Is Carrier IQ on your BlackBerry?

By Joseph Holder on 1 Dec 2011 03:30 pm
4
loading...
39
loading...
56
loading...

The short answer is probably not; the slightly longer answer is that it could be. Last month, security researcher Trevor Eckhart did a little digging around in his Android Smartphone after seeing some curious data transfers. What he found set off a firestorm of outrage and disbelief. A program installed on the handset by or at the request of major wireless carriers has the ability to track nearly everything a user does on his or her phone.

The program, Carrier IQ, is hidden from end users and appears to collect data without the user's consent. Everything from wireless coverage to apps installed to keystrokes entered can be tracked by the program and sent to that big data collection computer in the sky. Carriers say they use the data provided by the program to improve customer experience and help with diagnosing problems. Security researchers question why a program to improve service is hidden and blocked from access by the user.

Among the allegations made by Eckhart is that the program is installed on multiple operating systems including Android, iOS, and BlackBerry - even Symbian manufacturer Nokia is not left out in the cold.

But let's step back a little bit and look at the BlackBerry OS in particular. Over on BlackBerry's support forum, Mark Sohm states in no uncertain terms that CarrierIQ is not included with the BlackBerry OS, nor are RIM's carrier partners authorized to add such software on to its devices. It's also doubtful that software could be installed on the Smartphone without the user's consent. The sometimes-frustrating BlackBerry permissions should easily prevent unauthorized data and device access. Though complicated, that's what the permissions are there to prevent. Whew!

That being said, Craig Johnston brought up an interesting point during today's podcast. There's nothing preventing BlackBerry administrators from installing CarrierIQ to a phone connected to a company's BES. In that system, the administrator approves all application permission requests. Whether or not a company has done that remains to be seen.

51 comments

PKPDBERRYADDICT

it is not that should be illegal !

mahsoud

The Carrier IQ Agent for RIM is under constant development. The Stable directory contains any critical updates that all users should have while the Most Recent directory may contain some enhancements and recent changes not deemed critical.:

ota.carrieriq.com/rim/stable/

ota.carrieriq.com/rim/beta/

for those that want it :D

Xterra2

oh WOW !!!!
WTF ? they should jailed for this

mssca

No... We the consumers are like Hitler's Army. Do what ever THEY say.

zzTroyzz

Statement I was given:
RIM is aware of a recent claim by a security researcher that an application called “CarrierIQ” is installed on mobile devices from multiple vendors without the knowledge or consent of device users. RIM will continue to investigate reports and speculation related to CarrierIQ.

RIM can attest that it does not pre-install the CarrierIQ application on BlackBerry smartphones and has never done so. Furthermore, RIM does not authorize its carrier partners to install the CarrierIQ application on BlackBerry smartphones before sales or distribution and has never done so. RIM also did not develop or commission the development of the CarrierIQ application, nor is RIM involved in any way in the testing, promotion, or distribution of the CarrierIQ application.

If the CarrierIQ application is present on a BlackBerry smartphone, it does not mean that the CarrierIQ application has “hacked” the BlackBerry platform. It means that either the BlackBerry smartphone user or the user’s BlackBerry Enterprise Server admin explicitly installed the application and authorized it to run. The user or the user’s BlackBerry Enterprise Server admin has full control over which third-party software he or she installs on a BlackBerry smartphone. The BlackBerry smartphone is designed to prompt the user for consent to grant permissions to a third-party application.

All users (of any device from any manufacturer) should always avoid installing and granting permissions to applications from untrusted sources. This simple precaution mitigates the risk of malware or unwanted software being installed on a user’s mobile device.

For information on BlackBerry security, visit www.blackberry.com/security.

s3cur1ty g33k

I called T-Mobile and asked if they had installed Carrier IQ on the Blackberry phones. At first they did not want to talk about it but then I was transferred to an agent who told me that there are several Blackberry models that they do install CarrierIQ on to include the Bold9900

I called BlackBerry who told me that it is easy to remove and T-Mobile should not be installing it on the phone as it voids the security of the device.

I called back T-Mobile and they first told me that CarrierIQ is baked into the phones. After I shared with them the details of my phone call with Blackberry, they stated that they would not remove it. They claim that they have the right to monitor the health of the network. When I raised the issue of Security, they told me "it doesn't matter, it is installed and cannot be removed".

If you use T-Mobile, I suggest you contact them and tell them you want CarrierIQ off your phone.

CDM76

How can we tell if it is on our BB's ???

