This article appears to be slanted towards recent events. Please try to keep recent events in historical perspective and add more content related to non-recent events. (December 2011)
This article may be unbalanced toward certain viewpoints. Please improve the article by adding information on neglected viewpoints, or discuss the issue on the talk page. (December 2011)
Carrier IQ, Inc.
Company typePrivate
IndustryMobile telecommunications
PredecessorCore Mobility company
Founded2005
FounderKonstantin Othmer[1][2][3]
Headquarters
Mountain View, California
,
United States
Number of locations
London
Malaysia
ProductsEmbedded diagnostic/data collection software
ServicesMobile analytics services
Websitewww.carrieriq.com

Carrier IQ is a privately-owned mobile software company founded in 2005 in Mountain View, California. It provides diagnostic analysis of smartphones to the wireless industry. The company says that its software is deployed in over 150 million devices worldwide.[4][5]

History

The company was founded by Konstantin Othmer and is a spin-off from his Core Mobility company. Through its Mobile Service Intelligence Platform (MSIP) its software "aggregates, analyzes, and delivers data to wireless carriers and device manufacturers. This information proves a valuable resource for these businesses to understand the quality of service their customers experience."[1]

On January 27, 2009, the CEO Mark Quinlivan announced it had received $20 million Series C financing from Intel Capital, and Presidio Ventures, a Sumitomo Corporation Company.[6]

On February 9, 2009, it announced a partnership with Huawei Technologies to develop a "new range of datacards that will provide improved feedback on the mobile broadband user experience."[7]

On June 17, 2009, it had TiE selected as a TiE50 "One of the Hottest Global Emerging Companies."[8]

On June 16, 2010, Bridgescale Partners announced $12 million in Series D financing for the company.[9]

On October 18, 2010, VisionMobile announced Carrier IQ had joined the "100 Million Club" with its software installed on 100 million phones.[10]

On August 31, 2011, Operating Partner at Mohr Davidow Ventures Larry Lenhart was named CEO. The announcement noted that in the second quarter of 2011 Carrier IQ passed the petabyte milestone in processed analytics data.[11]

On October 19, 2011, Carrier IQ and third party vendor Nielsen Company announced a partnership on analyzing data.[12]

On October 27, 2011, IDC named Carrier IQ "Innovative Business Analytics Company Under $100M"[13]

On November 12, 2011, Trevor Eckhart published a report indicating that Carrier IQ software was capable of recording user keystrokes.

Rootkit discovery and media attention

On November 12, 2011, researcher Trevor Eckhart stated in a post on androidsecuritytest.com[14] that Carrier IQ was logging information such as location without notifying users or allowing them to opt-out,[15] and that the information tracked included detailed keystroke logs,[16] potentially violating US federal law.[17] On November 16, 2011, Carrier IQ sent Eckhart a cease and desist letter claiming that he was in copyright infringement by posting Carrier IQ training documents on his website and also making "false allegations."[18][19] Eckhart sought and received the backing of user rights advocacy group Electronic Frontier Foundation (EFF).

On November 23, 2011, Carrier IQ backed down and apologized.[20] In the statement of apology, Carrier IQ denied allegations of keystroke logging and other forms of tracking, and offered to work with the EFF.[21]

On November 28, 2011, Eckhart published a YouTube video that he claims shows Carrier IQ software in the act of logging, as plain text, a variety of keystrokes. Included in the demonstration were clear-text captures of passwords to otherwise secure websites, and activities performed when the cellular network was disabled.[22] The video of the demonstration showed Carrier IQ's software processing keystrokes, browser data, and text messages' contents, but there was no indication that the information processed was recorded or transmitted. Carrier IQ responded with the statement, "The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools."[23][24] A datasheet for a product called Experience Manager on Carrier IQ's public website clearly states carriers can "Capture a vast array of experience data including screen transitions, button presses, service interactions and anomalies".[25]

If the claims by Eckhart are true, the process of sending usage data is in conflict with Carrier IQ's own privacy policy which states: "When Carrier IQ's products are deployed, data gathering is done in a way where the end user is informed or involved."[26]

Many have already been seeking suit against CarrierIQ, including:

Detection/Removal

There are a few advanced methods that can be used to detect Carrier IQ. Logging Test App scanner will detect it in the kernel (use Check Props Feature), as well files used in the regular Loggers scan. This will detect Carrier IQ regardless if you are rooted or not. You can also use this app to bring out hidden menus for known versions of CIQ clients.

