The last few weeks have seen tremendous outrage among consumers against a piece of smartphone software known as Carrier IQ. In all fairness, the reports sound like it does some pretty terrifying stuff, logging virtually everything you do on your smartphone, without your permission or even knowledge of its presence. It doesn’t sound like avoiding Carrier IQ is an easy project either. Sprint, T-Mobile, and AT&T have all installed the software on their devices (leaving Verizon as the only nationwide US carrier without it). The news has focused on this as an Android story, but a version of Carrier IQ was on the iPhone until quite recently, and there have been persistent (though so far unconfirmed) rumors of variations for Blackberry and Nokia’s Symbian OS.
In all the hysteria surrounding this event, what many are ignoring is the fact that Carrier IQ doesn’t appear to actually do anything malicious. In fact, Carrier IQ serves an important role as a diagnostic tool. Computers aren’t the most stable technology ever built by man, and smartphones in particular are an extremely new device category. If an app or particular activity causes problems on a specific device, there’s only one way a carrier or manufacturer can reliably know about the problem, and that’s to monitor the devices after they reach consumers’ hands. By logging every touch and keystroke, these service providers can get far better information about the problems consumers face. Certainly, the information will include more details than the average user complaining about non-functioning email or a crashed game.
Probably the silliest concern I’ve heard about the software is that Carrier IQ tracks your calls and text messages. It’s your cellular carrier that’s installing this tool. They send you a bill every month telling you who you called, and they carry every SMS on their network totally unencrypted. That means they don’t need to hide secret software on your device to know that information.
Of greater concern is the keylogging element. By gathering everything you type, Carrier IQ also happens to pick up all of your passwords. We don’t know where all of this information is being sent just yet (though likely most of it never leaves the phone in the first place), but there’s huge potential for abuse here. Even if the carriers and Carrier IQ have no plans to use that information, careless data security can cause enormous damage to consumers. But if all of that data really is sent to a server somewhere, there’s such a colossal amount of it that no malicious actor could ever hope to sift through it for damaging information in any reasonable amount of time. We’re talking about millions of customers and every single thing they’ve ever done on their device.
If you’re still concerned for your security in the face of Carrier IQ, you can manage the risks. Google has confirmed that Carrier IQ is not on any of their Nexus devices, which means customers have an option on all three affected carriers that’s definitely clean. If you already own a device, there are several options available in the Android Market for detecting and even removing Carrier IQ. For those willing to go a bit farther, you can install a custom ROM like CyanogenMod on your device and you are virtually guaranteed a Carrier IQ-free experience.
The level of consumer outrage this incident has caused clearly demonstrates that the carriers need to be more open about how they monitor these devices. This was a PR nightmare that could easily have been avoided. Verizon may not use Carrier IQ, but they announced earlier this year that they would be tracking certain customer information. People weren’t necessarily thrilled by the idea, but the news centered on how to find the opt-out page Verizon made available to its customers, rather than criticizing the idea of tracking. That being said, now that we know Carrier IQ is out there, we need not assume it represents a major problem for consumers. As is so often the case, this is only a scandal because they lied about it.
Comments are closed.