Carrier IQ has sprung into our lives several weeks ago, with a video by security researcher Trevor Eckhart who found some hidden apps running on his HTC device. Since then, speculations and panic have risen to the point in which many users believe their every action, including text messages, email and web content is being recorded and transmitted to carriers.
Since panic never helps anyone confront and deal with problems, it’s important for users to know what they’re dealing with. Many words have been written on this subject in the last few weeks, and it’s now, when the storm has slightly abated, that we can sanely look at this thing called Carrier IQ, and understand exactly what it is.
I want to emphasize that I am not a mobile security expert and don’t claim to be one. I am simply a concerned user like you who’s done some extensive research, which I hope you can now benefit from.
What Is Carrier IQ?
It’s been called many things: spy software, keylogger and rootkit from hell are just a few of the scary names we’ve heard. So what is it, what does it do and how scary is it really?
Let’s start from the beginning and try to make it simple. Carrier IQ is actually a company, based in California, that developed a tool which provides carriers with analytics from various devices. You’ve probably heard that this problem only exists in Android phones, and this is partly true. While no company seems eager to admit it’s been using Carrier IQ, Apple claims it is not a part of iOS 5 and up, and according to Microsoft, Carrier IQ is not present in WP7 devices either.
So what does Carrier IQ do? According to professional security consultant Dan Rosenberg, all it does is gather metrics that have to do with coverage, battery life, applications, etc. It does have some access to your phone calls, text messages and the webpages you visit, but this access is limited. The “keylogger” part only logs keys that are pressed on the phone’s dial pad. In text messages, it can gather information about phone numbers, message length, etc., but no message content. In webpages, it can gather the URLs you visit, but not the actual webpage content. You can read the full report here.
Carrier IQ itself has also issued a, in which it admits that the tool might have unintentionally collected data it was not supposed to. However, the company maintains that the data they were intending to collect was gathered for diagnostic purposes, while protecting consumers’ information.
As Rosenberg points out, we can’t expect carriers to improve their service without some information, which they opted to gather from our (their?) devices. The problem is, we did not opt in to this service. Whether these details appear in the original agreement we signed or not, most people did not know this information was being gathered. Carriers would have been wiser to inform users that these metrics are gathered – they could have easily made it look acceptable, even understandable, to the general public.
So Do I Have Carrier IQ On My Phone?
As of now, you can’t get rid of Carrier IQ unless you’re willing to completely format your device and install a different ROM, which will probably void your warranty. There are some apps out there which claim to remove Carrier IQ by killing the process, but since it is deeply integrated, these apps require some privileges which I, personally, would not like to give to any third party app. So what can you do? You can at least try to find out whether you have it or not.
It’s not entirely clear whether Apple is still using carrier IQ or not, but in any case, you can opt out of sending information about your device to Apple. All you have to do is follow these steps:
1. In your device, go to Settings
2. Tap the General tab.
3. Go to the About menu.
4. At the bottom part, find Diagnostics & Usage and tap it.
5. Choose Don’t Send and make sure the checkmark appears next to it.
That’s it. This way, you can make sure you at least opted out where you had the chance.
As with any craze, dozens of Carrier IQ scanners have popped out everywhere. Searching for “carrier iq” in the Android Market reveals almost 50 results, many of which really are relevant. I tried out two different apps, both of which performed well. All you have to do is download the app, install it and launch it. It will do everything else automatically.
Bitdefender Carrier IQ Finder [Android 2.1+]
This app from Bitdefender scans your device and gives you a simple yes or no answer. What you want to do with the answer is entirely up to you.
Lookout’s Carrier IQ Detector [Android 1.5+]
Similarly, Lookout Mobile Security’s app performs a quick scan of your device and comes back with a decisive answer. If you’re using an older version than 2.1, this is the app for you.
The Carrier IQ crisis is not the first of its kind, and it probably won’t be the last. What you should remember is that as long as we’re under contract with a carrier, there are certain elements that will never be completely private. It is also important not to panic and to keep informed, and maybe even to try reading that ominous contract next time you enter one with your carrier.
What do you think of the whole Carrier IQ debacle? Is it really a serious breach of privacy or were people hasty to jump to conclusions? Share in the comments!