The only way to remove Carrier IQ is with advanced skills. If you choose to void your warranty and unlock your bootloader you can (mostly) remove Carrier IQ. Logging Test App can identify files used in logging and you can manually patch or use Pro version to automatically remove.[29]

Updates

On December 12, 2011 Carrier IQ issued an in depth look at its software to educate the public on what it can and can not do. The document is titled "Understanding Carrier IQ Technology".[30] There are credits given to Dan Rosenberg and Trevor Eckhart. The nineteen page document provides a technical breakdown of how the software on your phone works with "profiles" provided by the carrier to give them performance data of their networks and devices running on them. The document appears as it will be updated on a regular basis as more questions are answered over time. On December 1, 2011, Carrier IQ issued a "clarification" to its November 23 statements: "While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen...As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities...Carrier IQ acts as an agent for the operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers – the mobile operators. Carrier IQ does not gather any other data from devices. Carrier IQ is the consumer advocate to the mobile operator, explaining what works and what does not work. Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps operators’ customer service to more quickly identify the specific issue with the phone."[31]

There has been debate whether Carrier IQ software actually sends the collected data in real time or if it is stored on the phone and only gets read out later. The company clearly states that its software is able to provide real time data on their web page: "Carrier IQ’s Mobile Service Intelligence solution eliminates guesswork by automatically providing accurate, real-time data direct from the source – your customers' handsets." (emphasis added).[32]

Distribution

On December 1, 2011, AT&T, Sprint and T-Mobile confirmed it was on their phones. Sprint said, "We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool...The information collected is not sold and we don't provide a direct feed of this data to anyone outside of Sprint." Verizon was the only one of the four biggest U.S. firms to say it was not installed on their phones.[33]

Apple, HTC and Samsung said the software was installed on their phones. Apple said it had quit supporting the application in iOS 5. It said, "With any diagnostic data sent to Apple, customers must actively opt-in to share this information...We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so." It said it would scrub the software from phones in some future release.[34] HTC (whose Android phone was the subject of Eckhart's video) said, it was required on its devices by a "number of U.S. carriers." It added "It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ."[33]

Nokia and Research in Motion said it categorically was not authorized for their phones.[33] However, this does not prevent mobile carriers from installing it after the phone is manufactured.

According to the company's website the software is also installed on NEC mobile devices,[35] and the company has a partnership with Vodafone Portugal.[36]

Although the phone manufacturers and carriers by and large say the software is strictly used to monitor its phone systems and not to be used by third parties, a press release on October 19, 2011 touted a partnership with Nielsen Company. The press release said, "Together, they will deliver critical insights into the consumer experience of mobile phone and tablet users worldwide, which adhere to Nielsen’s measurement science and privacy standards. This alliance will leverage Carrier IQ's technology platform to gather actionable intelligence on the performance of mobile devices and networks."[37]

Government response

On December 1, 2011, Senator Al Franken, chairman of the United States Senate Judiciary Subcommittee on Privacy, Technology and the Law sent a letter to Lenhart asking for answers to 11 questions and asking whether the company was in violation of the Electronic Communications Privacy Act, including the federal wiretap statute (18 U.S.C. § 2511 et seq.), the pen register statute (18 USC § 3121 et seq.), and the Stored Communications Act (18 U.S.C. § 2701 et seq.) and the Computer Fraud and Abuse Act (18 U.S.C. § 1030).[38]

A request to the FBI under the Freedom of Information Act for “any manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ” was denied, citing pending law enforcement proceeding. This has led to speculation that the FBI is using data obtained through Carrier IQ for investigations.[39]

Security responses

Fortinet has deemed Carrier IQ as a security risk/rootkit.[40] using definition Riskware/CarrierIQ!Android[41]

Board of directors

Its board of directors in November 2011 are:[42]

