Carrier IQ phone tracking: what you need to know
Carrier IQ provides telemetry to cellular carriers and manufacturers, and according to the company itself, its software is preinstalled on over 141 million phones. Now, a security researcher claims that the same software is monitoring every single key you press on your smartphone, reading your SMS, and logging much of the personal data you transmit, too — all with an app that you can't remove. We'll continue to update this stream as we find out what's really going on.
Major Updates
- Can Carrier IQ's new Chief Privacy Officer build a 'culture of privacy'?
- Carrier IQ categorically denies recording, storing or transmitting several forms of personal info
- Apple: Carrier IQ dropped from most products with iOS 5
- HTC says it doesn't receive data from Carrier IQ, investigating ways to turn it off
- Carrier IQ speaks: 'We'd like to be as open as we can' after independent testing
- Senator Al Franken asks Carrier IQ exactly what it's doing
- How to test your Android device for the Carrier IQ rootkit
- Verizon denies Carrier IQ is on any of its phones
- Carrier IQ references discovered in Apple's iOS
- Carrier IQ watchdog says software is a rootkit, posts video evidence
the
-
AT&T acquires part of data collection startup Carrier IQ
Back in 2011, data collection developer Carrier IQ caused a firestorm of criticism after a security researcher discovered its kernel-level software could be used to track smartphone users without their consent or control. Four years later, the company has been swallowed up by one of the telecoms that used it. TechCrunch reports that AT&T has acquired the assets and some staff from the startup, effectively shutting Carrier IQ down.
We use CIQ software solely to improve the customer's network. -
HTC settles with FTC over leaving Carrier IQ and other logging tools open to hackers
HTC has agreed to a settlement with the Federal Trade Commission over security problems that left its phones open to hijacking or stolen personal data. Like many other devices, HTC phones and tablets come with software that tracks device logs or user location — in its case, both an Android tool called HTC Logger and the controversial Carrier IQ. But the FTC says that the company failed to implement strong security. "Because HTC used an insecure communications mechanism, any third-party...
HTC's 'insecure communications' opened up phone logs and text messages to potential hacking -
Mobile Device Privacy Act, meant to stop Carrier IQ-style data collection, introduced in Congress
After asking the Federal Trade Commission to investigate Carrier IQ's controversial tracking practices, US Representative Edward Markey has sponsored legislation to prevent it or other companies from collecting data without informing customers. The Mobile Device Privacy Act, drafted in January and introduced to the House of Representatives on Wednesday, requires companies that sell mobile devices or phone and data subscriptions to inform consumers if any "monitoring software" is included. If...
Consumers should have the choice to say no to software that is transmitting their personal information. -
Can Carrier IQ's new Chief Privacy Officer build a 'culture of privacy'?
Carrier IQ is no stranger to privacy issues after last November's discovery that its software was being improperly logged by HTC — the company quickly became a flashpoint for controversy, even though it worked with nearly every company in mobile from Apple to Sprint to Samsung. Today, the company is taking steps to rebuild its reputation, starting with the announced that it's hired a new Chief Privacy Officer and General Counsel named Magnolia Mobley. We sat down with Mobley and Carrier IQ's...
We're looking forward to telling our story publicly. -
Carrier IQ lets carriers open their network quality stats to subscribers
Vilified just weeks ago (somewhat inaccurately) for its behavior in collecting network performance metrics directly from subscribers' phones, Carrier IQ is taking the opposite approach at Mobile World Congress this week. The company's IQ Care product — designed to help service reps get a sense of what's wrong with customers' devices when they call in — is being retrofitted with a customer-facing "dashboard" that will allow them to see "health and performance of their device, applications,...
Transparency is a good thing -
Cellphone privacy bill introduced, would reveal and regulate Carrier IQ-like tracking software
The row that's been brewing for months over controversial Carrier IQ software has prompted action in Congress: a draft bill titled The Mobile Device Privacy Act was introduced in the US House today that, if enacted, would require companies to disclose tracking software and detail what information it collects. The bill would require consumer consent for any data collection or transmission, and companies that want to transmit data to third parties would need to gain approval from the FTC and...
