Editor’s Note: The following article is reprinted from the Today @ PC World blog at PCWorld.com.
-
ATT, Sprint confirm use of Carrier IQ tracking software on mobile phones
-
Apple ended Carrier IQ support with iOS 5
-
iPhone 4S review: It’s a sure thing
-
US P-to-P companies will disappear, exec says
-
iPhone 4S: What you need to know
-
Review: The Verizon iPhone 4
Carrier IQ, the mobile diagnostic company recently accused of installing rootkits on more than 140 million devices worldwide, says it’s using its software for good, not evil. But some critics suggest CIQ’s software may violate federal wiretap laws, a charge CIQ vehemently denies.
Meanwhile, the mobile industry, including device makers and carriers, are trying to put as much distance as possible between their products and Carrier IQ.
Congress is also getting on in the action with Senator Al Franken (D-Minnesota) demanding that CIQ explain its business practices within the next 12 days.
How we got here
In mid-November, security researcher Trevor Eckhart published a report accusing CIQ of installing malware on more than 140 million devices worldwide. Eckhart later published a video on YouTube showing CIQ’s software secretly running in the background and monitoring a variety of handset activity on an HTC device including key presses, browsing history, SMS logs, and location data.
Carrier IQ said its software is merely a diagnostic tool to improve service quality.
Carrier IQ: We obey the carriers
Carrier IQ released a statement late Thursday to clarify what the company does. “We measure and summarize performance of the [your] device to assist Operators in delivering better service,” the company says. CIQ says its software does not record, store, or transmit the contents of SMS messages, email, photos, audio, or video recordings.
Nevertheless, the company’s software can see a lot of activity on your phone, including whether an SMS was sent, phone call activity, location data, and browsing history. But CIQ says its software is tailored to capture only what the carrier asks it to.
Carrier IQ’s statement leaves a lot of unanswered questions, such as why Eckhart’s video shows the company’s software tracking key presses on an HTC phone. CIQ has not responded to PC World’s request for comment. But the company did admit to All Things D that its software monitors keystrokes, but does not record them.
Instead, the software is waiting for a specific set of key presses that would tell it to send a diagnostic report. This could happen, for example, if you had a problem with your phone and a technician asked you to press a series of buttons on your number pad. Then the technician could look at a diagnostic report coming from your device.
Carrier IQ also told All Things D that its software can monitor which URLs you visit on your device’s Web browser, but not the content of those webpages. This could help carriers monitor whether the device is having a problem connecting to a specific site.
The bottom line appears to be that yes, Carrier IQ can monitor a lot of activity on your phone, but the company only captures what the carrier asks it to. Furthermore, this is all in the name of optimizing your quality of service. It’s monitoring, but benevolent monitoring.
What CIQ’s argument fails to recognize is that people don’t take kindly to having their activity monitored, especially with a piece of software that runs secretly in the background and is difficult to stop from running.
Nope, Not Us
While Carrier IQ is trying to explain itself, numerous companies are trying to distance themselves from Carrier IQ.
ATT, Sprint, and T-Mobile say they use CIQ software only to improve their wireless networks. Verizon denies that it uses CIQ software at all.
Apple has released a statement saying it stopped supporting Carrier IQ with iOS 5 in most of its products, and a future software update will remove Carrier IQ software completely from devices that still have the software.
HTC says it puts CIQ software on its devices only because U.S. carriers require it, according to Business Insider. HTC also says it does not partner with CIQ, but is investigating a way to allow users to opt-out of CIQ data collection. Eckhart’s video showed that it was impossible to disable CIQ software on an HTC device without hacking your handset.
Nokia denies that CIQ software is on its handsets. “Carrier IQ does not ship products for any Nokia devices,” the company says. BlackBerry maker Research In Motion issued the following statement: “RIM does not preinstall the Carrier IQ app on BlackBerry smartphones or authorize its carrier partners to install the Carrier IQ app before sales or distribution. RIM also did not develop or commission the development of the Carrier IQ application, and has no involvement in the testing, promotion, or distribution of the app.”
Meanwhile, Senator Franken’s office on Thursday sent a letter to Carrier IQ demanding to know what information the software records, what is transmitted to CIQ or other companies, what kind of information is shared with third parties, and whether users can opt out of CIQ software tracking. Sen. Franken has asked CIQ to respond by Wednesday, December 14.
Connect with Ian Paul (@ianpaul) and Today@PCWorld on Twitter for the latest tech news and analysis.
Article source: http://www.macworld.com/article/163993/2011/12/carrier_iq_mobile_providers_grilled_over_spyware_charges.html
View full post on National Cyber Security » Spyware/ Cyber Snooping
