Company type | Private |
---|---|
Industry | Mobile telecommunications |
Predecessor | Core Mobility company |
Founded | 2005 |
Founder | Konstantin Othmer[1][2][3] |
Headquarters | , United States |
Number of locations | London Malaysia |
Products | Embedded diagnostic/data collection software |
Services | Mobile analytics services |
Website | www |
Carrier IQ is a privately-owned mobile software company founded in 2005 in Mountain View, California. It provides diagnostic analysis of smartphones to the wireless industry. The company says that its software is deployed in over 150 million devices worldwide.[4][5]
The company was founded by Konstantin Othmer and is a spin-off from his Core Mobility company. Through its Mobile Service Intelligence Platform (MSIP) its software "aggregates, analyzes, and delivers data to wireless carriers and device manufacturers. This information proves a valuable resource for these businesses to understand the quality of service their customers experience."[1]
On January 27, 2009, the CEO Mark Quinlivan announced it had received $20 million Series C financing from Intel Capital, and Presidio Ventures, a Sumitomo Corporation Company.[6]
On February 9, 2009, it announced a partnership with Huawei Technologies to develop a "new range of datacards that will provide improved feedback on the mobile broadband user experience."[7]
On June 17, 2009, it had TiE selected as a TiE50 "One of the Hottest Global Emerging Companies."[8]
On June 16, 2010, Bridgescale Partners announced $12 million in Series D financing for the company.[9]
On October 18, 2010, VisionMobile announced Carrier IQ had joined the "100 Million Club" with its software installed on 100 million phones.[10]
On August 31, 2011, Operating Partner at Mohr Davidow Ventures Larry Lenhart was named CEO. The announcement noted that in the second quarter of 2011 Carrier IQ passed the petabyte milestone in processed analytics data.[11]
On October 19, 2011, Carrier IQ and third party vendor Nielsen Company announced a partnership on analyzing data.[12]
On October 27, 2011, IDC named Carrier IQ "Innovative Business Analytics Company Under $100M"[13]
On November 12, 2011, Trevor Eckhart published a report indicating that Carrier IQ software was capable of recording user keystrokes.
On November 12, 2011, researcher Trevor Eckhart stated in a post on androidsecuritytest.com[14] that Carrier IQ was logging information such as location without notifying users or allowing them to opt-out,[15] and that the information tracked included detailed keystroke logs,[16] potentially violating US federal law.[17] On November 16, 2011, Carrier IQ sent Eckhart a cease and desist letter claiming that he was in copyright infringement by posting Carrier IQ training documents on his website and also making "false allegations."[18][19] Eckhart sought and received the backing of user rights advocacy group Electronic Frontier Foundation (EFF).
On November 23, 2011, Carrier IQ backed down and apologized.[20] In the statement of apology, Carrier IQ denied allegations of keystroke logging and other forms of tracking, and offered to work with the EFF.[21]
On November 28, 2011, Eckhart published a YouTube video that he claims shows Carrier IQ software in the act of logging, as plain text, a variety of keystrokes. Included in the demonstration were clear-text captures of passwords to otherwise secure websites, and activities performed when the cellular network was disabled.[22] The video of the demonstration showed Carrier IQ's software processing keystrokes, browser data, and text messages' contents, but there was no indication that the information processed was recorded or transmitted. Carrier IQ responded with the statement, "The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools."[23][24] A datasheet for a product called Experience Manager on Carrier IQ's public website clearly states carriers can "Capture a vast array of experience data including screen transitions, button presses, service interactions and anomalies".[25]
If the claims by Eckhart are true, the process of sending usage data is in conflict with Carrier IQ's own privacy policy which states: "When Carrier IQ's products are deployed, data gathering is done in a way where the end user is informed or involved."[26]
Many have already been seeking suit against CarrierIQ, including:
There are a few advanced methods that can be used to detect Carrier IQ. Logging Test App scanner will detect it in the kernel (use Check Props Feature), as well files used in the regular Loggers scan. This will detect Carrier IQ regardless if you are rooted or not. You can also use this app to bring out hidden menus for known versions of CIQ clients.
