Carrier IQ phone tracking: what you need to know

Back in 2011, data collection developer Carrier IQ caused a firestorm of criticism after a security researcher discovered its kernel-level software could be used to track smartphone users without their consent or control. Four years later, the company has been swallowed up by one of the telecoms that used it. TechCrunch reports that AT&T has acquired the assets and some staff from the startup, effectively shutting Carrier IQ down.

HTC has agreed to a settlement with the Federal Trade Commission over security problems that left its phones open to hijacking or stolen personal data. Like many other devices, HTC phones and tablets come with software that tracks device logs or user location — in its case, both an Android tool called HTC Logger and the controversial Carrier IQ. But the FTC says that the company failed to implement strong security. "Because HTC used an insecure communications mechanism, any third-party application on the user’s device that could connect to the internet could exploit this vulnerability" to take device logs from either HTC Logger or a custom overlay for Carrier IQ.

On Android, the FTC says hackers could both find personal information about the user's phone and perform actions like sending text messages. A similar problem with custom app installation software meant it was possible to "command this pre-installed application to download and install any additional applications from any server onto the device without the user’s knowledge or consent." Major HTC Logger security issues were uncovered in late 2011 by Android Police, which found that apps could surreptitiously request everything from email addresses to GPS location with simple commands. This settlement addresses many of these claims, as well as similar issues with Carrier IQ.

After asking the Federal Trade Commission to investigate Carrier IQ's controversial tracking practices, US Representative Edward Markey has sponsored legislation to prevent it or other companies from collecting data without informing customers. The Mobile Device Privacy Act, drafted in January and introduced to the House of Representatives on Wednesday, requires companies that sell mobile devices or phone and data subscriptions to inform consumers if any "monitoring software" is included. If so, it must also detail the type of information that could be collected, who it's being sent to, and how it will be used. What's more, customers must consent to the tracking and be free to opt out even if they initially agree to have information collected.

If a company is found to be breaking the law, it can be fined $1,000 or more per violation, according to the bill's text. However, the FTC can grant exemptions if data collection is consistent with the "reasonable expectations of consumers." The bill has been referred to a committee, and it likely won't see a vote for some time. Since controversy ignited over Carrier IQ's widespread data collection last year, the company itself has pledged to build a "culture of privacy." However, it and carriers are unlikely to support legislation on the matter, even if the bill still allows tracking as long as customers are aware of it.

Carrier IQ is no stranger to privacy issues after last November's discovery that its software was being improperly logged by HTC — the company quickly became a flashpoint for controversy, even though it worked with nearly every company in mobile from Apple to Sprint to Samsung. Today, the company is taking steps to rebuild its reputation, starting with the announced that it's hired a new Chief Privacy Officer and General Counsel named Magnolia Mobley. We sat down with Mobley and Carrier IQ's Andrew Coward to discuss her new role in the company and where Carrier IQ future now that it's more public than ever before.

Carrier IQ's main customers are still the carriers and manufacturers, not end users. In that regard, Mobley is primarily concerned that they understand "how our technology enables privacy." Again, the company believes it's more about communicating what it's already doing than radically changing how its current technology works. The goal is "privacy by design" where "you don't think of it as an afterthought, you build it in."

Vilified just weeks ago (somewhat inaccurately) for its behavior in collecting network performance metrics directly from subscribers' phones, Carrier IQ is taking the opposite approach at Mobile World Congress this week. The company's IQ Care product — designed to help service reps get a sense of what's wrong with customers' devices when they call in — is being retrofitted with a customer-facing "dashboard" that will allow them to see "health and performance of their device, applications, battery life, network coverage and dropped calls." This won't automatically become available to everyone whose carrier uses Carrier IQ, of course — it'll be up for each carrier to integrate the new option at their discretion. Carrier IQ gives the example of exposing the information through the carrier's online account portal, which could help you figure out why you're battery's draining so quickly or whether you're experiencing more dropped calls than "normal" and may need to exchange your device.

This seems like it could be a tall order for carriers — rarely are they looking for ways to point out their failures, but if Carrier IQ can conclusively demonstrate that this service reduces support calls or returned devices, they may be onto something. Look for it to be available next quarter.

