Advertisements

Why Carrier IQ is doomed

“Carrier IQ: How the Widespread Rootkit Can Track Everything on Your Phone, and How to Remove It” — That was the title of one of LifeHacker’s posts this Wednesday, which is just one of countless articles on the now-controversial carrier metric-gathering tool Carrier IQ that some are calling “rootkit” and “spyware.”

” … a hidden application on some mobile phones that had the ability to log anything and everything on your device—from location to web searches to the content of your text messages. The program is called Carrier IQ, and … it actually comes preinstalled by the manufacturer of your phone.” — LifeHacker.

Developer Trevor Eckhart posted his YouTube video detailing the proported workings of the Android software, which demonstrates Carrier IQ monitoring keypresses, SMS messages, and browsing, even when the phone is not connected to a carrier network, and transmitting this data to Carrier IQ’s servers. Supposedly this data is then aggregated and then transmitted to the carriers for network and user-experience improvements. Though it’s not necessarily what it is doing, it’s about what it’s capable of doing. Read Eckhart’s detailed article here for his detailed breakdown the capabilities of Carrier IQ.

So I’ll say it once more — Carrier IQ is doomed — at least in its present incarnation. It’s not a matter of if, it’s a matter of when.

LifeHacker, HowToGeek, TechCrunch, BBC News, and others have all run articles on Carrier IQ, typically with one main focus: Detecting it and allowing the user to remove or disable it.The U.S. Senate has started asking questions, and it’s fairly certain that there will be lawsuits. After all, it’s not what you’re doing, it’s what you’re capable of doing:

“Senator Al Franken … has asked Carrier IQ to clarify exactly what its software can do. Franken specifically wants to know what data is recorded on devices with Carrier IQ, what data is sent, if it’s sent to Carrier IQ or carriers themselves, how long it’s stored once received, and how it’s protected once stored.” — The Verge.

If you want Eckhart’s app for checking/removing it on Android, you can get it here. Non-root users, or those having trouble with the above tool, can get a tool that detects but cannot remove Carrier IQ here.

What will be the end result?

If the lawsuits have their way, Carrier IQ is likely to have it’s functionality reduced at the very least, as well as a full disclosure to its presence. It could also mean a visible option to disable it — and that’s if handset manufacturers and carriers continue to use it. At the very most, it will be a huge, drawn-out ordeal, which is very likely. Update: The lawsuits are already underway:

“Carrier IQ, the new poster child for (alleged) smartphone privacy violations, has been hit with two class-action lawsuits from users worried about how the company’s software tracks their smartphone activity.” — ArsTechnica.

If the tech blogs are of any influence (and they are), people will start removing Carrier IQ from their handsets, or switching away from Android to handsets that don’t have Carrier IQ on them. Apple has already stated they are planning to drop Carrier IQ completely in future versions of iOS. RIM has stated that they never had Carrier IQ on BlackBerry handsets to begin with. Microsoft states Windows 7 phones don’t even support Carrier IQ.

Phones aren’t the only devices Carrier IQ may be installed on. Users have started asking questions about tablet devices such as the Nook as well, and the Samsung Galaxy Tab 7 can be rooted to check for the presence of it.

Highly motivated consumers may even choose to switch away from AT&T, Sprint, or T-Mobile, who use Carrier IQ, to Verizon, who states they do not.

You can bet that, over time, the pressure from customers and negative press towards Carrier IQ will cause the carriers to reconsider the value of it, especially since they might be the ones paying for it in the first place. If you want one last laugh, be sure to read John Gruber’s “translation” of the Carrier IQ press release from November 16th.

Have any thoughts of your own to share regarding Carrier IQ, or would like to share what devices you have or have not found it on? Please feel free to share them in the comments below. Thank you!

Advertisements

, , , , , , , , , , , , ,

  1. #1 by Nimmy on December 2, 2011 - 12:14 pm

    The one problem I have with Carrier IQ and determining if it is on my phone or not, is that based on what I’ve read, you need to root your phone in order to check for it.

  2. #3 by Nimmy on December 2, 2011 - 12:15 pm

    But as I use Verizon, it appears that I do not have to worry about it.

  3. #4 by Nimmy on December 2, 2011 - 12:45 pm

    The app appears to work. My phone does not have the Carrier IQ Rootkit/Spyware! w00T! back to porn surfing!

  4. #5 by Vexed Nick on July 30, 2012 - 9:36 pm

    Now would be a great time for you to plug:

    PDroid

    :-D

  5. #6 by Vexed Nick on July 30, 2012 - 9:40 pm

    worried about tracking and yet you use market links ? which implies you have mated your phone with gmail, from the people who falsely claim “do no evil” — that’s not the same as do good.

    my android has no gmail. I use hotmail live — the people from whom google licenses ActiveSync

    * my calendar works
    * my contacts work
    * everything is peachy except market which I DO NOT want as 94% of the apps are malware. ALL adware is by definition malware. I use f-droid or purchase apps.
    + my battery lasts longer
    + my phone performs better
    + my phone performs even better with miui

    iptables ftw