Dispute over 'diagnostic' software spreads to Europe after claims that Android phones send data to various service providers and iPhones do the same for Apple.
UK mobile networks have insisted that they do not install or use Carrier IQ’s smartphone diagnostics software, after privacy concerns were raised in the US over its discovery on Android phones and Apple’s iPhone there.
Carrier IQ has said that its software is installed on more than 141m handsets worldwide, and that its “mobile intelligence” solution “eliminates guesswork by automatically providing accurate, real-time data direct from the source – your customers’ handsets”. The company claims that it is unique “because we are the only company embedding diagnostic software in millions of subscribers’ phones”.
Concerns were raised earlier this week after a developer, Trevor Eckhart, discovered that Carrier IQ’s software logs every keystroke that the user makes on the device and can store it. Even transactions made to secure websites were recorded, which could mean that malicious software or use of the Carrier IQ product might be used to monitor someone’s use of the device.
But Carrier IQ insisted in a statement that its software “does not record your keystrokes, does not provide tracking tools, does not inspect or report on the content of your communications, does not provide real-time data reporting to any customer” and that it does not sell its data to any third parties.
It says the software is intended to “better [identify] dropped calls and poor service; problelms that impede a phone’s battery life” and improve customer service.
Eckhart, who gained access to an unmodified copy of Carrier IQ’s software, said that “Carrier IQ is able to query any metric from a device. A metric can be a dropped call because of lack of service. The scope of the word ‘metric/ is very broad though, including device type, such as manufacturer and model, available memory and battery life, the type of applications resident on the device, the geographical location of the device, the end user’s pressing of keys on the device, usage history of the device, including those that characterise a user’s interaction with a device.” He said that it had been found on Samsung devices.
The company caused a row in late November when it sent a cease-and-desist letter to Eckhart demanding that he stop discussing his findings. But the Electronic Frontier Foundation argued that he had a right to discuss the matter – forcing Carrier IQ into an embarrassing climbdown.
It is still unclear precisely what data is collected from Android phones and how it is transmitted. The company’s own publicity material about its product for Android, introduced in September 2010, says that “Carrier IQ’s technology measures, aggregates and analyzes the context of user experience across millions of devices that include the device state, application performance, and network conditions to derive key design decisions.” At the time it said it was installed on 90m devices, implying that since then it has been installed on another 50m.
Vodafone, Orange and O2 told the Guardian on Thursday that they do not install the software in the UK and that to the best of their knowledge it is not shipped in any of the phones they sell. Google has indicated that the software is not included on any of its “flagship” phones – the Google Nexus One, Nexus S, and Galaxy Nexus handsets, which were built as showcases for versions of its Android mobile operating system. Carrier IQ says (PDF) that it is working on a deployment for Vodafone in Portugal.
In the US the software appears to be installed in a large number of Android phones, apparently at the request of mobile networks. An HTC spokeswoman told the Guardian that a number of the company’s Android phones in the US include it at the request of carriers there, but that no European devices have been affected.
The software appears to be installed on all versions Apple’s iPhone where it can, with the user’s explicit permission, send anonymised diagnostic information back to Apple, for examples when apps crash. However tests by Alasdair Allan, a British programmer, found that it does not have any access to keypad input, and that the data is only sent to Apple. Owners can disable the transmission of data by turning off a setting on the iPhone.
Claims that the software is installed on Nokia phones were rebutted by the Finnish company in a statement: “Nokia is aware of inaccurate reports which state that software from Carrier IQ has been found on Nokia devices. Carrier IQ does not ship products for any Nokia devices, so these reports are wrong.”
In the US, the Verizon network said that it does not use Carrier IQ.