Juiceair

That's what I was thinking.............hmmmmm.

miktro

Wow Im glad I don't have a Android. Rim Rims press release comfirms its not on BBs.

joehack

The links do not work. Maybe CarrierIQ closed it, but the hostname has a DNS entry:

> Non-authoritative answer:
Name: ota.carrieriq.com
Address: 204.235.122.205

Has someone downloaded the RIM deliveries? It would be very interesting to analyze it.

mahsoud

Nope, but there is whole java code somewhere on pastebin

maxb1ack

http://pastebin.com/v0ANuAGr

./IQAgent/com/carrieriq/agent/rim/IOSVariant.java:abstract public int getMCC( com.carrieriq.agent.rim.IOSVariant, net.rim.device.api.system.GPRSInfo$GPRSCellInfo );
./IQAgent/com/carrieriq/agent/rim/IOSVariant.java:abstract public int getMNC( com.carrieriq.agent.rim.IOSVariant, net.rim.device.api.system.GPRSInfo$GPRSCellInfo );
./IQAgent/com/carrieriq/agent/rim/IOSVariant.java:abstract public int[] preparePermissionsRequest( com.carrieriq.agent.rim.IOSVariant, net.rim.device.api.applicationcontrol.ApplicationPermissionsManager );
./IQAgent/com/carrieriq/agent/rim/IOSVariant.java:abstract public int apnKeysToArray( com.carrieriq.agent.rim.IOSVariant, net.rim.device.api.util.IntIntHashtable, int[] );
./IQAgent/com/rim/resources/IQAgentRIMResources.java:abstract public final class IQAgentRIMResources extends net.rim.device.resources.Resource
./IQAgent/com/rim/resources/IQAgentRIMResources.java: 5 : invokespecial_lib net.rim.device.resources.Resource. // get_name_1: net.rim.tools.compiler.codfile.Identifier@6c5e0272( net.rim.device.resources.Resource, java.util.Hashtable, java.util.Hashtable, byte[] ) // get_name_2: net.rim.device.resources.Resource.
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java:implements net.rim.device.api.system.RadioStatusListener
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 72 : invokespecial_lib net.rim.device.api.util.IntIntHashtable. // get_name_1: net.rim.tools.compiler.codfile.Identifier@6c5e0272( net.rim.device.api.util.IntIntHashtable ) // get_name_2: net.rim.device.api.util.IntIntHashtable.
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 81 : invokestatic_lib int getSupportedWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getSupportedWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 94 : invokestatic_lib int getSupportedWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getSupportedWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 12 : invokevirtual invokeLater( net.rim.device.api.system.Application, java.lang.Runnable ) // get_name_1: net.rim.tools.compiler.codfile.Identifier@387a98f4( net.rim.device.api.system.Application, java.lang.Runnable )
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 14 : invokestatic_lib int getActiveWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getActiveWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 58 : invokestatic_lib net.rim.device.api.system.CDMAInfo$CDMACellInfo getCellInfo( ) // get_name_1: net.rim.device.api.system.CDMAInfo$CDMACellInfo net.rim.tools.compiler.codfile.Identifier@45241ea6( ) // get_name_2: net.rim.device.api.system.CDMAInfo.getCellInfo
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 61 : invokevirtual int getSID( net.rim.device.api.system.CDMAInfo$CDMACellInfo ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@b5886998( net.rim.device.api.system.CDMAInfo$CDMACellInfo ) // get_name_2: net.rim.device.api.system.CDMAInfo$CDMACellInfo.getSID
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 67 : invokevirtual int getSID( net.rim.device.api.system.CDMAInfo$CDMACellInfo ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@b5886998( net.rim.device.api.system.CDMAInfo$CDMACellInfo ) // get_name_2: net.rim.device.api.system.CDMAInfo$CDMACellInfo.getSID
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 74 : invokevirtual int getNID( net.rim.device.api.system.CDMAInfo$CDMACellInfo ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@b58856d3( net.rim.device.api.system.CDMAInfo$CDMACellInfo ) // get_name_2: net.rim.device.api.system.CDMAInfo$CDMACellInfo.getNID
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 80 : invokevirtual int getNID( net.rim.device.api.system.CDMAInfo$CDMACellInfo ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@b58856d3( net.rim.device.api.system.CDMAInfo$CDMACellInfo ) // get_name_2: net.rim.device.api.system.CDMAInfo$CDMACellInfo.getNID
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 86 : invokestatic_lib int getChannelNumber( ) get_name_2: net.rim.device.api.system.CDMAInfo.getChannelNumber
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 91 : invokestatic_lib int getChannelNumber( ) get_name_2: net.rim.device.api.system.CDMAInfo.getChannelNumber
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 5 : invokestatic_lib int getSignalLevel( int ) get_name_2: net.rim.device.api.system.RadioInfo.getSignalLevel
