Carrier IQ, a US-based company whose mobile analytics software is installed on over 140 million phone handsets, has been accused of tracking every action a mobile phone user makes without their express consent.
In a video posted on YouTube, 25-year old Trevor Eckhart demonstrated how an HTC phone with the software installed recorded every keystroke and keyboard press – more or less any action performed on the phone. He also demonstrated how the program was effectively hidden from the user – it doesn’t appear as a program that’s running on the phone in the normal way, and forcing it to close has no effect. Location data was also recorded and transmitted, with the other data, to the company or mobile phone carrier.
Eckhart claims he has found the software running on Nokia, Android and RIM (BlackBerry) devices, although Nokia has since refuted the claims stating that ‘CarrierIQ does not ship products for any Nokia devices, so these reports are wrong.’ Initial research by a third party suggests an element of the Carrier IQ software is also included in Apple’s iOS, but that by default it doesn’t send any data and the data stored doesn’t include SMS or text entries.
It’s not clear yet whether Carrier IQ is installed on handsets in the UK, though all indications point towards mobile phone carriers (not manufacturers) being responsible for its implementation.
Carrier IQ responds
Carrier IQ issued a statement claiming that it was ‘counting and summarising’ the information, not recording or logging specific keystrokes:
‘While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools. The information gathered by Carrier IQ is done so for the exclusive use of that customer, and Carrier IQ does not sell personal subscriber information to 3rd parties. The information derived from devices is encrypted and secured within our customer’s network or in our audited and customer-approved facilities.’
HTC not responsible
HTC has also responded:
‘Carrier IQ is required on devices by a number of US carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier.It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application.’
Echoes of Apple location tracking
This episode echoes a similar furore surrounding Apple’s use of location data to improve GPS accuracy. In April this year, researchers discovered a file that appeared to show location data recorded on phones that was sent back to Apple. Apple eventually issued a fix, preventing any iOS device from storing location data for more than seven days.