Thursday, 01 December 2011 20:42

Senator Al Franken says CarrierIQ "has a lot of questions to answer"

Written by

Reading time is around minutes.

84With everything going on in the world and the noise about SOPA the last thing we need is another scandal. Unfortunately that is exactly what we have with CarrierIQ, a tracking and metrics software that is reported installed on a majority of smartphones in the US. The news came to light after a software researcher named Trevor Eckhart stumbled across this on his HTC phone. Eckhart has even gone so far as to show that this software is capable of capturing key strokes (stored as key press events many with unique Key IDs), location data, and a great deal of other information from you as you use your phone.

This news has blown up and is now being reported around the net with headlines like “Keylogger Software on Android Phones” etc.  News sites have contacted carries and phone manufacturers alike to find out what is going on. Both sides appear to be pointing at the other. HTC has stated “Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier,”. RIM, the makers of Blackberry phones, had something different to say ““RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution.”

From the Carrier side Verizon says that they do no use CarrierIQ at all, but some sources claim that they use similar software. AT&T and Sprint both say that they do use CarrierIQ, but only to gather network performance and metric data. “In line with our privacy policy, we solely use CIQ software data to improve wireless network and service performance.” was the comment from AT&T.

To further muddle the issue we now have another security researcher Dan Rosenberg, who says CarrierIQ contains nothing that records key stroke “for data collection purposes” and that there is no evidence that CarrierIQ collects more than diagnostic data.

Now the question is; who is telling the truth? This could be another issue of someone finding something and overreacting to what they saw or perceived it to be doing. The Video on Eckhart’s Blog clearly shows key press events, location information and other data being written to system logs. However, what is not shown is that same data being sent to anywhere outside of the phone. It is troubling that it is being collected at all though. Troubling enough that Senator Al Franken (Democrat, Minnesotta) wants CarrierIQ to answer some questions to find out if the software violates US privacy laws… and possibly to see if the software constitutes an unauthorized wiretap. Senator Franken said in a statement “The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling”

We checked our EVO3D (with a rooted OTA ROM) and could not find HTCIQAgent or IQRD on it at all. We are not sure if this means the phone never had it or if it means that the geniuses that rooted the ROM I am using already pulled it out. Either way I was relieved to see that it was not present on my phone.  We have some questions out to a few of the carriers, phone makers and of course CarrierIQ to try and get more information. However as of right now we have not heard back from any of them. We also plan on sending a request to Senator Franken to ask him to make the question and answer session with CarrierIQ available to the Public. After all it is our personal information that is potentially being collected.

Thanks to Stranger24 for sending this in

Source NPR
Discuss in our Forum

Read 2153 times Last modified on Thursday, 01 December 2011 20:54

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.