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 3 : invokevirtual boolean containsKey( net.rim.device.api.util.IntIntHashtable, int ) // get_name_1: boolean net.rim.tools.compiler.codfile.Identifier@c6607c0( net.rim.device.api.util.IntIntHashtable, int ) // get_name_2: net.rim.device.api.util.IntIntHashtable.containsKey
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 25 : invokestatic_lib java.lang.String getAccessPointName( int ) get_name_2: net.rim.device.api.system.RadioInfo.getAccessPointName
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 38 : invokevirtual int put( net.rim.device.api.util.IntIntHashtable, int, int ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@1b30f( net.rim.device.api.util.IntIntHashtable, int, int ) // get_name_2: net.rim.device.api.util.IntIntHashtable.put
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 3 : invokevirtual boolean containsKey( net.rim.device.api.util.IntIntHashtable, int ) // get_name_1: boolean net.rim.tools.compiler.codfile.Identifier@c6607c0( net.rim.device.api.util.IntIntHashtable, int ) // get_name_2: net.rim.device.api.util.IntIntHashtable.containsKey
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 24 : invokevirtual int remove( net.rim.device.api.util.IntIntHashtable, int ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@c84af884( net.rim.device.api.util.IntIntHashtable, int ) // get_name_2: net.rim.device.api.util.IntIntHashtable.remove
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 9 : invokestatic_lib byte[] getIPAddress( int ) get_name_2: net.rim.device.api.system.RadioInfo.getIPAddress
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 39 : invokestatic_lib int getActiveWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getActiveWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 75 : invokestatic_lib int getActiveWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getActiveWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 101 : invokestatic_lib int getSupportedWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getSupportedWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 107 : invokestatic_lib int getActiveWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getActiveWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 1 : invokestatic_lib net.rim.device.api.system.GPRSInfo$GPRSCellInfo getCellInfo( ) // get_name_1: net.rim.device.api.system.GPRSInfo$GPRSCellInfo net.rim.tools.compiler.codfile.Identifier@45241ea6( ) // get_name_2: net.rim.device.api.system.GPRSInfo.getCellInfo
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 2 : invokevirtual int getARFCN( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@741ae3ca( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_2: net.rim.device.api.system.GPRSInfo$GPRSCellInfo.getARFCN
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 7 : invokestatic_lib int getActiveWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getActiveWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 79 : invokestatic_lib int getActiveWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getActiveWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 2 : invokevirtual boolean isEmpty( net.rim.device.api.util.IntIntHashtable ) // get_name_1: boolean net.rim.tools.compiler.codfile.Identifier@7aab3243( net.rim.device.api.util.IntIntHashtable ) // get_name_2: net.rim.device.api.util.IntIntHashtable.isEmpty
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 5 : invokevirtual int size( net.rim.device.api.util.IntIntHashtable ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@35e001( net.rim.device.api.util.IntIntHashtable ) // get_name_2: net.rim.device.api.util.IntIntHashtable.size
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 13 : invokeinterface interfacemethodref_5 // get_name_1: interfacemethodref_5 int module:IQAgent.class#10.apnKeysToArray( module:IQAgent.class#10, net.rim.device.api.util.IntIntHashtable, int[] )
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 23 : invokestatic_lib boolean isPDPContextActive( int ) get_name_2: net.rim.device.api.system.RadioInfo.isPDPContextActive
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 3 : invokestatic_lib int getSignalLevel( int ) get_name_2: net.rim.device.api.system.RadioInfo.getSignalLevel
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 6 : invokestatic_lib int getSupportedWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getSupportedWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 17 : invokestatic_lib int getActiveWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getActiveWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 29 : invokestatic_lib int getNetworkType( ) get_name_2: net.rim.device.api.system.RadioInfo.getNetworkType
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 43 : invokestatic_lib int getActiveWAFs( ) get_name_2: net.rim.device.api.system.RadioInfo.getActiveWAFs
