Carrier IQ: poor little victim of carrier’s desires (NOT)

Posted by & filed under Technology.

Sometimes when I read TechCrunch I’m not sure if they’re just trolling or accidentally “omit” certain aspects of story. You have probably seen enough Carrier IQ news everywhere — how it’s capable of recording everything on your Android phone but choses to only “help carriers to improve service”, how Apple turned out to also have Carrier IQ software on older iOS devices, and how they will quickly remove all remains in future update, and how security expert thinks that they are not purposefully tap your SMS chats, and stuff (which I guess is true).

Inevitably, there are now voices, saying how everyone is piling on Carrier IQ, who is poor little victim here and generally is a white and fluffy creature that serves evil overlords of cell phone carriers (see TechCrunch article). That strikes me as quite an odd position. Here are my objections:

– Carrier IQ actively advertises information gathering and “install base” (right on their front page). I don’t see all cell phone carriers suddenly getting an idea of putting essentially a rootkit (“with no visible impact” says their web site) on client’s phone at the same time. I do see Carrier IQ promoting their product and offering it to carriers (even then Verizon claims not to use it at all) and profiting from it. While originally idea might have originated from cell phone carrier (“Could we figure out what’s going on on handset when errors happen?”) the implementation certainly went beyond what the claimed purpose is.

– Stealth stealth and more stealth. When you are trying to help user, you don’t have to hide. Put a big banner and let user turn on your “information gathering” openly, to collect whatever information that is needed. “We’re sorry your battery performance is unsatisfactory, would it be okay if we check what applications are installed and are running on your handset to determine if one of the app is a problem?” There, your problem is solved. Windows has remote help, which is essentially used for the same purposes. Yet instead of “turn it on and we will help you” here we have “this is always on, gathering data, sending it out there for the case you drop a call, trust us” behavior. Very very odd.

– Catch everything, report something. This might be just a “shortcut” from development point of view. But in case of sensitive information nobody in their right mind should agree to that. “Let me track your every movement, check your passwords, bank account pins and observe all your conversations, which I am going to ignore, to figure out what kind of pavement results in your shoes being worn off excessively”. If you don’t want to record the content of the SMS, don’t record it. Don’t touch URLs of where browser is headed unless you actually plan to report it. Ask Google for reporting interface for certain functionality if it’s not there already.

– Don’t allow turning it off or uninstalling. “We will help you, wether you want it or not, and watch your every move”. Again, very unfriendly.

– Conflicting information about personal information. From one side press-releases keep stressing that it’s the aggregate information that gets transferred, from the other side their own marketing material says: “What’s more, the combination of the MSIP and IQ Insight lets you move seamlessly from broad trend data across many users, through comparative groups down to diagnostic data from individual devices.” I’m sorry, which is it then, aggregate or individual? Do try again.

So, anyways, I don’t think it’d be valid to say this little scandal is all carrier’s fault. Because of the sales, because of the offering, and the way that system seems to be constructed. Responsibility could be somewhat shared, but lion’s share lays on Carrier IQ’s shoulders.

Update Per Wired’s article Carrier IQ indeed can record the content of SMS (when delivered to wrong recipient?), URLs etc. On behalf of carriers, of course, because some users could misspell Facebook.com And everything is stored for 10 to 30 days.

2 Responses to “Carrier IQ: poor little victim of carrier’s desires (NOT)”

  1. Brian

    Carrier IQ’s product is as you said sold for profit and it is a complete system longer capable of tracking everything you do on you phone. Your logic of placing most of the blame on the software maker is wrong. You are bllaming the tool maker for the customers use of the tool. Just like a box cutter is a great tool for your local Target crew to open and break down boxes, it was also used by the 911 terroriests to kill flight crews. My point is the tool is just a tool and the way one uses it is what matter

    Carrier IQ did design and sell the software so they are proffiting from the sale of software specifficly designed and marketed as a way to gather the information without the users knowledger. So they do have some moral responsiblity for developing the software in the first place, but the bulk of the wrong doing goes to the wireless companies using it.

    Reply
    • Max Smolev

      I think the most of the blame lays on them. They don’t write a new tool for each carrier, they actively expand and try to market their tool to anyone who may want to snoop on what users doing on their smart phones. While there are perfectly legitimate and logical uses, it went beyond that, going from network status monitor tool to something that watches your every step “just in case”.
      They could have always say “no” to certain types of monitoring (such as URLs, for example, as “facebook being mistyped” is a BS excuse) but preferred to just pocket the cash and expand their surveillance tool. And now this story has too many similarities to Sony’s root kit story.

      Reply

Leave a Reply