NEWS13 December 2011

Carrier IQ publishes report to fight privacy fears

Data analytics North America

US— Mobile intelligence firm Carrier IQ has published a 19-page report – its most detailed response yet – to reassure consumers that its software is not the threat to privacy that some have claimed.

The report (available here) directly addresses the work of Trevor Eckhart, whose analysis of the software sparked concerns that the technology – installed on some 140m phones – was logging button presses, the contents of text messages and the addresses of websites visited by users.

Carrier IQ has maintained that its software does not record any of this information. In its report it says that its own investigation of Eckhart’s work (published as a video on YouTube) indicates that the data shown appearing in an Android log file, which was taken from Eckhart’s HTC phone, was the “result of debug messages from pre-production handset manufacturer software”.

“Specifically it appears that the handset manufacturer software’s debug capabilities remained switched on in devices sold to consumers,” says Carrier IQ. The firm states that it “does not use the Android log files to acquire or output metrics” but uses its own API instead.

“The IQ Agent software on the mobile device was not responsible for writing log messages containing personal information seen in the video,” the company says.

In previous statements Carrier IQ has said that it measures and summarises performance of mobile devices to assist operators in delivering better service. “For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.”

In its report the firm provides a list of the various different metrics that can be examined on a mobile device, depending what is requested by network operators. Usually this data is uploaded from the device once every 24 hours, but users can also input a specific key code or one can be sent in SMS form by a network operator to trigger collection. Carrier IQ says that while its software is able to recognise these specific codes, it is not able to capture keystrokes or the content of text messages.

The company says it did uncover an “unintended bug” while reviewing its software that meant that “in some unique circumstances, such as when a user receives an SMS during a call”, SMS messages may have been captured by the software – but not in a human-readable form. The bug has now been fixed, the company says.

The report is expected to form the basis of Carrier IQ’s reponses to questions put to it earlier this month by Senate privacy subcommittee chairman Senator Al Franken. Its answers are due by tomorrow.