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 74 : invokestatic_lib net.rim.device.api.system.GPRSInfo$GPRSCellInfo getCellInfo( ) // get_name_1: net.rim.device.api.system.GPRSInfo$GPRSCellInfo net.rim.tools.compiler.codfile.Identifier@45241ea6( ) // get_name_2: net.rim.device.api.system.GPRSInfo.getCellInfo
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 75 : invokeinterface interfacemethodref_6 // get_name_1: interfacemethodref_6 int module:IQAgent.class#10.getMCC( module:IQAgent.class#10, net.rim.device.api.system.GPRSInfo$GPRSCellInfo )
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 89 : invokestatic_lib net.rim.device.api.system.GPRSInfo$GPRSCellInfo getCellInfo( ) // get_name_1: net.rim.device.api.system.GPRSInfo$GPRSCellInfo net.rim.tools.compiler.codfile.Identifier@45241ea6( ) // get_name_2: net.rim.device.api.system.GPRSInfo.getCellInfo
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 90 : invokeinterface interfacemethodref_7 // get_name_1: interfacemethodref_7 int module:IQAgent.class#10.getMNC( module:IQAgent.class#10, net.rim.device.api.system.GPRSInfo$GPRSCellInfo )
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 103 : invokestatic_lib net.rim.device.api.system.GPRSInfo$GPRSCellInfo getCellInfo( ) // get_name_1: net.rim.device.api.system.GPRSInfo$GPRSCellInfo net.rim.tools.compiler.codfile.Identifier@45241ea6( ) // get_name_2: net.rim.device.api.system.GPRSInfo.getCellInfo
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 104 : invokevirtual int getLAC( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@b5884e58( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_2: net.rim.device.api.system.GPRSInfo$GPRSCellInfo.getLAC
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 117 : invokestatic_lib net.rim.device.api.system.GPRSInfo$GPRSCellInfo getCellInfo( ) // get_name_1: net.rim.device.api.system.GPRSInfo$GPRSCellInfo net.rim.tools.compiler.codfile.Identifier@45241ea6( ) // get_name_2: net.rim.device.api.system.GPRSInfo.getCellInfo
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 118 : invokevirtual int getRAC( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@b58864de( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_2: net.rim.device.api.system.GPRSInfo$GPRSCellInfo.getRAC
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 131 : invokestatic_lib net.rim.device.api.system.GPRSInfo$GPRSCellInfo getCellInfo( ) // get_name_1: net.rim.device.api.system.GPRSInfo$GPRSCellInfo net.rim.tools.compiler.codfile.Identifier@45241ea6( ) // get_name_2: net.rim.device.api.system.GPRSInfo.getCellInfo
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 132 : invokevirtual int getCellId( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@13c8e513( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_2: net.rim.device.api.system.GPRSInfo$GPRSCellInfo.getCellId
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 148 : invokestatic_lib net.rim.device.api.system.GPRSInfo$GPRSCellInfo getCellInfo( ) // get_name_1: net.rim.device.api.system.GPRSInfo$GPRSCellInfo net.rim.tools.compiler.codfile.Identifier@45241ea6( ) // get_name_2: net.rim.device.api.system.GPRSInfo.getCellInfo
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 149 : invokevirtual int getBSIC( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@fb7d3581( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_2: net.rim.device.api.system.GPRSInfo$GPRSCellInfo.getBSIC
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 233 : invokestatic_lib net.rim.device.api.system.GPRSInfo$GPRSCellInfo getCellInfo( ) // get_name_1: net.rim.device.api.system.GPRSInfo$GPRSCellInfo net.rim.tools.compiler.codfile.Identifier@45241ea6( ) // get_name_2: net.rim.device.api.system.GPRSInfo.getCellInfo
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 234 : invokevirtual int getARFCN( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@741ae3ca( net.rim.device.api.system.GPRSInfo$GPRSCellInfo ) // get_name_2: net.rim.device.api.system.GPRSInfo$GPRSCellInfo.getARFCN
./IQAgent-2/com/carrieriq/agent/rim/IQRadioListener.java: 3 : invokestatic_lib int getSignalLevel( int ) get_name_2: net.rim.device.api.system.RadioInfo.getSignalLevel
./IQAgent-2/com/carrieriq/agent/rim/IQSystemListener.java:implements net.rim.device.api.system.SystemListener2
./IQAgent-2/com/carrieriq/agent/rim/IQSystemListener.java: 12 : invokevirtual invokeLater( net.rim.device.api.system.Application, java.lang.Runnable ) // get_name_1: net.rim.tools.compiler.codfile.Identifier@387a98f4( net.rim.device.api.system.Application, java.lang.Runnable )
./IQAgent-2/com/carrieriq/agent/rim/IQSystemListener.java: 11 : invokevirtual invokeLater( net.rim.device.api.system.Application, java.lang.Runnable ) // get_name_1: net.rim.tools.compiler.codfile.Identifier@387a98f4( net.rim.device.api.system.Application, java.lang.Runnable )
./IQAgent-2/com/carrieriq/agent/rim/IQSystemListener.java: 1 : invokestatic_lib int getBatteryLevel( ) get_name_2: net.rim.device.api.system.DeviceInfo.getBatteryLevel