Consumers have the right to know and to say no to software that can collect and transmit their personal information. -
Sprint removes Carrier IQ from Evo 4G, Evo Design 4G, and Epic 4G; adds bugfixes
After updating the Evo 3D to remove Carrier IQ software, Sprint has begun pushing out updates for a few more Android phones to strip the customer tracking software. The HTC Evo 4G, HTC Evo Design 4G, and Samsung Epic 4GG are all getting updates beginning today, and all three also are getting various bugfixes as well. The Evo 4G and Evo Design 4G should see improved battery life, and updated Peep client for Twitter, while the Epic 4G should have a speaker feedback fix along with a little more...
So long, CIQ -
Electronic Frontier Foundation reverse engineers Carrier IQ data collection
In our interview with Carrier IQ, the company was a little cagey about how it stores and protects data on phones before uploading that information to the carriers. That's somewhat understandable for two reasons: CIQ didn't want to "dare" anybody to reverse engineer its system and get access to the data and because apparently at least one piece of that data — the instructions for collecting it — isn't very strongly encrypted. The Electronic Frontier Foundation has begun the project of reverse...
We can now learn exactly what data is collected by each phone -
The Verge Interview: Senator Al Franken on privacy, location tracking, and Carrier IQ
Senator Al Franken was right in the middle of the Carrier IQ smartphone tracking controversy: a pair of scathing letters from the Minnesota senator are what ultimately shed the most light on how Carrier IQ was being used. Every major carrier save Verizon has now responded to his questions and admitted some use of the software or similar tracking software on their networks. (Verizon simply denied any use of Carrier IQ at all.) It now appears that such software is pervasive throughout the...
I think we have a fundamental right to know what information is being collected about us and who it is shared with. -
T-Mobile responds to Sen. Franken's Carrier IQ inquiry: nine phones, 450k customers
Just as AT&T, Sprint, manufacturers, and Carrier IQ itself have done, T-Mobile has now responded to a request for information from US Senator Al Franken on how it makes use of Carrier IQ's many performance logging capabilities. The overall message in T-Mobile's letter is a similar line that we've heard elsewhere: that T-Mobile collects "technical data solely to understand what is happening on the device and the network so that [it] can more effectively and directly troubleshoot issues." The...
T-Mobile believes its customers expect us to take pro-active steps... to ensure network reliability. -
Sprint has 'disabled use' of Carrier IQ software
MobileBurn has received a statement confirming that Sprint is having Carrier IQ disabled on its phones. In the statement, Sprint said that it has "weighed customer concerns and we have disabled use of the tool so that diagnostic information and data is no longer being collected." While it's not clear if the software has been disabled remotely or if users will have to wait for software updates, Geek.com has reported that Sprint has ordered all of its hardware partners to ready over-the-air...
Looks like Sprint's going to need a new network diagnostic tool -
AT&T, Sprint, Samsung, and HTC detail Carrier IQ installations
In response to a request for more information from Senator Al Franken, AT&T, Sprint, Samsung, HTC, and Carrier IQ have responded with letters detailing their use of Carrier IQ's software on their handsets. Sprint is by far the biggest user of the software, admitting to installations on 26 million devices. Additionally, HTC has, for the first time, directly and publicly addressed the fact that Carrier IQ blames it for the insecure log files found on its devices — though not in a way that's...
Nearly 27 million devices have Carrier IQ software installed -
RIM provides instructions for removing Carrier IQ from BlackBerrys
A senior executive at RIM has provided instructions on how to remove Carrier IQ software from its devices. The instructions are part of the BlackBerry Knowledge Base, under the general entry for removing third-party software. According to eWeek, the executive said that users would be able to remove the software just like any other third-party program. RIM said earlier this month that it does not install CarrierIQ software on its devices, and as part of its policy carriers are prohibited from...
RIM wants no part of Carrier IQ -
Carrier IQ under investigation from FTC and FCC, company says it asked for meetings
The government's interest in smartphone tracking software vendor Carrier IQ is heating up: the Washington Post reports that CIQ executives are in DC this week to meet with the FCC, FTC, and congressional staffers about their software and associated privacy concerns. The meetings come after significant attention from Congress: Senator Al Franken issued a pair of scathing letters demanding to know exactly what the software can track and how the data is handled, and Representative Edward Markey...
