"If nothing else, I feel that smartphone owners are entitled to have a clear explanation of what Carrier IQ is capable of doing, and have the option to disable all data collection."
This should be addressed to operators, not to Carrier IQ.
Unless you’ve been living in a cave on Mars for the past week then you will have undoubtedly heard of Carrier IQ - a rootkit-like software that’s embedded in over 140 million smartphones.
What is Carrier IQ? Well, depending on who you listen to, you get a different story. According to 25-year-old Trevor Eckhart, this software has low-level access to the handset and is capable of intercepting key presses, call data, SMS communications and even web activity. However, according to Carrier IQ, the software is a tool used by the carriers to gather data to improve the network.
So what is Carrier IQ designed to do? Well, we don’t have any answers to that question at present, but we can get an idea of what Carrier IQ might be used for by taking a look at the patent relating to the technology.
The patent in question is 7,551,922 - Rule based data collection and management in a wireless communications network. There are two sections that are of particular interest.
Page 18, column 12, line 41:
Additionally, because data collection and management system … allows multiple data collection profiles and data analysis activities to be performed simultaneously, a particular device may be targeted to execute multiple data collection profiles. Therefore, target device database … tracks the data collection activity occurring on the devices and maintains detailed information about the specific data collection profiles that are active on the devices. In doing so it can detect and resolve any contention or prioritization issues by adjusting the population of target devices selected.
Here, the patent seems to be describing a mechanism that allows a specific devices to be targeted with collection profiles that can be changed on the fly at any time.
Page 19, column 13, line 12:
The queries may be structured in such a way that performance information is gathered about the effect of a simple activity, such as a button press by the user, or information may be gathered about more complex transactions that involve multiple network layers, such as the physical layer, network layer, transport layer and application layer. In particular, the target wireless devices have software stacks that communicate with various network layers of the communications network.
Here the patent is describing the keylogging and data collection capability of the technology.
While the patent doesn’t tell us what Carrier IQ is actually doing on user’s handsets, it does give us an insight into what it might be capable of doing. If nothing else, I feel that smartphone owners are entitled to have a clear explanation of what Carrier IQ is capable of doing, and have the option to disable all data collection.
Many thanks to tipster Micah for sending this one in!
Related:
- So, there’s a rootkit hidden in millions of cellphones
- Android bloatware results in serious security flaws
- Check your Android handset for Carrier IQ rootkit
- How to disable the Carrier IQ ‘rootkit’ on your iPhone
- CarrierIQ: Follow the money and it is the carriers behind it
- Finding and cleaning out your smartphone’s Carrier IQ poison
- Which phones, networks run Carrier IQ mobile tracking software?
