We've just returned from a long and wide-ranging interview with Carrier IQ's Vice President of Marketing, Andrew Coward. We'll have much more on that discussion soon, but first there is one piece of news about the cellphone tracking saga to report. One of the issues at the center of the imbroglio is the fact that some HTC devices are storing sensitive information in an easily accessible, plain-text log. It was previously assumed that this security hole was solely Carrier IQ's fault, but now the company contends that it does not create this file, pinning the blame instead on its manufacturer partners.
As you may recall, the main thing that opened up our collective eyes to the amount of data getting tracked by Carrier IQ (henceforth: CIQ) was Trevor Eckhart's video. In the video and on his site, Eckhart reveals that a rogue app could run a common command that can read this information. Eckhart writes:
The interesting thing is because we are able to see this happening in logcat, anything with the right permissions can see the same thing. It means programs other than CIQ, such as crash reporting software or any app that can read logs, will also be able to see the same exact logs.
Whatever your opinion of the data CIQ is collecting on behalf of the carriers, having that data available to other apps on the device is a serious security issue. However, Coward argues that it is not a CIQ security issue.
To explain, we need to start by pointing out that CIQ's software can work in one of two ways: it can either be built directly into the OS of the device or installed later by the OEM or carrier as a kind of third party application. In the latter case, CIQ's software doesn't have direct access to the information that carriers are requesting, so the company has created an API that manufacturers can use to communicate with its software. It is then up to the manufacturer to find ways to make the operating system collect the necessary information and then give it to CIQ's software.
What that means is that the actual responsibility for how this data is collected and communicated to CIQ's software falls on HTC. CIQ tells us that the insecure logs that Eckhart discovered were created by HTC — though CIQ is contractually obligated to never name its partners, the implication below is clear:
Andrew Coward, Carrier IQ: When a piece of information is sent to us from the operation system, we do not need it to go through that log file. There is no value to us in reading a keylog file, that's not how our software works.
The Verge: That is not your log file?
Coward: That logfile is not our logfile. It's a standard, Android system logfile. What goes in that logfile is up to the manufacturer. ...So, you would hope in a shipping device, you wouldn't get very much information to go in there.
The Verge: [...] I'm trying to understand why a manufacturer, in order to give you certain information, is actually logging keystrokes. I want to separate those two things. It's logging it, putting it into this file, and then giving it to you?
Coward: What should be happening, is it should just be giving it to us through the API. What appears to be happening is that it's giving it to us and making a copy of what it gave to us in the log file.
You should still be aware that CIQ does keep a temporary log file of its own. CIQ implied that it is stored in a specialized part of the phone's memory and stated outright that it is not stored in plain text. For security reasons, CIQ would not go into detail about whether or how it may be encrypted beyond saying that they have taken measures to keep it safe from intrusion and that "it's not readable if you don't have our tools." Additionally, CIQ tells us that the log is continuously overwritten with new data and never contains data more than seven days old.
It's also important to note that CIQ's software is still, in fact, listening to both keystrokes and SMS messages on many devices, though CIQ claims it does not log, store, or transmit them. The company argues that it's doing this for completely benign purposes: all phones use "short codes" in the dialer to issue system commands and also need to be able to listen to specialized SMS commands sent from the carrier. CIQ uses both of those systems. In some cases, the phone's operating system handles routing that (and only that) information to CIQ's software and in others, the manufacturer just allows CIQ's software to listen and filter for the messages that matter to it rather than engineer a stricter solution.
Keep an eye out for more from our interview with Carrier IQ, including details on how and why it records data about visited websites and running apps. For now, the ball is back in HTC's court to explain why these log files exist on its devices. The company already said it was "investigating the option to allow consumers to opt-out," but we've reached out to HTC for further comment and will let you know what we hear.
Sean Hollister contributed to this report.