./IQAgent-2/com/carrieriq/agent/rim/IQSystemListener.java: 2 : invokestatic_lib int getBatteryTemperature( ) get_name_2: net.rim.device.api.system.DeviceInfo.getBatteryTemperature
./IQAgent-2/com/carrieriq/agent/rim/IQSystemListener.java: 6 : invokestatic_lib int getBatteryVoltage( ) get_name_2: net.rim.device.api.system.DeviceInfo.getBatteryVoltage
./IQAgent-2/com/carrieriq/agent/rim/IQSystemListener.java: 2 : invokestatic_lib int getBatteryStatus( ) get_name_2: net.rim.device.api.system.DeviceInfo.getBatteryStatus
./IQAgent-2/com/carrieriq/agent/rim/IQSystemListener.java: 3 : invokestatic_lib int getBatteryLevel( ) get_name_2: net.rim.device.api.system.DeviceInfo.getBatteryLevel
./IQAgent-2/com/carrieriq/agent/rim/IQSystemListener.java: 10 : invokestatic_lib int getBatteryStatus( ) get_name_2: net.rim.device.api.system.DeviceInfo.getBatteryStatus
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 1 : invokestatic_lib int getNetworkService( ) get_name_2: net.rim.device.api.system.RadioInfo.getNetworkService
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java:public int getMCC( com.carrieriq.agent.rim.variant.OSVariant421, net.rim.device.api.system.GPRSInfo$GPRSCellInfo );
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 1 : invokestatic_lib int getCurrentNetworkIndex( ) get_name_2: net.rim.device.api.system.RadioInfo.getCurrentNetworkIndex
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 2 : invokestatic_lib int getMCC( int ) get_name_2: net.rim.device.api.system.RadioInfo.getMCC
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java:public int getMNC( com.carrieriq.agent.rim.variant.OSVariant421, net.rim.device.api.system.GPRSInfo$GPRSCellInfo );
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 1 : invokestatic_lib int getCurrentNetworkIndex( ) get_name_2: net.rim.device.api.system.RadioInfo.getCurrentNetworkIndex
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 2 : invokestatic_lib int getMNC( int ) get_name_2: net.rim.device.api.system.RadioInfo.getMNC
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 1 : invokestatic_lib net.rim.device.api.servicebook.ServiceBook getSB( ) // get_name_1: net.rim.device.api.servicebook.ServiceBook net.rim.tools.compiler.codfile.Identifier@5db1c25( ) // get_name_2: net.rim.device.api.servicebook.ServiceBook.getSB
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 2 : invokevirtual net.rim.device.api.servicebook.ServiceRecord[] getRecords( net.rim.device.api.servicebook.ServiceBook ) // get_name_1: net.rim.device.api.servicebook.ServiceRecord[] net.rim.tools.compiler.codfile.Identifier@7e545a0c( net.rim.device.api.servicebook.ServiceBook ) // get_name_2: net.rim.device.api.servicebook.ServiceBook.getRecords
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 13 : invokevirtual int getType( net.rim.device.api.servicebook.ServiceRecord ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@fb85f7b0( net.rim.device.api.servicebook.ServiceRecord ) // get_name_2: net.rim.device.api.servicebook.ServiceRecord.getType
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 18 : invokevirtual int getNetworkType( net.rim.device.api.servicebook.ServiceRecord ) // get_name_1: int net.rim.tools.compiler.codfile.Identifier@662add52( net.rim.device.api.servicebook.ServiceRecord ) // get_name_2: net.rim.device.api.servicebook.ServiceRecord.getNetworkType
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 24 : invokevirtual java.lang.String getAPN( net.rim.device.api.servicebook.ServiceRecord ) // get_name_1: java.lang.String net.rim.tools.compiler.codfile.Identifier@b58826e9( net.rim.device.api.servicebook.ServiceRecord ) // get_name_2: net.rim.device.api.servicebook.ServiceRecord.getAPN
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java:public int[] preparePermissionsRequest( com.carrieriq.agent.rim.variant.OSVariant421, net.rim.device.api.applicationcontrol.ApplicationPermissionsManager );
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java:public int apnKeysToArray( com.carrieriq.agent.rim.variant.OSVariant421, net.rim.device.api.util.IntIntHashtable, int[] );
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant460$ReasonProvider460.java:implements net.rim.device.api.applicationcontrol.ReasonProvider
./IQAgent/com/carrieriq/agent/rim/IOSVariant.java:abstract public java.lang.String getPhoneNumber( com.carrieriq.agent.rim.IOSVariant, net.rim.blackberry.api.phone.PhoneCall );
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java:public java.lang.String getPhoneNumber( com.carrieriq.agent.rim.variant.OSVariant421, net.rim.blackberry.api.phone.PhoneCall );
./IQAgent-4/com/carrieriq/agent/rim/variant/OSVariant421.java: 2 : invokevirtual java.lang.String getDisplayPhoneNumber( net.rim.blackberry.api.phone.PhoneCall ) // get_name_1: java.lang.String net.rim.tools.compiler.codfile.Identifier@ff05fe2b( net.rim.blackberry.api.phone.PhoneCall ) // get_name_2: net.rim.blackberry.api.phone.PhoneCall.getDisplayPhoneNumber