The Feds know about Carrier IQ — and they're not happy -
Leaked Samsung Galaxy S II Epic 4G Touch ROM removes Carrier IQ software
As the Carrier IQ story continues to evolve, manufacturers have clearly taken note that customers are not happy with the tracking software. Apple has promised that it would fully remove in a future update and HTC has also said that it would be "investigating the option to allow consumers to opt-out." If a leaked ROM for the Galaxy S II Epic 4G Touch turns out to be genuine, then Samsung is speaking with actions instead of words. The "EL13" ROM originally leaked by SamMobile contains bugfixes,...
Samsung may be speaking with actions instead of words -
Carrier IQ collected encrypted SMS 'unintentionally,' working on fix for logging issues
Carrier IQ told us its story last weekend, but the controversial cellular telemetry firm is also speaking directly to curious individuals today, with a handy new PDF document that explains exactly which forms of data it does and does not collect for its customers. If you've already read our extensive interview, there's not a lot to see here, but there are two new wrinkles to the tale.
First, after conducting a review, Carrier IQ discovered that its software does in fact collect some SMS...
A document for the discerning privacy enthusiast -
FBI holding Carrier IQ data for 'law enforcement purposes'
When we spoke to Carrier IQ at length about the company's controversial cellular tracking service, there was one question we didn't include in the transcript. "Would you say no if the government asked Carrier IQ for a wiretap into user databases?" we asked. At the time, we felt the question was reaching, but today it seems rather apt, because MuckRock just discovered that the FBI does have files on Carrier IQ of some sort.
In case you're not familiar, MuckRock is a tool that lets citizens...
Is the FBI investigating Carrier IQ, or using Carrier IQ to investigate? -
Carrier IQ interview: inside the brave new world of carrier phone tracking
By Sean Hollister and Dieter Bohn
You may have heard of the "internet of things," a vision of the future where cheap sensors are everywhere, and they allow machines to automatically track everything at all times. Over the last few days, we got an eye-opening look into that future thanks to a company called Carrier IQ. Founded in 2005, Carrier IQ provides remote tracking data to cellular network operators including AT&T, Sprint and T-Mobile, and its software has been loaded on over 141...
As much as I'd like to talk about this, there are contractual obligations. -
Alleged T-Mobile document lists phones using Carrier IQ, won't be letting users dodge ETF
T-Mobile already admitted last week to using Carrier IQ's "diagnostic tool" on some of its devices, but hasn't been forthcoming on which phones customers should be wary of. TMoNews has published a screenshot from an alleged internal T-Mobile document which notes that the tracking software is "currently deployed on some of the following T-Mobile devices":
Don't expect a get out of T-Mobile jail free card -
Carrier IQ denies responsiblity for insecure log files, suggests manufacturers are to blame
We've just returned from a long and wide-ranging interview with Carrier IQ's Vice President of Marketing, Andrew Coward. We'll have much more on that discussion soon, but first there is one piece of news about the cellphone tracking saga to report. One of the issues at the center of the imbroglio is the fact that some HTC devices are storing sensitive information in an easily accessible, plain-text log. It was previously assumed that this security hole was solely Carrier IQ's fault, but now...
The ball is in HTC's court now -
O2, Rogers, Three UK, and Vodafone join the list of Carrier IQ deniers
We've already been told by HP, Microsoft, Nokia, RIM, and Verizon that they do not use Carrier IQ software, and now a host of carriers are joining that list. Three and Vodafone in the UK, and Rogers in Canada, have all announced that the software is not present on any of the devices they sell. O2 shed a little more light on its position, saying that while it "doesn't collect any data via Carrier IQ", the software might still be present on some of its devices for manufacturer diagnostics.
P...
More networks distance themselves from the CIQ scandal -
Carrier IQ categorically denies recording, storing or transmitting several forms of personal info
Carrier IQ's Andrew Coward wouldn't directly address allegations when we spoke to him this morning, but the company's being a bit clearer now: it's just issued a press release that doesn't quite admit that its tracking software logs personal data, but does claim that the software "does not record, store or transmit the contents of SMS messages, email, photographs, audio or video." Needless to say, that's very important, and it's backed up by the testimony of security researcher (and author,...
For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS -
AT&T and T-Mobile admit to using Carrier IQ, Samsung passes the buck, Microsoft and HP deny Windows Phone or webOS involvement
In case it wasn't obvious from our hands-on preview of the LG Nitro — see above — AT&T is also using the controversial Carrier IQ tracking software on its phones. For its part, AT&T doesn't deny that. "In line with our privacy policy, we solely use CIQ software data to improve wireless network and service performance," it told the Washington Post. Samsung also confirmed that Carrier IQ is present in "some Samsung mobile phones," but like HTC, claims that the inclusion of the software is not...