The only way to remove Carrier IQ is with advanced skills. If you choose to void your warranty and unlock your bootloader you can (mostly) remove Carrier IQ. Logging Test App can identify files used in logging and you can manually patch or use Pro version to automatically remove.[29]
On December 12, 2011 Carrier IQ issued an in depth look at its software to educate the public on what it can and can not do. The document is titled "Understanding Carrier IQ Technology".[30] There are credits given to Dan Rosenberg and Trevor Eckhart. The nineteen page document provides a technical breakdown of how the software on your phone works with "profiles" provided by the carrier to give them performance data of their networks and devices running on them. The document appears as it will be updated on a regular basis as more questions are answered over time. On December 1, 2011, Carrier IQ issued a "clarification" to its November 23 statements: "While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen...As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities...Carrier IQ acts as an agent for the operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers – the mobile operators. Carrier IQ does not gather any other data from devices. Carrier IQ is the consumer advocate to the mobile operator, explaining what works and what does not work. Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps operators’ customer service to more quickly identify the specific issue with the phone."[31]
There has been debate whether Carrier IQ software actually sends the collected data in real time or if it is stored on the phone and only gets read out later. The company clearly states that its software is able to provide real time data on their web page: "Carrier IQ’s Mobile Service Intelligence solution eliminates guesswork by automatically providing accurate, real-time data direct from the source – your customers' handsets." (emphasis added).[32]
On December 1, 2011, AT&T, Sprint and T-Mobile confirmed it was on their phones. Sprint said, "We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool...The information collected is not sold and we don't provide a direct feed of this data to anyone outside of Sprint." Verizon was the only one of the four biggest U.S. firms to say it was not installed on their phones.[33]
Apple, HTC and Samsung said the software was installed on their phones. Apple said it had quit supporting the application in iOS 5. It said, "With any diagnostic data sent to Apple, customers must actively opt-in to share this information...We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so." It said it would scrub the software from phones in some future release.[34] HTC (whose Android phone was the subject of Eckhart's video) said, it was required on its devices by a "number of U.S. carriers." It added "It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ."[33]
Nokia and Research in Motion said it categorically was not authorized for their phones.[33] However, this does not prevent mobile carriers from installing it after the phone is manufactured.
According to the company's website the software is also installed on NEC mobile devices,[35] and the company has a partnership with Vodafone Portugal.[36]
Although the phone manufacturers and carriers by and large say the software is strictly used to monitor its phone systems and not to be used by third parties, a press release on October 19, 2011 touted a partnership with Nielsen Company. The press release said, "Together, they will deliver critical insights into the consumer experience of mobile phone and tablet users worldwide, which adhere to Nielsen’s measurement science and privacy standards. This alliance will leverage Carrier IQ's technology platform to gather actionable intelligence on the performance of mobile devices and networks."[37]
On December 1, 2011, Senator Al Franken, chairman of the United States Senate Judiciary Subcommittee on Privacy, Technology and the Law sent a letter to Lenhart asking for answers to 11 questions and asking whether the company was in violation of the Electronic Communications Privacy Act, including the federal wiretap statute (18 U.S.C. § 2511 et seq.), the pen register statute (18 USC § 3121 et seq.), and the Stored Communications Act (18 U.S.C. § 2701 et seq.) and the Computer Fraud and Abuse Act (18 U.S.C. § 1030).[38]
A request to the FBI under the Freedom of Information Act for “any manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ” was denied, citing pending law enforcement proceeding. This has led to speculation that the FBI is using data obtained through Carrier IQ for investigations.[39]
Fortinet has deemed Carrier IQ as a security risk/rootkit.[40] using definition Riskware/CarrierIQ!Android[41]
Its board of directors in November 2011 are:[42]
((cite news))
: Check date values in: |date=
(help)
((cite news))
: Check date values in: |date=
(help)