joehack

From my point of view, there is no reason to trust any company; neither RIM, HTC nor any other. In the end, the good hackers will surface the truth.

guerllamo7

This seems good news for RIM. No retail or consumers are impacted because RIM does not allow it. If the IT department does this, they disclose it to users. Lets remember that the phones you get at a company are actually company property and for business purposes only.

On the other hand. Shame on the carriers for affecting Droid, iOS, and whatever other device manufacturers are involved. Every key stroke means that someone could get your credit card information, bank account information (if you do mobile banking), ssn, etc.

Shame on any manufacturer that allows this to happen.

Although this is good news for RIM, I would wait to pass judgement on iOS until we hear from them. However, much to my surprise it seems Google Droids are deeply involved. People have known for a long time that Google looks at their e-mails and then they place targeted adds on your very own inbox so that is a bit weird but to give the data to third parties is crossing the line. I hope we get official statements from these guys soon so we know for sure who is responsible.

I hope they get slammed. It is not right they get to do this.

It seems Verizon is not involved at all. If that it the case and Sprint is involved I would consider that materially enough to move. Even if BB is not affected, I don't want to do business with organizations that pull this kind of stuff.

s3cur1ty g33k

If your carrier is T-Mobile, it may be installed. I contacted T-Mobile and they confirmed what I saw: CarrierIQ is installed on the BOLD 9900 by T-Mobile. They push the program out the first time you power up. It is not all the BB phones that have it but there are at least 4 models and they intend to push it out to more models in the future.

A quick VM installation of BB Enterprise Server Express took care of the problem since T-Mobile refuses to remove it.

jhrain

Disturbing article. Helping friends check their Android phones... so far, no evidence.

sage rat

Joseph or anyone,
Is there a way to identify it on a BB?

Can it be found in Options/Applications/Third Party? Under what name?

ungibbed

I sold my Android a while back as i hated having such a short battery life. Now I just stick with my Bold 9700 (T-Mobile), doubtful that it's on there as space is tight already and as logs piled up over time, they would show a performance loss with the spinning clock of doom.

If it is on there, my trust in the BlackBerry platform will be quite shaken.

Makes me wonder if this is also stuffed into feature phones like the one I have for a backup phone, the not so awesome Samsung Gravity 3...

johnolesen

if you have something that bad to hide....maybe you shouldn't be doing it?

SRR500

I have nothing "bad" to hide. At the same time I do want to keep some things private like my bank account socoal security and credit card numbers. Also don't care to share login information or messages between my family and friends. There is a difference between needing to hide something "bad" and wanting to keep private matters private.

buckwylder

i disagree with johnolesen, i shouldn't really need to explain why though, but i will because i want to

that is exactly what google chairman said about the fact they have stored every single google search ever made

"if you don't have anything to hide, what are you worried about?" - sounds slightly arrogant to me when heard from a guy like the chairman of google, just my opinion, no big deal

that is not the point though, people don't want to be tracked like cattle by some hidden software - for a lot of reasons - that is not a difficult concept to understand, considering people do everything on their cell phones or tablets like personal banking, etc...

carrier iq is stupid for any purpose beyond tracking a corporate asset, it is NOT for the general public, wow, seems 1984ish - orwellian

anyways, peace
___________________________________________________________

in the time of your life, live so that in that good time, there should be no ugliness or death for yourself or for any life that your life touches, seek goodness everywhere

scottae316

And what brand of phone does Google's founder carry???

mssca

What company on Earth have a good faith in protecting customers as opposed to beat the hell out of the customer to get rich?