-
Carrier IQ deflects Senator Franken's inquiry onto OEMs and cellular carriers
Early this afternoon, Senator Al Franken — chairman of the Senate's subcommittee on Privacy, Technology, and Law — gave Carrier IQ until December 14th to explain itself. Now, however, the senator has shifted his inquiry to those companies who admit using the controversial tracking software: Sprint, HTC, Samsung, and AT&T. The set of questions he's asking are much the same, and he's still questing to discover why the Carrier IQ software is being used and what kind of information is actually...
Believe it or not, Carrier IQ is for carrier use -
Google confirms: we have no 'affiliation with Carrier IQ'
We've just received official word from Google about the Carrier IQ saga that has been blowing up the blogosphere today. In addition to confirming our report last night that Nexus devices do not include the software, Google also distanced itself from any responsibility for the tracking software:
We do not have an affiliation with CarrierIQ. Android is an open source effort and we do not control how carriers or OEMs customize their devices.
Increasingly, the story about Carrier IQ is turning...
'We do not have an affiliation with Carrier IQ.' -
Apple: Carrier IQ dropped from most products with iOS 5
Apple is the latest company to distance itself from the Carrier IQ smartphone tracking software. Although references to Carrier IQ were found in iOS, Apple says "most" of its products don't support Carrier IQ as of iOS 5 and it'll completely remove it in a future update. Of course, that leaves us wondering which Apple products continue to support Carrier IQ — especially since the company just launched the iPhone 4 and 4S on Sprint, which called CIQ an "integral part of its service." Apple's...
We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so. -
HTC says it doesn't receive data from Carrier IQ, investigating ways to turn it off
HTC just sent us a statement about the Carrier IQ smartphone tracking software — it says it has no formal relationship with Carrier IQ, but that the software is "required on devices by a number of US carriers," and that consumers should talk to their carrier about what data may or may not be collected. That certainly sounds like a bit of a cop-out, especially since the first word we got of Carrier IQ's tracking potential came from a video of an HTC Evo 3D, but HTC isn't sitting still — it...
HTC does not receive data from the application, the company, or carriers that partner with Carrier IQ. -
Carrier IQ speaks: 'We'd like to be as open as we can' after independent testing
We just set foot inside Carrier IQ's offices in Mountain View, California, and spoke face-to-face with Andrew Coward, the VP of marketing for a company currently embroiled in a scandal of senatorial proportions. If you've been anxiously awaiting a formal comment from the company, we've got good and bad news. When we asked, Carrier IQ would not directly address security researcher Trevor Eckhart's alleged video evidence of the Carrier IQ agent's worrisome behavior, but Coward told us the...
We stand exactly by the statements we made, and have no further comment at this time -
Sprint says it 'uses Carrier IQ to help maintain our network performance'
After a flurry of statements from carriers and manufacturers who claim not to install the Carrier IQ tracking software, we've finally gotten an official statement from Sprint, which admits to using Carrier IQ but says it's just for analyzing network performance. Sprint says it collects "enough information to understand the customer experience with devices on our network," but that it can't look at the contents of messages, photos, or videos using Carrier IQ. Of course, this story broke when a...
We do not and cannot look at the contents of messages, photos, videos, etc., using this tool. -
Senator Al Franken asks Carrier IQ exactly what it's doing
Almost inevitably, the government is waking up to the Carrier IQ smartphone tracking story: Senator Al Franken, Chairman of the Senate's subcommittee on Privacy, Technology, and Law, has asked Carrier IQ to clarify exactly what its software can do. Franken specifically wants to know what data is recorded on devices with Carrier IQ, what data is sent, if it's sent to Carrier IQ or carriers themselves, how long it's stored once received, and how it's protected once stored. In other words, all...
Carrier IQ has a lot of questions to answer.” -
Carrier IQ not installed on BlackBerry phones, says RIM
RIM just issued a statement saying it doesn't install the Carrier IQ smartphone tracking software, nor does it authorize carrier partners to install it. (It does appear that Carrier IQ supports the BlackBerry platform, however, so what carriers do without authorization is still of some concern.) The statement comes after similar distancing statements from Verizon and Nokia and our own report about Google's flagship Android devices lacking Carrier IQ, so it seems like the list of carriers and...
