Carrier IQ backs off, apologizes to Android security whistleblower

November 23, 2011
2

That was fast. Just one day after threatening an XDA-Developers member with legal action over exposing embarrassing privacy violations in their network management software, Carrier IQ has retracted its demands and issued a public apology. The retraction came after the EFF came to TrevE's legal aid and blogs and news sites around the Internet slammed the company's actions. Recognizing a public relations nightmare when they saw one, the company said it was "deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart." The press release went on to say that Carrier IQ's software doesn't record keystrokes, location or usage information, in direct opposition to TrevE's findings.

While it's great that the company has ceased its heavy-handed bullying of a well-intentioned community member, their retraction leaves a lot to be desired. Carrier IQ said that the software does not:

  • Does not record your keystrokes.
  • Does not provide tracking tools.
  • Does not inspect or report on the content of your communications, such as the content of emails and SMSs.
  • Does not provide real-time data reporting to any customer.
  • Finally, we do not sell Carrier IQ data to third parties.

It's true that the software may not be reporting any of this information to carriers or other parties, but the simple fact that has been revealed by Trevor Eckhart's research is that it has the capability to do so. That still represents a huge violation of the privacy of end-users on the part of Carrier IQ, and any manufacturer (like HTC, Samsung, Nokia and RIM) or carrier (Verizon and others) who uses it. It would be the digital equivalent of your cell phone provider mandating as a condition of service that you keep your home's doors unlocked, while promising never to actually go in.

There's likely to be a lot of independent research that goes into Carrier IQ's capabilities very soon, and how to identify and stop it. TrevE has already found some rudimentary ways to disable the software on some phones. We'll be on the lookout for a permanent and wide-reaching solution, or even better, an opt-out program from carriers and/or manufacturers.

[via Android Central]


Recent Stories

  • http://www.facebook.com/pablomentabo Paul Werner

    I already have Carrier IQ disabled in the ROM I use on my Epic… Legendary RC1

  • alx

    give em hell treve!!!