Carrier IQ Admits Holding ‘Treasure Trove’ of Consumer Data, But No Keystrokes | Threat Level. MOUNTAIN VIEW, California — An embattled phone-monitoring software maker said Friday that its wares, secretly installed on some 150 million phones, have the capacity to log web usage, and to chronicle where and when and to what numbers calls and text messages were sent and received.
The Carrier IQ executives, speaking at their nondescript headquarters in a residential neighborhood in the heart of Silicon Valley, told Wired that the data they vacuum to their servers from handsets is vast — as the software also monitors app deployment, battery life, phone CPU output and data and cell-site connectivity, among other things. But, they said, they are not logging every keystroke as a prominent critic suggested. The data, which gets downloaded from consumers’ phones roughly once a day, is encrypted during transit and also provided to carriers to enhance the “user experience,” these executives said. “We’re seeing URLS and we can capture that information,” Coward said during the two-hour interview. Interview: Carrier IQ Gets Transparent About Its Mobile Monitoring - John Paczkowski - Mobile. Some Facts About Carrier IQ. There has been a rolling scandal about the Carrier IQ software installed by cell phone companies on 150 million phones, mostly within the United States.
Subjects of outright disagreement have included the nature of the program, what information it actually collects, and under what circumstances. This post will attempt to explain Carrier IQ's architecture, and why apparently conflicting statements about it are in some instances simultaneously correct. The information in this post has been synthesised from sources including Trevor Eckhart, Ashkan Soltani, Dan Rosenberg, and Carrier IQ itself. First, when people talk about "Carrier IQ," they can be referring to several different things. For clarity, I will give them each a number. You can think of senses 2, 3 and 4 as being "layers" of code that are wrapped around each other. Carrier IQ: Researcher Trevor Eckhart Outs Creepy, Hidden App Installed On Smartphones. A security researcher has posted a video detailing hidden software installed on smart phones that logs numerous details about users' activities. In a 17-minute video posted Monday on YouTube, Trevor Eckhart shows how the software – known as Carrier IQ – logs every text message, Google search and phone number typed on a wide variety of smart phones - including HTC, Blackberry, Nokia* and others - and reports them to the mobile phone carrier.
The application, which is labeled on Eckhart’s HTC smartphone as "HTC IQ Agent," also logs the URL of websites searched on the phone, even if the user intends to encrypt that data using a URL that begins with "HTTPS," Eckhart said. The software always runs when Android operating system is running and users are unable to stop it, Eckhart said in the video. "Why is this not opt-in and why is it so hard to fully remove? " Eckhart wrote at the end of the video. Eckhart's video is the latest in a series of attacks between him and the company. Loading Slideshow. Carrier IQ: The Real Story. Since the beginning of the media frenzy over CarrierIQ, I have repeatedly stated that based on my knowledge of the software, claims that keystrokes, SMS bodies, email bodies, and other data of this nature are being collected are erroneous.
I have also stated that to satisfy users, it’s important that there be increased visibility into what data is actually being collected on these devices. This post represents my findings on how CarrierIQ works, and what data it is capable of collecting. There has been a lot of misinformation about which parties are responsible for which aspects of data collection. At a high level, CarrierIQ is a piece of software installed on phones that accepts pieces of information known as metrics.
On receiving a submitted metric, CIQ evaluates whether that metric is “interesting” based on the current profile installed on the device. To get a complete picture of this, suppose a carrier decides it wants to know about dropped calls. 1. 1.