The row that's been brewing for months over controversial Carrier IQ software has prompted action in Congress: a draft bill titled The Mobile Device Privacy Act was introduced in the US House today that, if enacted, would require companies to disclose tracking software and detail what information it collects. The bill would require consumer consent for any data collection or transmission, and companies that want to transmit data to third parties would need to gain approval from the FTC and FCC in order to do so. In a statement released on his website, the bill's sponsor, Representative Edward Markey (D-MA), says that "consumers have the right to know and say no to the presence of software on their mobile devices that can collect and transmit their personal and sensitive information."

Here's what the bill would require:

The updates will be rolled out gradually over the next two weeks or so, but customers with either HTC phone should be able to manually initiate an update right away. If your Sprint phone still has Carrier IQ software installed, you can at least take heart in knowing that Sprint isn't using it anymore, though we suspect that the insecure logs that started this whole saga could still keep you up at night.

In our interview with Carrier IQ, the company was a little cagey about how it stores and protects data on phones before uploading that information to the carriers. That's somewhat understandable for two reasons: CIQ didn't want to "dare" anybody to reverse engineer its system and get access to the data and because apparently at least one piece of that data — the instructions for collecting it — isn't very strongly encrypted. The Electronic Frontier Foundation has begun the project of reverse engineering the CIQ "Profiles," which vary from device to device and carrier to carrier, but on each are the set of instructions that tell the phone what data to collect, when, and how to store it. The profiles do not contain the specific tracking data from each device, just the instructions for collecting it.

EFF volunteer Jered Wierzbicki wrote a program to parse the CIQ profile called, appropriately enough, IQIQ. It reveals that the CIQ profile is stored in a mixture of binary and plain-text data that doesn't need to be decrypted in order to convert it into a standard, human-readable XML file. The EFF has posted an example of a default T-Mobile profile on its site and is looking for volunteers to send in the profiles from any phone with a CIQ profile.

Senator Al Franken was right in the middle of the Carrier IQ smartphone tracking controversy: a pair of scathing letters from the Minnesota senator are what ultimately shed the most light on how Carrier IQ was being used. Every major carrier save Verizon has now responded to his questions and admitted some use of the software or similar tracking software on their networks. (Verizon simply denied any use of Carrier IQ at all.) It now appears that such software is pervasive throughout the industry; whether it's Carrier IQ or something else, it's clear that network operators can track and analyze customer behavior with alarming detail. That's on top of whatever tracking ability device makers, OS vendors, and app developers add in — all features users may not want, or even know about.

But Carrier IQ is just one more piece of the puzzle for Franken: he's been chairman of the Senate Subcommittee on Privacy, Technology, and the Law since it was formed in February, and the first-ever hearing he called was a bruising session with Google and Apple about the tracking abilities of Android and iOS. That hearing ultimately led Franken to introduce the Location Privacy Protection Act, which would require that companies get express consent from users before recording or sharing location data. Add in the recent FTC privacy settlements with Google, Facebook, and Twitter, and it's clear that Washington is waking up to a tectonic shift in how privacy works in an always-connected world.

MobileBurn has received a statement confirming that Sprint is having Carrier IQ disabled on its phones. In the statement, Sprint said that it has "weighed customer concerns and we have disabled use of the tool so that diagnostic information and data is no longer being collected." While it's not clear if the software has been disabled remotely or if users will have to wait for software updates, Geek.com has reported that Sprint has ordered all of its hardware partners to ready over-the-air updates to remove Carrier IQ, citing an unnamed source at HTC.

In response to a request for more information from Senator Al Franken, AT&T, Sprint, Samsung, HTC, and Carrier IQ have responded with letters detailing their use of Carrier IQ's software on their handsets. Sprint is by far the biggest user of the software, admitting to installations on 26 million devices. Additionally, HTC has, for the first time, directly and publicly addressed the fact that Carrier IQ blames it for the insecure log files found on its devices — though not in a way that's likely to satisfy unhappy users. Another surprise: AT&T's network and dropped calls reporting app, Mark the Spot, utilizes Carrier IQ (though not on the iPhone).

All told, it's safe to estimate that Carrier IQ's software is installed on over 30 million US devices and now, for the first time, the companies involved are publicly naming them. We break it all down for you below.

A senior executive at RIM has provided instructions on how to remove Carrier IQ software from its devices. The instructions are part of the BlackBerry Knowledge Base, under the general entry for removing third-party software. According to eWeek, the executive said that users would be able to remove the software just like any other third-party program. RIM said earlier this month that it does not install CarrierIQ software on its devices, and as part of its policy carriers are prohibited from installing it themselves — a policy that some carriers have apparently ignored. Check out the source link for the cure.

