Carrier IQ denies responsiblity for insecure log files, suggests manufacturers are to blame

171

We've just returned from a long and wide-ranging interview with Carrier IQ's Vice President of Marketing, Andrew Coward. We'll have much more on that discussion soon, but first there is one piece of news about the cellphone tracking saga to report. One of the issues at the center of the imbroglio is the fact that some HTC devices are storing sensitive information in an easily accessible, plain-text log. It was previously assumed that this security hole was solely Carrier IQ's fault, but now the company contends that it does not create this file, pinning the blame instead on its manufacturer partners.

As you may recall, the main thing that opened up our collective eyes to the amount of data getting tracked by Carrier IQ (henceforth: CIQ) was Trevor Eckhart's video. In the video and on his site, Eckhart reveals that a rogue app could run a common command that can read this information. Eckhart writes:

The interesting thing is because we are able to see this happening in logcat, anything with the right permissions can see the same thing. It means programs other than CIQ, such as crash reporting software or any app that can read logs, will also be able to see the same exact logs.

Whatever your opinion of the data CIQ is collecting on behalf of the carriers, having that data available to other apps on the device is a serious security issue. However, Coward argues that it is not a CIQ security issue.

To explain, we need to start by pointing out that CIQ's software can work in one of two ways: it can either be built directly into the OS of the device or installed later by the OEM or carrier as a kind of third party application. In the latter case, CIQ's software doesn't have direct access to the information that carriers are requesting, so the company has created an API that manufacturers can use to communicate with its software. It is then up to the manufacturer to find ways to make the operating system collect the necessary information and then give it to CIQ's software.

What that means is that the actual responsibility for how this data is collected and communicated to CIQ's software falls on HTC. CIQ tells us that the insecure logs that Eckhart discovered were created by HTC — though CIQ is contractually obligated to never name its partners, the implication below is clear:

Andrew Coward, Carrier IQ: When a piece of information is sent to us from the operation system, we do not need it to go through that log file. There is no value to us in reading a keylog file, that's not how our software works.

The Verge: That is not your log file?

Coward: That logfile is not our logfile. It's a standard, Android system logfile. What goes in that logfile is up to the manufacturer. ...So, you would hope in a shipping device, you wouldn't get very much information to go in there.

The Verge: [...] I'm trying to understand why a manufacturer, in order to give you certain information, is actually logging keystrokes. I want to separate those two things. It's logging it, putting it into this file, and then giving it to you?

Coward: What should be happening, is it should just be giving it to us through the API. What appears to be happening is that it's giving it to us and making a copy of what it gave to us in the log file.

You should still be aware that CIQ does keep a temporary log file of its own. CIQ implied that it is stored in a specialized part of the phone's memory and stated outright that it is not stored in plain text. For security reasons, CIQ would not go into detail about whether or how it may be encrypted beyond saying that they have taken measures to keep it safe from intrusion and that "it's not readable if you don't have our tools." Additionally, CIQ tells us that the log is continuously overwritten with new data and never contains data more than seven days old.

It's also important to note that CIQ's software is still, in fact, listening to both keystrokes and SMS messages on many devices, though CIQ claims it does not log, store, or transmit them. The company argues that it's doing this for completely benign purposes: all phones use "short codes" in the dialer to issue system commands and also need to be able to listen to specialized SMS commands sent from the carrier. CIQ uses both of those systems. In some cases, the phone's operating system handles routing that (and only that) information to CIQ's software and in others, the manufacturer just allows CIQ's software to listen and filter for the messages that matter to it rather than engineer a stricter solution.

Keep an eye out for more from our interview with Carrier IQ, including details on how and why it records data about visited websites and running apps. For now, the ball is back in HTC's court to explain why these log files exist on its devices. The company already said it was "investigating the option to allow consumers to opt-out," but we've reached out to HTC for further comment and will let you know what we hear.

Sean Hollister contributed to this report.

More from The Verge

Back to top ^
X
Log In Sign Up

forgot?
Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.
Spinner.vc97ec6e

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

tracking_pixel_5345_tracker