Mathew J. Schwartz
Carrier IQ: What Carriers, Device Makers Must Do Next
Customer trust is a delicate thing, and vendor secrecy can scuttle it quickly. Take, for example, the case of Carrier IQ's tracking software, in which carriers' and handset manufacturers' secrecy about how they use the software has made it look like they have something to hide.
Since news of the tracking practices broke several weeks ago, studies by two independent researchers have found that Carrier IQ's software hasn't been doing anything technically nefarious. But one of those researchers, Dan Rosenberg of Virtual Security Research, called out--via a Pastebin post--the bigger issues: "Carrier IQ does a lot of bad things. It's a potential risk to user privacy, and users should be given the ability to opt out of it."
- Getting a Grip on Mobile Malware
- How Attackers Identify and Exploit Software and Network Vulnerabilities
White PapersMore >>
In fact, how carriers and manufacturers deploy Carrier IQ can create security risks. Notably, security researcher Trevor Eckhart found that as deployed on HTC handsets, the Carrier IQ software was being used to create a log of numerous data points, which could potentially then be accessed and stolen by a malicious application.
Carrier IQ, however, said--without naming clients--that the security vulnerability would have been HTC's fault. "What goes in that log file is up to the manufacturer," Carrier IQ's VP of marketing, Andrew Coward, told The Verge. "What should be happening is it should just be giving it to us through the API. What appears to be happening is that it's giving it to us and making a copy of what it gave to us in the log file."
[ Is Carrier IQ running on your phone? Read Carrier IQ On Your Android? 3 Apps With Answers. ]
Which handsets may have bugs relating to their Carrier IQ software? Carriers and manufacturers have yet to come completely clean on exactly which of their handsets have Carrier IQ installed. Even an unspecified number of Apple devices--perhaps iPhones and iPad tablets--are also running Carrier IQ software, though Apple said it stopped supporting the software as of iOS 5 and will remove it altogether in a future update.
In other words, instead of truly coming clean, carriers and manufacturers have left the task of Carrier IQ detection to Android enthusiasts and application vendors, while Carrier IQ tried to squelch security researchers who disclosed how the software works.
"Initially, when discovered, Sprint was very deceptive and even denied it existed," says Jon Root of the Android Creative Syndicate team, referring to when the security researcher known as "k0nane" first discovered Carrier IQ software running on Android smartphones. "This went above and beyond breaching the trust of customers. They should have had talking points rather than trying to sweep it under the rug."
Those talking points have finally started to arrive. A leaked internal T-Mobile memo obtained by TmoNews says that nine T-Mobile handsets--BlackBerry (9360, 9810, 9900), HTC (Amaze 4G), LG (DoublePlay), Samsung (Exhibit II 4G, Galaxy S II), T-Mobile (myTouch by LG, myTouch Q by LG)--have Carrier IQ's software installed.
The memo also highlights three examples of how T-Mobile uses Carrier IQ's software: to determine if a failure of a handset to stay charged relates to the battery, charger, or something running on the device; to determine whether a handset or the network is responsible for dropped calls; and to diagnose the cause of app failure, which may result in handsets freezing. Meanwhile, SprintFeed scored its own photo of an internal memo (carriers: beware employees bearing camera smartphones) that presents Sprint insiders with similar information.
Perhaps executives at the carriers wrote the memos as they rehearsed answers to related questions posed by legislators, regulators, and litigators (there are at least four class-action lawsuits underway).
Given this "Carrier IQ-gate" fallout, what could be done to assuage customers about these data-collection practices? "I would like CIQ to contractually ensure that their carrier and OEM partners provide an opt-in or opt-out option, and a full disclosure of what data is being sent, and to who," says k0nane via email. "Additionally, security holes such as those left in by HTC ... must be corrected."
"It is important to note, however, that carriers and OEMs are the final decision-makers for CIQ's software--the former, for which metrics will be tracked, and the latter, for how it is implemented," he says. Accordingly, he wants to see carriers' and manufacturers' implementations of Carrier IQ audited by a third party. That audit would demonstrate that the software is behaving as advertised and help prevent security holes.
Furthermore, why use Carrier IQ or other such monitoring software on the sly? From Microsoft to Mozilla, computer operating systems and software applications give users the ability to share post-crash information with the relevant vendor, as well as to detail what exactly gets shared. That model could be applied to mobile phones, as part of an opt-in model. "Allow more granular control--if the user opts in, let them select what they wish to share," says k0nane. "As an example, I--as a user--may allow signal strength and location to be sent upon a dropped call, but not who I was calling, or any other data."
Let smartphone users opt into how their devices and related data gets tracked, preferably from their handsets. Otherwise, carriers and manufacturers will continue to look like they have something to hide, and face the prospect of customers choosing to opt out of that kind of relationship.
Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)