keylogger-on-android/
I don’t think get root then install custom is easy for every users. And we shouldn’t have to go that far to get rid of worm-like app that’s installed by our carriers!
Nice to see a government official get involved
Well, given the questionable acts of government officials in the not to distant past, I too would want to know who is reading what. Just sayin’.
I think Al is sincere but he’s still new to politics and have not tasted the carrot that most politicians are use to and make their millions..
FINALLY my state senator doing something useful!
Al Franken to Carrier IQ: You’re bad enough, you’re dumb enough, and doggone it, people hate you!
my question is why do they have to spy on us to get diagnostic info? come one sprint, and anyone else using this, if your really doing diagnostic, USE A DIAGNOSTIC DEVICE! i fully purchased my phone, it is NOT yours and it is NOT some tool that you get to hack into whenever you want info… hire some field techs and have them run around gathering data for you, i don’t get paid by so you I’m not going to do your diagnostic work and other crap for you. get this shit off my phone, NOW
heh al franken. i have a napkin from an airport consession stand with his autograph on it.
The department of homeland security ordered all the carriers to have this installed. Why else would Android, ios, et al. It was a “modification” of the patriot act. Why just in the US? Because our government is moderating us. Why else install it on the fastest growing medium there is? There you conspiracy theorist. Have fun.
Even if the company isn’t sending this data back to themselves, the fact that it’s logged to the system logs is a major security problem. Ever noticed how many apps have access to this system log data? The common excuse given is something along the lines of “application debugging to improve the user experience”.