The government's interest in smartphone tracking software vendor Carrier IQ is heating up: the Washington Post reports that CIQ executives are in DC this week to meet with the FCC, FTC, and congressional staffers about their software and associated privacy concerns. The meetings come after significant attention from Congress: Senator Al Franken issued a pair of scathing letters demanding to know exactly what the software can track and how the data is handled, and Representative Edward Markey asked the FTC to determine if the installation of Carrier IQ's software was unfair or deceptive to consumers. The FTC in particular has been extremely agressive in protecting consumer privacy lately: it's pushed Google, Facebook, and Twitter into long-term settlement agreements with minimum privacy standards and regular audit commitments. We'd love to see the same sort of framework imposed on carriers and manufacturers when it comes to tracking software of this kind, but we'll wait and see what comes out of DC this week.

Update: In a statement to AllThingsD, CIQ says that it "sought meetings with the FTC and FCC to educate the two agencies about the functionality of its software and answer any and all questions" and isn't aware of any "official investigation." One way or another, all these entities are speaking.

As the Carrier IQ story continues to evolve, manufacturers have clearly taken note that customers are not happy with the tracking software. Apple has promised that it would fully remove in a future update and HTC has also said that it would be "investigating the option to allow consumers to opt-out." If a leaked ROM for the Galaxy S II Epic 4G Touch turns out to be genuine, then Samsung is speaking with actions instead of words. The "EL13" ROM originally leaked by SamMobile contains bugfixes, yes, but forum members at XDA-Developers have discovered that it also strips out Carrier IQ's software.

It's possible that the software is simply more deeply hidden or that it will get re-added before a final release, but for now it seems that Samsung is moving relatively quickly to drop the tracking software. That's one phone (theoretically) down, plenty more to go.

Carrier IQ told us its story last weekend, but the controversial cellular telemetry firm is also speaking directly to curious individuals today, with a handy new PDF document that explains exactly which forms of data it does and does not collect for its customers. If you've already read our extensive interview, there's not a lot to see here, but there are two new wrinkles to the tale.

First, after conducting a review, Carrier IQ discovered that its software does in fact collect some SMS messages, and doesn't merely listen for certain SMS keystrokes. However, the company says it's a bug, and one that only operates "in unique circumstances" at that, such as when SMS and calls interfere. Moreover, the firm also claims that the messages are also encoded such that the data isn't readable. Second, after pointing the finger at manufacturers like HTC for repeating sensitive user data in Android log files, Carrier IQ says it's "working with handset manufacturers and network operations to suggest changes to the certification process for new devices to prevent similar problems from occuring again." There's no mention in the PDF of any pending FBI investigations, but if you'd like to know as much as Carrier IQ can tell you about where your data is going, simply click our source link below.

When we spoke to Carrier IQ at length about the company's controversial cellular tracking service, there was one question we didn't include in the transcript. "Would you say no if the government asked Carrier IQ for a wiretap into user databases?" we asked. At the time, we felt the question was reaching, but today it seems rather apt, because MuckRock just discovered that the FBI does have files on Carrier IQ of some sort.

In case you're not familiar, MuckRock is a tool that lets citizens more easily make requests for government data under the Freedom of Information Act — "FOIA" for short — and when the FBI got an FOIA request to turn over files related to Carrier IQ, it denied the request. The reason? Apparently, those records included "information compiled for law enforcement purposes." If you head on over to our source link, you'll probably notice that the FBI's denial looks like boilerplate, and that's because it is, so it's really hard to tell whether this means that the FBI is actually using Carrier IQ's data, or investigating Carrier IQ itself. Still, it's all too easy to envision a scenario where the FBI would welcome the company's tracking system. 

By Sean Hollister and Dieter Bohn

You may have heard of the "internet of things," a vision of the future where cheap sensors are everywhere, and they allow machines to automatically track everything at all times. Over the last few days, we got an eye-opening look into that future thanks to a company called Carrier IQ. Founded in 2005, Carrier IQ provides remote tracking data to cellular network operators including AT&T, Sprint and T-Mobile, and its software has been loaded on over 141 million phones, primarily in the United States. You’d expect a cellular operator to have access to your phone number, name, address, and billing information, and even be able to see your calls and text messages while you’re connected to the network, no? Well, Carrier IQ takes things a step further by tracking your device even when it’s not connected, and can deliver things you might not expect it to, such as the apps you’re using and the secure URLs you visit in your cellphone browser.