That's why I don't want my information in their hands. In Canada a private medical clinic recently infected many many people with HIV, Hep A, Hep B and Hep C. Why? To save money they didn't clean the medical equipment properly and now taxpayer has to pay for the medical care.

Capitalism is good.... but it is bad at extreme ends. Extreme capitalism is no better than extreme socialism!

xmasberry

Gotta disagree with the johnolesen comment. The main concern isn't that one is doing something bad that needs to be covered up but rather that one is doing something that should be absolutely secure (internet banking for example) and that whatever the activity the security is compromised because of nonsense like the CarrierIQ software (if it indeed captures keystrokes which they say it doesn't but which it appears to do)

bull_thumper

How does one go about finding files by name on ones BlackBerry ?

buckwylder

universal search, or the "files" application
if you're using os6 or os7

bull_thumper

I have executed a few searches but I have a feeling these don't look very deep into the OS itself. So far I can't find any sign of it on my phone.

Perhaps RIM could publish a utility to scan for and, at the users discretion, remove selected objects such CarrierIQ.

buckwylder

google is weird, i am not sure they're as legit, "cool", or forthcoming as people might expect from a company with that name spelled with all the colors of the rainbow, just a sneaking suspicion

buckwylder

about time somebody exposed google, lol

Mr.G

@ johnolesen thats one of the dumber things ive ever heard, dont know why so many people had to even explain it to u..
i hate google. a,most never use them. tuff to never. but very rare for me.. simply becuz they dont respect privacy. and so many paid products r so much better than any free google apps..

ungibbed

This causes both distrust in your device and your mobile carrier. Pre-paid or traditional post paid contract plans. In many ways, my phone has become important to me as much as carrying my wallet. Personal data stored for work issues or even silly rants on Facebook.

Being a technoloy nerd that I am, many people still question me why I carry a BlackBerry as my normal everyday phone, and I always respond due to the reliability of the BB platform (the outage got me a lot of heckles but I still could call and send SMS messages)

I predict a lot of damage control from various manufacturers of Android phones and some on behalf of the carriers as well.

What can the end user do for complete privicy? Just pull the battery and talk face to face over some coffee.

coolaide

So they have also been burning through some of my data quota send these data logs right? and since it was unauthorized it should fall under illegal wire tap too.

newcollector

This was posted in the forums by belfastdispatcher:

Before anybody has a heart attack remember BB has a native instant messaging app that sometimes comes with the OS called ICQ, don't get them confused lol

CDM76

lol. I can only imagine how some would act if thought was same. hahaha

TeaBoy

Soo, This is how ATT know if your tether or not..Than they slap you with a Tethering Fee..

infinus

if RIM puts carrierIQ in BB's they are totally doomed...
i knew androids are spooky...
i love android...
but for development and study purpose not for usage..
BB rocks...
i hope VodaFone doesn't put carrierIQ too.

cbvinh

Yeah, if their reputation is security (the main thing they have left compared to the competition) then they better make sure that their users' data isn't being leaked. Even if the carrier is the one that installed the program, they better force the carrier to disclose and allow users to disable.

Sith_Apprentice

Using a factory device (9650 running OS 6) i downloaded from ota.carrieriq.com/rim. The modules were not present on the device fresh out of the box, or on any device where i manually updated the software. Also, the application MUST be granted trusted status in order to work properly. I installed the app (and set all permissions to DENY).

Below is a list of modules in the "Stable" OS 6 release:
Application Module - IQAgent
Library Modules - IQAgent-1
IQAgent-10
IQAgent-11
IQAgent-12
IQAgent-13
IQAgent-14
IQAgent-15
IQAgent-16
IQAgent-17
IQAgent-2
IQAgent-3
IQAgent-4
IQAgent-5
IQAgent-6
IQAgent-7
IQAgent-8
IQAgent-9

The app also requests the following access:
USB
Bluetooth
Phone
Location Data
Server Network
Internet
WI-FI
Cross Application Communication
Device Settings
Media
Application Management
Themes
Input Simulation
Browser Filtering
Recording
Security Timer Reset
Display Information while Locked
Email
Organizer Data
Files
Security Data

I can also confirm that there is no icon for this application, though it does show under "IQAgent" in the application management listing and is listed as optional.

