Here’s the takeaway from the Carrier IQ fiasco: Mobile phone owners have no clue what data-gathering tools are running on their devices, and little ability to control them.
Tiny Carrier IQ’s sudden jump into the national spotlight ignited widespread confusion and anger. The flap began late last month after Android developer Trevor Eckhart released a 17-minute YouTube video indicating that the little-known application was sending everything you do on your phone back to your carrier — including what websites you visit, what your texts say and what keys you press.
Carrier IQ and the carriers amplified the anxiety by staying relatively mum.
They refuted the charge that they logged or tracked keystrokes, but couldn’t immediately explain everything the software — intended to help carriers troubleshoot network problems — was actually doing.
“We’re as surprised as anybody to see all that information flowing,” Andrew Coward, Carrier IQ’s director of marketing, told CNNMoney soon after Eckhart posted his YouTube video.
It turns out that those initial statements were (mostly) right. Carrier IQ sends innocuous data from your phone back to your carrier like when and where you sent a text message, when and where a call dropped, and what apps are draining your battery. That information helps carriers find problems.
Here’s what it doesn’t do: It doesn’t send your keystrokes, the content of your text messages or what websites you visit to your carrier.
Carrier IQ and a security consultant, Dan Rosenberg of Virtual Security Research, determined that HTC had turned on a debug logger that should have been left off by default. As a result, the Carrier IQ app was temporarily storing everything a user did on the phone. The software maker said it is working with HTC to fix the issue.
Carrier IQ is installed on an estimated 150 million mobile devices, but the specific problem Eckhart uncovered appears to be limited to a small handful of devices.
So was all the hullabaloo over nothing? Not really.
“I want to make it clear that just because I do not see any evidence of evil intentions does not mean that what’s happening here is necessarily right,” said Rosenberg.
“Consumers need to be able to opt out of any sort of data collection,” he said. “There needs to be more transparency.”
One option would be to require government or third-party oversight. Even Carrier IQ suggested that some regulation would be welcome.
Each carrier it works with chooses to gather different information from their customers’ phones, and the scope varies widely. But cell phone owners have been largely left in the dark about what carriers are collecting.
“It raises a lot of questions for the industry — and not [only] for Carrier IQ,” said Andrew Coward, Carrier IQ’s director of marketing. “It questions the trusted relationship between a consumer and the operator.”
This is a story that’s becoming familiar. Phone makers and carriers keep tripping over “bugs” that leave customers’ movements and communications more exposed than anyone realized.
Apple didn’t comment for about a week, but finally posted an explanation on the company’s website. The iPhone was not technically recording users’ locations. Rather, it was logging nearby Wi-Fi network locations to assist with GPS tracking.
Still, the company admitted that it grabbed and kept more data than it intended. Apple eventually fixed the issue with a software update.
Smartphones hold a treasure trove of information about their owners, and they’re constantly transmitting some of that data to and from the handset’s manufacturer, the carrier and the companies that design the phones’ software.