Home / Security / Carrier IQ logs data for Diagnostic, its not a Keylogger

Carrier IQ logs data for Diagnostic, its not a Keylogger

Last week there have been lots of talk on Carrier IQ. The controversy started when Trevor Eckhart, a 25-year old system administrator discovered Carrier IQ software in one of the HTC devices.

What is Carrier IQ?- Carrier IQ a venture capital-funded startup in Mountain View, Calif., that makes diagnostic software for carriers.

The software was collecting user data, device location, applications data and even logging the keystrokes.

So Trevor Eckhart blog about it and ended up receiving legal threats from Carrier IQ. The company claimed that Eckhart was infringing on their copyright by reproducing some of their training material in his post and if he did not remove the objectionable material and apologize the company will take legal action against him. Fortunately for Eckhart, the Electronics Frontier Foundation(EFF) came to his aid.

Unfortunately for Carrier IQ, in their attempt to silence Eckhart, they ended up being the target of blogs, security researchers and the media. The company was accused of making rootkit keyloggers that records every single data on user’s smartphone. Some of the smartphones found with Carrier IQ software include HTC Legend, EVO 4G, Wildfire S, Motorola Droid X, Samsung Epic 4G, iPhone (OS4.3).

Nokia, RIM and Microsoft have claimed that none of their devices ever shipped with Carrier IQ’s software.

Mobile operators such as Sprint, AT&T and T-Mobile have admitted to using the software on their devices. However operators such as Verizon, Vodafone and O2 have denied using Carrier IQ’s software on their devices. We are not sure if the the mobile operators in Malaysia have any relationship with Carrier IQ.

Actually, its not a big deal.

If you look at what Carrier IQ does again- it develops diagnostic software for carriers. It means that only the mobile operators have access to your data.

Ironically even without Carrier IQ, the mobile operators still have access to most of your data. That includes the SMS, emails, the pictures, MMS or video that you send out from your phone.

But that does not mean there are no privacy concerns.

Carrier IQ is designed to be installed by carriers, can report back what applications are being used and what URLs are visited. Carrier IQ doesn’t make these decisions; rather, they sell configurable software and the carriers decide what options to enable.

The information is used to summarize how the device is working so carriers can improve their networks. It also helps them when they’re forced to field calls from outraged customers wondering why their handset keeps crashing or runs out of battery life in a few hours.

Below is a full statement from Carrier IQ regarding their software:

Mountain View, CA – December 1, 2011 – To clarify misinformation on the functionality of Carrier IQ software, the company is updating its statement from November 23rd, 2011 as follows:

We measure and summarize performance of the device to assist Operators in delivering better service.While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.

“Having examined the Carrier IQ implementation, it is my opinion that allegations of keystroke collection or other surveillance of mobile device user’s content are erroneous,” asserts Rebecca Bace of Infidel, Inc., a respected security expert.

Privacy is protected. Consumers have a trusted relationship with operators and expect their personal information and privacy to be respected. As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities.

Carrier IQ is aware of various commentators alleging Carrier IQ has violated wiretap laws and we vigorously disagree with these assertions.

Our software makes your phone better by delivering intelligence on the performance of mobile devices and networks to help the operators provide optimal service efficiency. We are deployed by leading operators to monitor and analyze the performance of their services and mobile devices to ensure the system (network and handsets) works to optimal efficiency. Operators want to provide better service to their customers, and information from the device and about the network is critical for them to do this. While in-network tools deliver information such as the location of calls and call quality, they do not provide information on the most important
aspect of the service – the mobile device itself.

Carrier IQ acts as an agent for the operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers – the mobile operators. Carrier IQ does not gather any other data from devices. Carrier IQ is the consumer advocate to the mobile operator, explaining what works and what does not work. Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps operators’ customer service to more quickly identify the specific issue with the phone.

However if you are still paranoid and want to uninstall Carrier IQ, refer the details below:

Apple Devices: Settings App > General > About > Diagnostics & Usage > Don’t Send

Android Devices:

About Kugan

Kugan is the founder of MalaysianWireless. He has been observing the mobile industry since 2003. Connect with him on Twitter: @scamboy