A free app to detect Carrier IQ, a controversial piece of software installed on smartphones without their owners' knowledge, was made available at the Android Market Friday.
Voodoo Carrier IQ Detector, while not completely finished and not 100 percent accurate, is still pulling in high ratings—4.8 out of 5 by 254 users. The app was written by computer forensics specialist Francois Simond in about four hours.
Simond created the app in response to alarming allegations by a researcher that a program, Carrier IQ, pre-installed on an estimated 140 to 150 million smartphones worldwide was, without the knowledge of the phones' owners, logging Web browsing and keystroke information.
Simond's app only detects the presence of Carrier IQ. Removing the program is more complicated. The researcher who discovered Carrier IQ's suspicious activity, Trevor Eckhart, has an app, Logging Test App, that will do the job, but it requires "rooting" Android, which can get complicated for the average user. It also requires the purchase of a key for $1 to get the app working.
Eckhart's allegations about Carrier IQ have been rebuffed by the company that makes the software. It maintains that the program doesn't log keystrokes nor does it gather intelligence on a phone's owner.
Meanwhile, two smartphone makers on which Eckert found Carrier IQ installed, HTC and Research In Motion, deny any association with the software and are blaming the carriers as the culprits in the matter. One carrier, Verizon, has stated that Carrier IQ isn't installed on its smartphones.
Google, the custodian of Android, has remained aloof from the situation. Reportedly, Google's Android models made by Samsung, the Nexus line, do not have Carrier IQ on them.
Not even Apple, with its walled ecosystem, has been able to avoid being sucked into the Carrier IQ controversy. Although the app has been installed on iPhones, it was disabled when version 5.0 of the company's mobile operating system, iOS, was introduced, and the software is expected to be completely removed from all iPhones when iOS is next updated.
The outcry over Carrier IQ's mobile-phone tracking software continued Friday, with a U.S. congressman asking the Federal Trade Commission to investigate the company.
Carrier IQ came under fire this week after a researcher published a report showing that its software can be used to collect data about end users, such as their location, the keys they press on their phone and the applications they're running. Carrier IQ says its software delivers data to operators to help improve their services, and denies collecting personal information about users.
On Friday, Congressman Edward Markey, a Democrat from Massachusetts, sent a letter to the FTC asking it to investigate Carrier IQ. "I have serious concerns about the Carrier IQ software and whether it is secretly collecting users' personal information, such as the content of text messages," he said in a statement.
The FTC is charged with protecting people from "unfair or deceptive acts or practices," and as such should look into Carrier IQ, he said. The FTC has not said whether it will act on the request.
Carrier IQ issued a new statement Thursday insisting that it doesn't collect personal information. However, a video posted by the security researcher, Trevor Eckhart, appears to show that the software logs keystrokes.
Many cellphone users are wondering whether their Android and BlackBerry devices are spying on them after security researcher Trevor Eckhart recently claimed that a piece of diagnostic software on the phones was acting like malware. Eckhart said the software, created by company Carrier IQ and installed on devices by phone manufacturers and carriers, was secretly recording user data such as keystrokes and Web browsing history. Carrier IQ's software is on more than 140 million handsets worldwide.
Carrier IQ denies Eckhart's allegations and says its technology is only used for diagnostic purposes to improve handset performance and network quality.
So is Carrier IQ up to no good? Is the company's software collecting more information from your handset than it should? Or is this just a big misunderstanding about what Carrier IQ's software does?
Here's a breakdown of what we know.
What was discovered?
Can Carrier IQ software be removed?
It doesn't appear to be possible to remove this software on an Android phone unless you have a rooted device.
Paul says you can stop Carrier IQ on iOS 5 devices by turning off "Diagnostics and Usage" in the Settings application.
If you use an Android, BlackBerry, or Nokia smartphone then you may be at risk of being illegally wire-tapped by Carrier IQ--a provider of performance monitoring software for smartphones--according to reports.
Earlier this month, security researcher Trevor Eckhart announced that he found software made by Carrier IQ that may be logging your every move on your mobile phone. Trevor referred to it as a "rootkit", a piece of software that hides itself while utilizing privileged access like watching your every move. Carrier IQ didn't take too kindly to this accusation, and responded aggressively with a cease-and-desist letter, and went on to deny this accusation. However, to further back his accusation, Eckhart released a video that he says shows the software in action.
In the video, Eckhart navigates to a list of running applications on his phone, and he found that the application IQRD--made by Carrier IQ--was not shown. However, when he searched all of the applications on the device, Eckhart discovered that IQRD showed up with the option to force stop it; therefore, he determined that the app must have been running. However, when he tried to stop the application, the force stop function did absolutely nothing. Additionally, this application always runs when the device is started, according to his research.
