Carrier IQ, software loaded onto various cellular phones by some mobile network operators, secretly logs a host of private data and sends it to Carrier IQ in the US, Wired reported earlier this week.
The report is based on a video created by Android developer and security researcher Trevor Eckhart, who previously discovered potential security and privacy vulnerabilities on certain HTC devices.
According to Eckhart, Carrier IQ logs everything from the keys you press when you dial a phone number, to text messages and encrypted web searches. In the video he states that they have seen the software on “BlackBerries, Nokias, and more.”
This video follows Eckhart’s earlier discovery of Carrier IQ, which he called a “rootkit.” This resulted in the Mountain View, California-based software company threatening legal action, but it backed down after the Electronic Frontier Foundation sided with Eckhart.
Carrier IQ responded to Eckhart’s claims with a press statement that said: “we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools.”
Needless to say, Eckhart’s latest findings to the contrary caused quite a ruckus, and smartphone manufacturers have been quick to distance themselves from the software, saying that if it was loaded, it was at the request of the network operator.
According to media reports, Apple, HTC, and Samsung all confirmed using the software at some stage, while Microsoft, Nokia, and BlackBerry maker Research in Motion stated that they don’t ship devices with Carrier IQ installed.
Is Carrier IQ in SA?
What about South Africa’s operators? Do they make use of such data collection software?
A Virgin Mobile spokesperson said that it is the first time he’s heard of Carrier IQ, and that Virgin Mobile SA definitely doesn’t use any such software.
8ta said that they are aware that there are applications available which allow for “the logging of various data points in terms of a mobile customers experience and behaviour.”
However, 8ta said that it uses other sources such as market research and customer feedback to gain insight into their customers’ mobile experience, and does not load any software on the handsets or other devices to track or monitor customer behaviour. “Should 8ta, in the future, look at this type of application to improve customer experience it would be done with the permission of the customer,” 8ta said.
8ta went on to say that it is their understanding that cell phone manufacturers are experimenting with software to track cellular user experience, behaviour patterns and preferences to improve the models they supply to the market.
“Queries regarding specific handsets should be directed to the relevant OEM,” 8ta said.
Last word from Carrier IQ
AllThingsD recently published a report in which CarrierIQ stated that their software processes a lot of data, including keystrokes, but doesn’t send it all back to their servers.
According to the report, Carrier IQ said that they also don’t read SMS messages or look at the content of the web browser window. However, Carrier IQ said that they do see SMSes come in along with the phone numbers attached to them, and they also see website URLs.
While Carrier IQ’s explanation might set some people at ease, there will still be concerns over the amount of data the company is free to collect and send through to network operators.
Update: Samsung confirmed that none of their devices sold in South Africa include Carrier IQ.