T-Mobile already admitted last week to using Carrier IQ's "diagnostic tool" on some of its devices, but hasn't been forthcoming on which phones customers should be wary of. TMoNews has published a screenshot from an alleged internal T-Mobile document which notes that the tracking software is "currently deployed on some of the following T-Mobile devices":

With some TMoNews commenters claiming that the software is also present on the HTC Sensation 4G as well, it's important to note that this may not be a comprehensive list. While listing the various types of issues the carrier is using CIQ to help address — battery performance, dropped calls, and application failures are all named — the document also reassures that T-Mobile "does not use the tool to obtain the contents of text, email or voice messages, or the specific destinations of customers' Internet activity." Those outraged enough by the Carrier IQ issue to switch carriers, however, may have an unpleasant surprise in store: the document clearly states that T-Mobile's early termination fee will in fact apply to any customers canceling because of the security snafu.

We've just returned from a long and wide-ranging interview with Carrier IQ's Vice President of Marketing, Andrew Coward. We'll have much more on that discussion soon, but first there is one piece of news about the cellphone tracking saga to report. One of the issues at the center of the imbroglio is the fact that some HTC devices are storing sensitive information in an easily accessible, plain-text log. It was previously assumed that this security hole was solely Carrier IQ's fault, but now the company contends that it does not create this file, pinning the blame instead on its manufacturer partners.

As you may recall, the main thing that opened up our collective eyes to the amount of data getting tracked by Carrier IQ (henceforth: CIQ) was Trevor Eckhart's video. In the video and on his site, Eckhart reveals that a rogue app could run a common command that can read this information. Eckhart writes:

We've already been told by HP, Microsoft, Nokia, RIM, and Verizon that they do not use Carrier IQ software, and now a host of carriers are joining that list. Three and Vodafone in the UK, and Rogers in Canada, have all announced that the software is not present on any of the devices they sell. O2 shed a little more light on its position, saying that while it "doesn't collect any data via Carrier IQ", the software might still be present on some of its devices for manufacturer diagnostics.

Possibly the most concerning thing in this whole story is the unwillingness of all parties involved to take ownership of the software that's installed on users' devices. While some handset manufacturers claim that the software is required by carriers, in turn the networks are deflecting responsibility, and CIQ itself is pointing any questions back at the carriers. If you want to test your device for the rootkit, a couple of tools for Android have already been released by the developer community.

Carrier IQ's Andrew Coward wouldn't directly address allegations when we spoke to him this morning, but the company's being a bit clearer now: it's just issued a press release that doesn't quite admit that its tracking software logs personal data, but does claim that the software "does not record, store or transmit the contents of SMS messages, email, photographs, audio or video." Needless to say, that's very important, and it's backed up by the testimony of security researcher (and author, and former NSA employee) Rebecca Bace, who believes that neither keystroke collection nor surveillance are occurring in the Carrier IQ software. We've printed the full statement below.

Carrier IQ also spoke to AllThingsD, and admitted that the contents of Trevor Eckhart's video — if not his conclusions — are accurate, too. "The software receives a huge amount of information from the operating system, but just because it receives it doesn't mean that it's being used to gather intelligence about the user or passed along to the carrier," Coward told the publication. He added that the software does indeed log website URLs, the time when SMS messages come in, phone numbers attached to them, and a variety of other data. According to the company, carriers solely determine what data is collected, how long it is stored and more, although such decisions are also allegedly subject to carriers' end-user agreements. The real question now is exactly what carriers like Sprint are doing with the versions of Carrier IQ they have installed — and what carriers like Verizon are doing with their own tracking software.

Update: T-Mobile has also admitted to using Carrier IQ "to troubleshoot device and network performance."

Early this afternoon, Senator Al Franken — chairman of the Senate's subcommittee on Privacy, Technology, and Law — gave Carrier IQ until December 14th to explain itself. Now, however, the senator has shifted his inquiry to those companies who admit using the controversial tracking software: Sprint, HTC, Samsung, and AT&T. The set of questions he's asking are much the same, and he's still questing to discover why the Carrier IQ software is being used and what kind of information is actually being tracked. In fact, he's giving the carriers and OEMs the same December 14th deadline for a formal explanation. Why the sudden shift in direction, then? Franken says that Carrier IQ informed his offices that the software "is subsequently modified and actually installed by other companies," namely the four above. For its part, HTC has denied using any CIQ data, but all four parties have admitted to the software being present on shipping phones.