See also

References

  1. ^ a b Carrier IQ, Inc., PrivCo.com
  2. ^ Konstantin Othmer, Our Team, Seraph Group
  3. ^ US 6167358, Othmer, Konstantin & Derossi, Chris, "System and method for remotely monitoring a plurality of computer-based systems", published December 26, 2000 
  4. ^ Carrier IQ Named as an Innovative Business Analytics Company Under $100M to Watch, Mountain View, CA, October 27, 2011
  5. ^ Carrier IQ apologizes, drops threat to security researcher, by Stephen Shankland, 2011/11/25, CNET News.com
  6. ^ http://www.carrieriq.com/company/PR.CIQ-SeriesC.2009-01-27.pdf
  7. ^ "Carrier IQ bucks funding climate" (PDF). Retrieved 2011-12-06.
  8. ^ http://www.carrieriq.com/company/PR.TieConRelease2009.090617.pdf
  9. ^ "Bridgescale Partners Series D Funding" (PDF). Retrieved 2011-12-06.
  10. ^ http://www.carrieriq.com/company/PR.100M_VisionMobile_FINAL_10_18_10.pdf
  11. ^ http://www.carrieriq.com/company/PR.LarryLenhartCEO.pdf
  12. ^ http://www.carrieriq.com/company/PR.Nielsen_CIQ_News_Release_Oct_19_2011.pdf
  13. ^ http://www.carrieriq.com/company/PR.IDC_Names_Innovative_Companies_FINAL_10_27_11.led.pdf
  14. ^ "Home to Logging Test App". Android Security Test. Retrieved 2011-12-06.
  15. ^ How much of your phone is yours?, By: Russell Holly, 2011/11/15, Geek.com
  16. ^ Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything, By David Kravets, 2011/11/29, Wired.
  17. ^ Andy Greenberg (2011/11/30). "Phone 'Rootkit' Maker Carrier IQ May Have Violated Wiretap Law In Millions Of Cases". Forbes. Retrieved 2011-12-02. ((cite news)): Check date values in: |date= (help)
  18. ^ https://www.eff.org/sites/default/files/eckhart_cease_desist_demand_redacted.pdf
  19. ^ Carrier IQ Tries to Censor Research With Baseless Legal Threat, By Marcia Hofmann, 2011/11/21, EFF.org
  20. ^ Carrier IQ Drops Empty Legal Threat, Apologizes to Security Researcher, By Marcia Hofmann, 2011/11/23, EFF.org
  21. ^ Carrier IQ Press Statement, November 23, 2011, (Carrier IQ official response to incident)
  22. ^ BUSTED! Secret app on millions of phones logs key taps, By Dan Goodin, 30th November 2011 - The Register.
  23. ^ Carrier IQ ‘Wiretap’ Debacle: Much Ado About Something?,By Matt Peckham, December 1, 2011, (questions about transmission), Techland - TIME.com
  24. ^ "'Secret' app installed on millions of Android phones reads your messages | Mail Online". London: Dailymail.co.uk. 2nd December 2011. Retrieved 2011-12-02. ((cite news)): Check date values in: |date= (help)
  25. ^ IQ Insight Experience Manager, Product Overview (PDF:2009), Carrier IQ.
  26. ^ "Company :: Privacy and Security". Carrier IQ. Retrieved 2011-12-06.
  27. ^ [1]
  28. ^ "Class action suit against Carrier IQ". Retrieved 6 December 2011.
  29. ^ http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/
  30. ^ http://www.carrieriq.com/company/PR.20111212.pdf
  31. ^ http://www.carrieriq.com/company/PR.CIQ_Press_Statement_DEC_1_11.pdf
  32. ^ "Overview". Carrier IQ. Retrieved 2011-12-06.
  33. ^ a b c Jaikumar Vijayan (December 1, 2011). "AT&T, Sprint confirm use of Carrier IQ software on handsets". Computerworld.com. Retrieved 2011-12-02.
  34. ^ "How to turn off Carrier IQ on your iPhone - iPad/iPhone - Macworld UK". Macworld.co.uk. 2011-12-02. Retrieved 2011-12-02.
  35. ^ NEC and Carrier IQ Announce Global Partner, February 17, 2009, Carrier IQ.
  36. ^ News Release: Vodafone Portugal Pioneers Innovative Mobile Broadband Experience Management Architecture Using Carrier IQ Technology, July 31, 2009, Carrier IQ.
  37. ^ Nielsen and Carrier IQ Form Global Alliance to Measure Mobile Service Quality,October 19, 2011, Carrier IQ.
  38. ^ "Sen. Franken Demands Answers from Company Accused of Secretly Logging Location and Private Information | Al Franken | Senator for Minnesota". Franken.senate.gov. 2011-12-01. Retrieved 2011-12-06.
  39. ^ Loftus, Tom (December 13, 2011). "Carrier IQ Fights Speculation Around FBI Link". The Wall Street Journal.
  40. ^ "Carrier IQ On Android".
  41. ^ "Riskware/CarrierIQ!Android".
  42. ^ "Board of Directors". Carrier IQ. Retrieved 2011-12-02.
Rootkit wiretapping controversy
Categories