The media storm over Carrier IQ’s implicit privacy and security violations continues. Yesterday we contacted Verizon Wireless about the intrusive logging software, and a representative told Android Community that the company does not use Carrier IQ software in any of its products. Canadian carrier Rogers joins them today, also stating that Carrier IQ is not present on any of its devices. A company spokesperson confirmed on Twitter that none of the phones or tablets in their lineup use the software.
Over in the UK, things are a little more nuanced. After being accused of using Carrier IQ’s software, both Vodafone and O2 have issued partial denials, saying that they do not collect user information. Carrier IQ has been spotted on devices for both providers. O2 claims that any data collected is handled by device manufacturers, a statement that seems very much at odds with the research of independent Android security analysis Trevor Eckhart. A Google spokesperson stated that none of the phones in the Nexus line – the Nexus One, Nexus S, Nexus S 4G and the upcoming Galaxy Nexus – use the software.
Android Community has contacted all of the major carriers in the United States for clarification on the Carrier IQ situation. So far, only Verizon has responded – there’s no official word from AT&T, T-Mobile or any other U.S. carrier on the presence, or lack thereof, of Carrier IQ logging. Android enthusiasts are understandably upset at the lack of transparency, and they’re now joined by iPhone users who discovered pieces of Carrier IQ code in all current models.
It’s important to note that statements from Verizon, Rogers, Vodafone and O2 are so far unconfirmed by impartial parties. In the case of Vodafone and O2, it’s basically impossible to know what’s done with captured information once it’s sent out from a phone or tablet. Considering that it may include keystrokes, web history, call history, app use and location data, it represents a potentially huge privacy violation. I remind our readers that this information isn’t necessarily being collected maliciously – Carrier IQ’s software is designed to allow carriers to improve their network performance based on a wide array of metrics. That said, the collection and possible retention of such private data, without notification, is still an unacceptable breach of privacy and security.
We await responses from the other U.S. wireless providers, and will report any news if they choose to respond.
I call BS on Rogers. I am/was a major developer for a kernel for the Samsung Infuse (over at XDA) about the time Treve found this on HTC devices and myself (Bedwa) and Entropy512 both stripped it from the initial ram system cause it was eating unneeded resources. And this was not the AT&T Froyo kernel, but the Rogers Gingerbread. Statement debunked.
Just because the carrier “doesn’t use” it, does NOT mean that the manufacturer didn’t put it there. In fact, it is the manufacturer that puts it there, and they don’t always disclose that to the carrier. I confirmed with my carrier… “We do not use the data that’s provided by the logger, but that doesn’t mean that it’s not there. Motorola has not disclosed to us whether or not it is on this specific model”
Carrier – US Cellular
Phone – Motorola Electrify
I called Motorola and got a major run-around. It took 3 people, the first 2 of which acted like they had no clue what I was talking about at all, before that 3rd person somewhat said it’s not on my phone. Actually I could tell she was reading a statement right out of a news article. She listed the other manufacturers that have been specifically named (Samsung, Nokia, Blackberry) and said “so we’re not on that list. that’s good right?” I asked if she was reading me an article and she said no, that she just knows. I was SO put at ease (#sarcasm)
I got news for you the Roundy’s food corporation and all of their stores they own and control are doing the same thing and when you refuse to give them personal data from a driver license they refuse to allow you to have the food you just tried to buy when paying by check even though the check was just cleared electronically.
I’ll wait to see if these companies are shown ultimate use software similar to CarrierIQ since they just say, “We don’t use CarrierIQ on our phones.” How about a statement that says, “We allow our customers complete privacy re their browsing, messaging, and all other uses of their oroperty-even if that property is tied to our service.”
Now, I do expect the service providers could locate you by location of the tower providing you service…