Is your smartphone secretly keeping tracking of everything you do, from dialing and texting to surfing and searching, and then reporting it all back to the mothership?
That’s what security experts are asking after allegations that Carrier IQ, a company that makes diagnostic software for smartphones and wireless carriers, may have accessed such sensitive user data as keystrokes, location data, text messages, and more.
So, should you be worried? Well, the details about what Carrier IQ does and doesn’t do are still being sorted out, but here’s what we know so far, starting with…
What is Carrier IQ, anyway?
It’s a California firm that provides software to carrier and phone manufactures that—according to the company, anyway—is intended only to “improve the quality of the [carrier’s] network” by “counting and measuring operational information in mobile devices.”
In other works, it’s diagnostic software that sits on a phone and works quietly in the background, checking for things like dropped calls and spotty service and reporting such troubleshooting issues back to the carrier.
Sounds reasonable, so what’s the problem?
An Android developer named Trevor Eckhart claims he stumbled upon the Carrier IQ software running on his HTC smartphone, and he posted an eye-opening video (embedded below) of Carrier IQ supposedly doing a lot more than just logging dropped calls.
Indeed, Eckhart’s video alleges, the Carrier IQ software appears to access information about which keys you press, which web sites your visit, your queries on search engines, your location, and even the complete content of your text messages. If it’s true, well … yikes.
So, is it true?
For its part, Carrier IQ has emphatically denied that it looks at your personal information, and it swears that its software doesn’t “record your keystrokes,” “inspect or report the content of your communications,” or “sell Carrier IQ data to third parties.”
And as TechCrunch notes, just because the Carrier IQ software appears (according to Eckhart’s video, anyway) to be able to access key presses, SMS messages, and other personal info doesn’t mean it’s actually recording or transmitting that data to your carrier—or anyone else, for that matter.
Even so, the question remains why a diagnostic program like Carrier IQ would need such broad access to text messages, location data, keystrokes, and other personal data.
Which carriers are using Carrier IQ’s software?
That’s still an open question. Verizon Wireless has denied it uses Carrier IQ at all, according to The Verge, as have some international carriers. Other carriers, though, have yet to clarify whether they’re Carrier IQ customers. Update: Sprint had admitted to The Verge that it uses Carrier IQ software “to analyze our network performance and identify where we should be improving service,” but adds that “we do not and cannot look at the contents of messages, photos, videos, etc., using this tool.” Another update: AT&T has owned up to being on Carrier IQ’s client list, too.
Which phones have Carrier IQ software running on them?
It appears several makes and models of Android phones use Carrier IQ—although, apparently, not the “Nexus” Android phones made specifically for Google.
Meanwhile, “references” to the Carrier IQ software have also reportedly been detected on the iPhone, although The Unofficial Apple Weblog believes that “its purpose is most likely benign.” Update: In a statement, Apple tells All Things Digital that it “stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update.” Apple adds that it “never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”
Meanwhile, both Nokia and BlackBerry-maker RIM have denied that they allow Carrier IQ to be installed on their handsets.
Lifehacker has instructions on how find and even remove Carrier IQ from your Android phone, although the process sounds way too involved for casual smartphone users—indeed, I don’t plan on trying it.
So, should I be panicking right now?
Concerned, yes. Panicking? No.
If it’s true that Carrier IQ’s software is logging as much personal info as Eckhart claims, the company (and its carrier partners) should certainly come clean, wipe any personal data that has been in any way stored or transmitted, and tell us exactly how it will keep our private data safe moving ahead.
The good news, though, that there’s no evidence (not yet, at least) that any personal data has been sold, shared, or compromised.
And with the spotlight on Carrier IQ, let’s hope the company movies quickly to answer any lingering questions and update its software to allow for more transparency, as well as the option for concerned users to “opt-out” if they choose.
In any case, I’ll be keeping an eye on this story and posting updates as they occur. Got questions? Post ’em below.
Update: Looks like Carrier IQ will now have to answer to Congress, with Sen. Al Franken firing off a list of questions to the company and warning that its software “may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act,” Gizmodo reports.