Yesterday a small firestorm started building around Carrier IQ, a smartphone monitoring company with software of the same name that monitors smartphone activity, which according to the company is only used for diagnostic purposes. The software appears on most Android phones.
The problem with Carrier IQ is that it was demonstrated by developer Trever Eckhart that, the company’s protestations notwithstanding, the software logs any key presses you make for input into the device, including SMS messages and phone numbers, and can send that info back to the mothership. The company swears up and down this is for diagnostic purposes only, but obviously the security and privacy geeks are up in arms about this.
Now it appears there are some traces of Carrier IQ in Apple’s iOS as well, but there seems to be at least two important differences. If you opt out of sending diagnostic info in settings (Settings/General/About/Diagnostics and Usage) it won’t send any info back to Carrier IQ. There’s also no key logging apparently. I say apparently as this is still being investigated at least by one fellow with a Twitter handle of chpwn.
What’s the big deal about Carrier IQ? I can’t say with any accuracy, but some are saying that the software, as designed, could violate wiretapping laws. As the story keeps unfolding, it appears that Carrier IQ is something added by the phone manufacturers or the carriers.
(Note: in yesterday’s post I mentioned that it appeared on Nokia and Blackberry phones as well. A Nokia rep emailed me to say Nokia does not use Carrier IQ on any of its phones. Verizon is also protesting that it doesn’t use Carrier IQ on its phones.)
I’m sure we’ll be hearing more about this in the next few days.
Via The Verge