Carrier IQ, which makes diagnostic software for mobile devices, has responded to claims that it is spying on users. Its statement, which shrugs off any wrongdoing whatsoever, follows a flurry of statements from the mobile industry’s biggest players, and an inquiry into the matter by Sen. Al Franken.
In an interview with AllThingsD‘s John Paczkowski, Carrier IQ spokesperson Andrew Coward said that his company’s software “receives a huge amount of information from the operating system. But just because it receives it doesn’t mean that it’s being used to gather intelligence about the user or passed along to the carrier.”
The uproar over Carrier IQ’s software, which is installed on millions of devices on AT&T and Sprint networks (but not Verzion), and is completely hidden from the user, started after Android developer Trevor Eckhard released a YouTube video showing the software at work. In the 17-minute clip, the software is shown recording keystrokes, location, URLs, incoming text messages, and encrypted data.
Contrary to previous accounts — and to Eckhard’s findings — Coward says that the video does not show that “all information is processed, stored, or forwarded out of the device” by Carrier IQ’s software. Instead, it’s simply being used to send out information that is useful to carriers for quality-assessment purposes, Coward asserts. So if, for instance, your device drops a call, or a text message fails to go through, that information may be recorded and sent to the carrier.
To determine which information is sent to carriers, Carrier IQ’s software is programmed to look for specific numeric sequences. If one of these sequences shows up in its system, that information is sent to the carrier.
Carrier IQ’s software can be modified to each carrier’s specifications, so only the data the carrier wants to know about it sent. In addition, Coward says that Carrier IQ’s software does not record the contents of text messages, only the number to which a message is sent. It also does not record the contents of websites visited, only the URL.
“What’s actually gathered, stored and transmitted to the carrier is determined by its end-user agreement,” Carrier IQ chief executive Larry Lenhart tells AllthingsD. “And, as I’m sure you’re aware, the carriers are highly sensitive about what data they’re allowed to capture and what they’re not allowed to capture.”
Lenhart also says that none of the data collected by its software is sent to third parties. “We would never take that data and distribute it to a third party. We are prohibited from doing that by our agreements.”
OK, now that we have the official company line out of the way, let’s take a look at what’s actually being said here. First, Carrier IQ has explicitly said that it “listens” to a wide range of activity on the phone, but doesn’t record all of it. The only information that is passed on to the carrier is that which is pre-designated as important, only data that relates to quality control.
If you ask us, the problem is not that carriers want to know when something goes wrong with their network, or a device on their network. The problem is that Carrier IQ’s software is 1) hidden from the user; 2) does not give the ability to opt-out; and 3) could, potentially, be programmed to record and send any data entered into the phone, even if it’s currently only being used to transmit data related to service quality.
Carrier IQ’s clarification on the matter only confirms that mobile users are trusting the company not to betray their privacy. That makes mobile users’ who have Carrier IQ’s software installed vulnerable. And that, folks, is a problem, even if Carrier IQ doesn’t agree.
Needless to say, this issue is far from over. As PaidContent reports, Carrier IQ, as well as HTC and Samsung, both of which have admitted to installing Carrier IQ’s software on their devices, have been sued by plaintiffs in Chicago and St. Louis. The suit is based upon the Federal Wiretap Act, which forbids the interception of “oral, wire or electronic communications.” Violation of this law allows for penalties of up to $100 per day, per violation. The plaintiffs are seeking millions of dollars in damages. HTC, for one, says it is investigating ways to disable the software.
As of this writing, Carrier IQ’s software has been installed on more than 141,3oo,000 devices, according to the company website.
[Image via Tischenko Irina/Shutterstock]
