clock menu more-arrow no yes

Filed under:

Electronic Frontier Foundation reverse engineers Carrier IQ data collection

New, 11 comments

The EFF has begun a project to parse and collect Carrier IQ profiles, which are the instructions on each phone that tell it what information to collect and send to carriers. The profiles are not strongly encrypted, but do not contain personal information.

carrier iq door 1020
carrier iq door 1020

In our interview with Carrier IQ, the company was a little cagey about how it stores and protects data on phones before uploading that information to the carriers. That's somewhat understandable for two reasons: CIQ didn't want to "dare" anybody to reverse engineer its system and get access to the data and because apparently at least one piece of that data — the instructions for collecting it — isn't very strongly encrypted. The Electronic Frontier Foundation has begun the project of reverse engineering the CIQ "Profiles," which vary from device to device and carrier to carrier, but on each are the set of instructions that tell the phone what data to collect, when, and how to store it. The profiles do not contain the specific tracking data from each device, just the instructions for collecting it.

EFF volunteer Jered Wierzbicki wrote a program to parse the CIQ profile called, appropriately enough, IQIQ. It reveals that the CIQ profile is stored in a mixture of binary and plain-text data that doesn't need to be decrypted in order to convert it into a standard, human-readable XML file. The EFF has posted an example of a default T-Mobile profile on its site and is looking for volunteers to send in the profiles from any phone with a CIQ profile.

We already have a fairly clear picture from a high-level of what each carrier is tracking with Carrier IQ thanks to their responses to Senator Al Franken, but this EFF project should bring out the nitty gritty technical details. If analyzing XML files parsed by a Forth program isn't your thing, you can still learn more about the current situation by checking out our interview with Franken here.