Update:
The application and all listed modules removes easily with a delete of the application. No wipe or extreme measures needed. I do not think BlackBerry users need to be worried about this app, if its found, simply go in and uninstall it.

Justice 005

Thanks for taking the time to test and provide the details.

Sith_Apprentice

It appears the OTA site has been taken down. Guess the letter from the Senate spooked them a bit. Anyone still have a copy?

Spoomanchu

So if I've upgraded my OS since I purchased, is this software still on or is it hard coded into the hardware?

SixYearBlackberryUser

VERY INTERESTING. So this explains why THREE brand new Torch 9850 phones I purchased from Verizon and shipped from the warehouse came in boxes that were OPENED with the seal broken and battery installed! THREE new phones that I returned and finally went to the store to get a SEALED box. This was a VERIZON BB purchased over the last 3 weeks. After several attempts to ask why my new phones were in boxes with the seal broken and battery installed they had no explaination. INTERESTING! I sent a letter to Verizon customer service and of course no response.

raul.adams

THANK YOU "TREVOR ECKHART" FOR MAKING THIS DISCOVERY! ALL THESE COMPANYS ARE ALREADY GETTING SUED BY IT.
THANK YOU!!!

NikonF7

Seeing as T-Mobile effectively IS my BlackBerry Enterprise Server admin, shouldn't I be worried? Although a lot of BBs are issued companies whose IT departments run their own BBE Server, an awful lot also are held by consumers like me who use the push email at their cell provider (myname@tmo.blackberry.net, etc.)

I guess the key questions are:
1. Can a BBES admin add Carrier IQ to a BlackBerry without having it warned/approved at the phone end?
2. Would I have noticed and remembered if my phone wasn't still 100% factory-sealed by RIM when T-Mobile rushed an 8520 to me 19 months ago to replace a busted 8820?

I like the added security of a BB vs any other smartphone, but I don't trust corporations to not be stealing every bit of data they can get away with. Then the government looks the other way on corporate privacy invasions of consumers too often, in the hopes they can have access to more data to grab later themselves (for good or bad purposes TBD when it's too late).

Incidents like this make me want to never see online voting, and I'd rather revert to little old ladies counting paper ballots than trusting voting machine vendors to not install "extra features".

I consider my texts and surfing history to be copyrighted performances, and it's about time to sue these folks for theft of intellectual property. This is far worse than a kid downloading a copy of something that's already in widespread circulation. It's the theft of original, unique, works not intended for prying eyes....and then making unauthorized derivative works (personally identifiable or not) for commercial use.

Chapdaddy

T-mobile is not your enterprise server admin. By definition, the "enterprise" descriptors are referring to corporate purchased and managed Blackberries. BES -Blackberry Enterprise Server is the middleware software package that allows synchronization and data communication between corporate servers (exchange etc) and their handsets. When an individual purchases a Blackberry device from their wireless provider, they use BIS- Blackberry Internet Service, to facilitate push email service and all the rest. If an individual employee wanted to purchase their own handset to synchronize with their corporate servers, their corporate IT admin would manage BES provisioning to their handset.

s3cur1ty g33k

NikonF7

In response to your questions:

1. Can a BES admin add Carrier IQ to a BlackBerry without having it warned/approved at the phone end?

Yes. It can be remotely installed by an admin. The carrier's have admin rights using BIS unless the phone has been joined to a BES, then the BES admin can install it remotely (or uninstall it remotely).

2. Would I have noticed and remembered if my phone wasn't still 100% factory-sealed by RIM when T-Mobile rushed an 8520 to me 19 months ago to replace a busted 8820?

Does not matter. Once your phone is on the network, they can push updates to you that includes the CarrierIQ image, ande install it on your phone.

Clear as mud?

T-Mobile is doing it! They did it to my Bold 9900 and they refused to remove it.

holly1203

when I first saw this I was absolutely disgusted... but then after I thought a little more about it, I started to wonder, with all the paperwork we fill out when we sign up for a new contract through a service provider, is it possible that somewhere in the documents it clearly states that this software is installed... Seeing as approx 85% of consumers don't fully read what they sign, it's a huge possibility... makes me wanna do a thorough check of my contract.

cherimoya

any definitive info on whether sprint installs it? i don't see it in 3rd party apps, addons, or BB core apps, but also don't see any 'sprint' software, yet i certainly do have sprint navigation. may be it's hidden as part of the os???