Carrier IQ still hasn't spoken on the record -
How to test your Android device for the Carrier IQ rootkit
If you have a rooted Android device then you can check it for the Carrier IQ rootkit right now. Trevor Eckhart, aka, TrevE over at xda-developers, the security researcher who exposed the whole Carrier IQ debacle, posted an .APK you can install yourself to test for logging services like CIQ. Trevor also has a paid ($1) version of the tool that can remove CIQ on certain devices but we can't recommend it after seeing a few reported issues in the related forums.
Time to see who's naughty and who's nice -
Verizon denies Carrier IQ is on any of its phones
You can add a whole carrier's portfolio to the list of devices uninfected by the Carrier IQ drama. Verizon Wireless has just come out and reiterated that it does not use the smartphone tracking software. Jeffrey Nelson, part of the company's Communications team, has tweeted a reminder that Verizon does not use Carrier IQ and that it "made this clear 2 weeks ago." At that time, Carrier IQ hadn't quite managed to brew up the storm of controversy that it has done since, so it's good of Jeffrey...
It's a good day on the job when you can earn approbation for things you didn't do -
Nokia: none of our devices have ever used Carrier IQ
In our effort to uncover just how deep the Carrier IQ rabbit hole goes, we reached out to Nokia for comment on whether that pernicious tracking software was on its phones. Trevor Eckhart, the researcher who brought Carrier IQ's activities to light, included in his early notes the fact that the software was sold with support for Nokia devices. That may indeed be the case, but Nokia's response has been categorical: no Nokia phone has ever shipped with Carrier IQ onboard.
"Nokia is aware of...
Soon smartphones will be advertised like food: on the basis of what they don't have inside them -
Google Nexus Android phones and original Xoom tablet do not include Carrier IQ tracking software
The Carrier IQ smartphone tracking scandal continues to grow, but we've just learned some interesting news from an extremely reliable source: the Google Nexus One, Nexus S, Galaxy Nexus, and the original Xoom tablet do not contain Carrier IQ software. Each of those devices was launched in direct partnership with Google as the flagship for a new version of Android, so it seems that the addition of Carrier IQ comes from OEMs and carriers after Google open-sources Android's code. Carriers...
As usual, stock Android continues to be the best bet -
Carrier IQ references discovered in Apple's iOS
To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5.
We were able to independently verify that at the very least, references to Carrier IQ's servers do exist within...
If you thought the iPhone was not a part of this drama, think again -
Carrier IQ watchdog says software is a rootkit, posts video evidence
Carrier IQ's data collection software is looking shadier than ever. Trevor Eckhart, the security researcher who accused the company's software of monitoring vast swathes of user personal data and phoning home to the likes of Verizon, Sprint, Samsung, HTC, Nokia, and more, has posted alleged video evidence of his claims on YouTube. Originally, Carrier IQ sent Eckhart a cease-and-desist letter, then withdrew and apologized for the threat, all the while representing that the service it provides...
Who is responsible for the data Carrier IQ collects? -
Carrier IQ retracts cease and desist letter sent to security researcher, says it doesn't track Android users
It looks like the unabashed fury of the Android hacking community was too much for data-collection developer Carrier IQ to take: the company has apologized and retracted the cease-and-desist letter it sent security researcher Trevor Eckhart after he posted details and analysis of how Carrier IQ's software works and can be used by the carriers and manufacturers that preload it onto their devices. While the apology is contrite and sincere — Carrier IQ says the letter was "misguided" and that...
It's never wise to underestimate the fury of the Android community -
xda-developers member threatened with lawsuit for exposing Android OEM tracking software
If you've been following the Android hacking scene lately, you might have heard about some scary-sounding software called Carrier IQ — it's loaded up at the kernel level on devices by HTC, Samsung, and others, and creates detailed logs of everything that happens on a phone without user intervention or control. That's bad enough, but now Carrier IQ is going after xda member Trevor Eckhart (TrevE), the security researcher who discovered it. The company sent an incredibly aggressive...
Mr. Eckhart stands by his research and, accordingly, declines to meet Carrier IQ's demands.