After connecting his HTC device to his computer, Trevor found that IQRD is secretly logging every single button that he taps on the phone--even on the touchscreen number pad. IQRD is also shown to be logging text messages.
In the video, Eckhart shows that Carrier IQ is also logging Web searches. While this doesn't sound all that bad by itself, it suggests that Carrier IQ is logging what happens during an HTTPS connection which is supposed to be encrypted information. Additionally, it can do this over a Wi-Fi connection with no 3G, so even if your phone service is disconnected, IQRD still logs the information.
Mobile device and network diagnostic firm Carrier IQ early Tuesday issued a detailed report about what it is up to with your smartphone data. The company has been under fire ever since Trevor Eckhart discovered CIQ software working behind the scenes on a variety of smartphones. Eckhart originally accused CIQ of installing malware on people's phones and monitoring users' key presses, SMS messages, location data and web browsing history.
Even Google's Executive Chairman Eric Schmidt recently referred to CIQ software as a keylogger. A keylogger is a type of malware that records your key presses in an attempt to discover sensitive information such as passwords.
While CIQ admits that it does collect some of the data detailed by Eckhart, the company says its software is not used for malicious purposes and is not a keylogger. Instead, any data collected by CIQ software is used to improve user experience and cellular network performance. Nevertheless, CIQ said it recently worked with Eckhart to identify some areas of concern with the company's software.
What Is Carrier IQ?
Carrier IQ is a mobile diagnostic company that uses software installed on more than 150 million mobile devices worldwide. CIQ software installed on mobile devices is called the IQ Agent and collects diagnostic information about your device such as battery performance, device stability, network coverage, voice call performance, and connectivity issues. CIQ says that while its software can collect a wide variety of information, it is up to the carriers to determine what kind of data is collected on any given device.
The FBI has denied a request for the release of information regarding its use of Carrier IQ's software, saying that releasing the information could interfere with ongoing law enforcement operations.
The response does not make it clear whether the agency is using Carrier IQ for investigative purposes, or whether the documents it has, are related to an investigation of the controversial software.
The request under the Freedom of Information Act was filed Dec. 1 by Michael Morisy, co-founder of MuckRock , a website that helps people file FOIA requests with the government. Morisy asked the FBI for any manuals, documents or other written material it might have related to the FBI's use of data gathered by Carrier IQ.
In response, David Hardy, the section manager of the FBI's Records Management Group said the FBI has in its possession "responsive documents" pertaining to Carrier IQ. However, Hardy said the FBI would not release the documents as requested because doing so would compromise ongoing investigations.
"The material you requested is located in an investigative file which is exempt from disclosure," Hardy wrote in his response which is posted along with the FOIA request on MuckRock.com. "I have determined that the records responsive to your request are law enforcement records; that there is a pending or prospective law enforcement proceeding relevant to these responsive records."
Google Executive Chairman Eric Schmidt has criticized Carrier IQ, the maker of a controversial app that secretly collects personal info from smartphones, but also says that Google can't do anything to prevent the software from being installed on Android devices by handset makers and wireless carriers.
Calling the software a "keylogger'--a label that Carrier IQ rejects--Schmidt explained that Android is an open operating system and, as such, Google cannot prevent the software from being installed on phones running the OS. Schmidt revealed this in a speech at a Google-sponsored conference on Internet freedom in The Hague Thursday.
"Android is an open platform, which means people can make software for it that's not very good for you," Schmidt said Thursday, according to The Telegraph.
"This [Carrier IQ] appears to be one [such case]," Schmidt added.
The Carrier IQ app was revealed last week, after researcher Trevor Eckhart revealed that he observed the software capturing keystrokes and recording web surfing activity on his phone. The story then snowballed as it was discovered that the app exists on about 150 million phones, including BlackBerrys, HTCs, Samsung devices, and Apple devices.
Apple is one of eight companies that have been named in another class-action lawsuit filed over the use of Carrier IQ software in mobile handsets.
The lawsuit was filed last Friday in U.S. District Court for the District of Delaware and accuses Carrier IQ, three wireless carriers, and four handset makers of violating the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act.
The complaint (download pdf) was filed on behalf of four individuals, who are described in court papers as owners of mobile handsets with Carrier IQ software on them. Those named in the lawsuit besides Apple and Carrier IQ, are AT&T, Sprint, T-Mobile , HTC, Samsung and Motorola. All of these companies have admitted that their handsets include Carrier IQ software.
The carriers have insisted that the software is being used only for network diagnostics purposes while the handset makers have claimed that they integrated Carrier IQ in their devices only because the carriers specifically asked them to.
This is at least the third publicly known lawsuit seeking class-action status that has been filed over the Carrier IQ issue since a major controversy over its software erupted late last month.