A hidden program may be monitoring how you use your phone on behalf of your wireless carrier. And until last month, almost nobody had heard of it.
But then an Android developer named Trevor Eckhart posted two reports and a YouTube clip about the Carrier IQ program he discovered on new HTC phones. Calling it a "rootkit" — a hidden application with complete, or "root" access to a device — he wrote that Carrier IQ monitors not just basic performance parameters like signal strength and battery life but button presses, application use and even keystrokes. He also wrote that Carrier IQ's training videos suggest that ability to spy on individual phones from afar.
The Mountain View, Calif., company first responded by sending Eckhart a cease-and-desist letter, then withdrew it (PDF) after Eckhart turned to the Electronic Frontier Foundation for help. Having ensured extra publicity with that clumsy strategy, Carrier IQ has since been busy trying to defend itself.
A statement updated Monday night makes two points: Its software helps carriers "figure out why problems are occurring, why calls are dropped and how to extend the life of the battery," but does not "record, store or transmit the contents of SMS messages, email, photographs, audio or video." Further, it only provides this anonymized data via an encrypted connection to carriers.
The wireless services that have implanted Carrier IQ on Android and Blackberry phones — a group that excludes Verizon Wireless – agree. (A weakened version of the software exists in Apple's iOS but can be easily turned off.) Representatives of AT&T, Sprint and T-Mobile all wrote that they only use Carrier IQ data for diagnostic purposes. They didn't say why they had hidden the software or if they would offer customers the option to disable or remove it.
What to make of all this?
First, in principle I don't mind carriers collecting anonymized telemetry to fix network and device performance problems. But I'd like to know about this and have the choice to say no.
Second, while Carrier IQ sees a great deal of data, there's less proof of it keeping or transmitting most of it. Security researcher Dan Rosenberg wrote that he had not observed any long-term storage or uploading of keystrokes or Web addresses. In an e-mail, he explained that "all it's doing is listening for certain sequences of keys that correspond to commands used for technical support."
Asked about that, Eckhart e-mailed that he hadn't seen Carrier IQ transmit anything. "What the application is doing with the data after it gets it — who knows."
Rosenberg also said those training videos only demonstrate the ability to push new settings to the application. I watched them and didn't spot evidence of remote spying.
But as Eckhart and Rosenberg have noted, even having this data cached on the phone raises a security risk; malware or a malfunction could expose it.
Third, what were the carriers thinking when they decided to hide Carrier IQ? (Detecting or removing it from an Android phone requires non-trivial hacking.) How would this ever look good when it inevitably surfaced? Carriers should have made this an opt-in program; better yet, with the features in the standard version of Carrier IQ, noted in Eckhart's first blog post, that let users send their own reports.
There's one other thing to remember: Your wireless carrier already knows who you call and text, where you go online and where you take your phone.
Credit: Rob Pegoraro/Discovery