UK United Kingdom

Carrier IQ knows everything you do on your phone … but why?

What if you used your smartphone, knowing you might be sharing certain information, but had no idea what exactly was being shared? Or why you might be sharing it? If you knew someone could be recording…

Ever had the sense someone’s watching over your shoulder? Nick Chill Photography

What if you used your smartphone, knowing you might be sharing certain information, but had no idea what exactly was being shared? Or why you might be sharing it?

If you knew someone could be recording anything you’ve written, said or did; where you went; the applications you used and when; the websites you visit and how you tend to navigate to them?

According to tech bloggers across the web, this is now a reality courtesy of Carrier IQ.

Carrier IQ – a hidden embedded analytics program that developer Trevor Eckhart recently publicised – has been found inside potentially millions of smartphones ranging from Blackberry, to Google’s Android and even – as has been known for some time – Apple’s iOS.

You might think your phone activity is secure because it’s in “airplane mode”, but with Carrier IQ you might want to think again. Everything is potentially able to be logged and transmitted. But to where, exactly and why? No-one knows.

In a statement released today, Andrew Coward of Carrier IQ said the company gathers only very specific diagnostic information, and does not read people’s texts. “We are not storing, analysing or otherwise processing the contents of those messages,” he said.

The company, we are told, uses any information collected to benefit “customers”.

But who are those “customers”? Mobile phone users? Security firms? Data mining and behavioural marketing firms? Or perhaps the carriers themselves? We may never know.

To add to the confusion, volunteer programmers, not the companies that are potentially liable for this privacy incursion, are now showing Android users how to verify and remove Carrier IQ if their phones have the tracking software.

That’s right – we have independent Android developers who not only oversee our privacy but also act as moral customer service and technical support. It’s comforting to know at least a few people care and are taking action.

To my mind, Carrier IQ is one of the fastest-trending technology scandals ever, with privacy and legal implications so massive we can’t even begin to foresee the consequences, which, according to former Justice Department prosecutor Paul Ohm, could involve serious breaches of the US Federal Wiretapping Law.

And there are further complications. How do we explain why hardware manufacturers, such as HTC and Samsung, appear to embed different versions of Carrier IQ, a tracking program meant for mobile “carriers”, deep inside millions of their smartphones?

But it’s not the technical details we should preoccupy ourselves with – it’s the broader ethical ones that concern our relationship with emerging technology.

Our societal definition of privacy is in fast transition. To what, exactly, we can’t say. As with Facebook’s patchy history of “opt-in” sharing and increasingly sketchy privacy “default” settings, companies and service providers now seem impervious to the implications of coercing millions of people into providing sensitive data to third parties without their express consent.

Privacy is too often an afterthought.

Facebook’s privacy breaches were recently settled with the Federal Trade Commission and the company is now on privacy “probation”. But the FTC should not be responsible for protecting people’s privacy.

Mobile phone information is highly personal and sensitive. Call logs, keystrokes, mobile location data and SMS records are about as sensitive as information gets.

Software providers, mobile carriers and hardware manufacturers alike have potentially violated people’s privacy in such a way that it will be a challenge to reconcile and regain their paying – and in many cases loyal – consumers’ trust.

Harvard fellow Danah Boyd defines “privacy” as the ability to control what we share.

It’s crucial to understand privacy in this sense: it’s not about what we share, how we share, or even choosing not to share. It’s about control. Whether providing personal information to others or volunteering our personal data to help with research, privacy is about choosing what we share. It’s about knowing we had a choice.

Establishing practical and ethical boundaries is long overdue. It’s time for governments to take a proactive, rather than reactive, approach when it comes to people’s privacy and information.

Otherwise, as Carrier IQ has demonstrated, corporations and less-than-benevolent interests might take control of it for them.

Read more on Carrier IQ here.

Join the conversation

2 Comments sorted by

  1. Paul Regis

    Business Analyst

    I believe I know. This technology has been around for over 7 years. I first encountered it from another vendor who tried to sell it to me. They wanted me to get it installed on the millions of handsets we sold every year.

    The capability looked simple, though it had far reaching consequences. The software could be installed to order by phone manufacturers in accordance with the network for whom the phone was commissioned. It would either be a complete program or a small loader that would pull in…

    Read more
  2. Daryl Deal


    Reality check!

    Now, if the software was allegedly as benign as Mr Coward claimed it to be, then why did they fail to provide a user EULA on the infected phones? Provide an opt in only format and also a free rootkit removal tool from day one, when the software went live? So many unanswered questions, and so little information. A number of class action law suits, regarding this software, have now been filed in American Courts!

    Thus the total number if rootkit infected mobile smart phones, could well be in excess of one hundred and forty million users and could possibly number the entire world smart phone active user base!

    Who benefits?