There has been a lot of hype in the media this last week over the Carrier iQ program that has been detected on Android smart phones. For those of you who are looking to catch up, or maybe get some answers, here is an overview of what Carrier iQ is about and what you should be aware of.
What is Carrier iQ?
Earlier this month the XDA Developers blogged about a rootkit application called Carrier iQ in this post: http://www.xda-developers.com/android/what-people-arent-saying-about-carrier-iq-xda-tv/. This software is installed as a rootkit in the RAM of the device and runs silently in the background. You would never know it was there. Since it is given root access to your device it can access everything it wants, such as call information, texts or emails sent and pictures taken. All of this information is freely available to the developers that can read the logs. Note that Carrier iQ says only limited information is available and that full text of messages or keystrokes are not recorded, however outside developers have found differently.
Where Does Carrier iQ Come From?
Carrier iQ maintains that this software is pre-installed at the request of the mobile carrier and doesn’t just target Android phones. There are other devices such as Blackberry, Apple and Nokia phones that have been found to have the Carrier iQ software as well.
Why Do Carriers Install It?
Carrier iQ can be a very helpful tool for administrators to help troubleshoot and improve performance on the device and network for mobile carriers and handset makers. It can be used to provide feedback in the event of a problem on the device. It allows the creation and management of several logs regarding the modem, network, agents and metrics. This information is either pushed to a portal or is accessed via a direct connection cable, where administrators can read these logs and use it to fix problems on the device.
What is the Problem?
The basic problem that most people have with Carrier iQ is that customers were not informed of its existence and capabilities nor were they given the chance to opt out of this kind of service. Computers have been logging information about usage, metrics and statistics for years but the user has always been made aware of this. The difference in this situation is the secrecy and abuse of trust by the carriers to their consumers.
The potential for abuse is staggering when you consider how many people use their phone for sensitive things such as banking, email and internal business communication. No one appreciates their keys being logged or usage being monitored without their consent. There is no way to stop carriers from using this software unless you have rooted the device, which ultimately breaks the warranty.
The legality of the issue is also a problem and has many facets. Verizon allows you to opt out of this monitoring but only if you ask for the right form. They don’t provide this information up front. Sprint denies the software exists. The question of legality from a data sensitivity standpoint is worrying since companies that are collecting all of this data about you could potentially sell it. This is a matter of rights to privacy of the consumers.
How Can I Protect Myself?
There are different detection methods available if you want to find out if your device is running Carrier iQ, the easiest is to get one of the Android apps that can detect the ROM binaries on your device and tell you if the software is present and if it is running. However, once you detect it, it cannot be disabled or uninstalled without rooting the device, so you will have to make a choice on if you want to void your warranty or think about getting a non-Carrier iQ device.
The Bottom Line
Ultimately, the mobile device carriers are not going to come out of this lightly. Lawsuits have been filed against Carrier iQ that alleges they are “involved in installing spyware on mobile phones and using that hidden software to siphon off private consumer data without consumer consent”. HTC and Samsung are also being hit with lawsuits involving wiretapping and unfair business practices. Representative Edward Markey (D-Massachusetts) has asked the Federal Trade Commission to investigate the situation since it raises so many privacy concerns. Strangely enough, these suits do not name the mobile carriers themselves despite the fact that Carrier iQ says the software is installed at their request and that carriers have the say in what data is collected and when. Hopefully these corporation will begin to learn that our privacy is not for sale and that we do not take these kinds of infractions lightly. Only by standing up to these corporations will we be able to make our voices heard.
Help us spread the word!
If you liked this article, consider enrolling in one of these related courses:
|May 16-17||Advanced Android|
|May 22-24||Java for Android|
|May 23-26||Android Bootcamp|
|- Classroom - Online|