CarrierIQ comes clean about the information collected from your phone

Carrier IQ is at least a little more transparent about what it does
By Joseph Holder on 13 Dec 2011 01:46 pm EST

As you know, Research In Motion does not include Carrier IQ with its phones. The company does not permit its carrier partners to install CarrierIQ on BlackBerry Smartphones. It does, however, permit you - the end user - to install the carrier monitoring software on your Smartphone. From what we've seen from T-Mobile, Carrier IQ is included with the My Account app that the user can install and give permissions to. AT&T is thought to operate in a similar manner. Even if you allow this software to be installed, is there really anything to be concerned about? Carrier IQ says no. And you know what? I believe them.

The CarrierIQ debacle continues. This time, though, it's Carrier IQ itself releasing details of its product. Today, the company released a 19-page report detailing what the Carrier IQ app does, how it does it, and how the software gets added to a phone. This is a complete about-face from Carrier IQ's position a few weeks ago when they attempted to hit security researcher Trevor Eckhart with a cease and desist order. Openness and transparency are what the company needs to do now, this whitepaper is a good step in the right direction.

Phil Nickinson over at AndroidCentral has done a rather nice job of teasing out some of the more important details of the CarrierIQ report. For BlackBerry users, the more interesting bits are: 

  • We're not sending your every keystroke to the carrier - no carrier has asked for that feature
  • If an SMS message happens to get caught in our monitoring data, a human can't read it
  • Your carrier decides what information to collect
  • You are not charged for the diagnostic data the app sends to your carrier 

Carrier IQ is just that, a diagnostic tool to help your carrier identify problems with your device or coverage. If you want to be mad and/or outraged at someone, it's the carriers themselves you should look to. It has been always a carrier decision to add the software to the phone. After all, it's not like Carrier IQ snuck that software onto your phone while you were sleeping.

Read the Carrier IQ report for yourself [PDF]

Reader comments

CarrierIQ comes clean about the information collected from your phone


I'm not really butt hurt about this at all. I kinda figured companies were doing these kinds of things already...

Ummm you below me... I got First ;)

Carrier IQ (the idea) itself is a good idea. Finding area's that aren't working properly, where are the heavy users spots and where do calls get dropped etc.

I think people (myself included) might agree to something like this if it is open, your allowed to opt out and you still have privacy. A couple weeks ago when this first came out, I thought it read everything you wrote, followed the gps on your phone and basically allowed anyone and everyone to see and hear what I was doing.

Carrier IQ does a job, and likely does it well. But like RIM its got bad PR, it should have come out into the open and carriers that have this installed need to make customers aware and educate them on what it does.

if crackberry joe trusts them SO DO I ! never worried me that much anyway the whole world is probably spying on you already

Yea i agree with the above ^. the idea is good, and im sure the data collected does provide valuable information for helping improve products/services.

but like anything, an end user should be notified about it and furthermore have the option to opt in or out. its similar to almost all antivirus programs that are out there, they'll always ask if you if you're ok with sending your diagnostic/virus data to the company's server/database.

carrier iq came outta nowhere to the public, so it made it look like it was a sneaky devious operation that we weren't supposed to know about (maybe thats what they always wanted, who knows).

Anybody know how much battery this app is going to suck out from my phone by sending out all craps over the netwrok. Now all of sudden people come out and say bad phone, battery life sucks.

As someone already mentioned, it's fine and dandy as long as carriers/some phone manufacturers such as Apple and HTC did not add this to their products without user consent!!! The problem is user consent with some manufacturers (not BlackBerry). That's why they're being sued! Same goes for how Apple had their GPS tracking in iPhones without user consent.

i still dont trust or like it. my info should be just that...MY info.ok your not collecting my every keystroke and i belive that because you said so....this is probably government funded just like facebook.

That is great the CarrierIQ comes clean and stopped pointing a finger at the research that found there little secret. Thanks, for the story!

hmm... app with the power to log everything even when carrier network is not connected (wifi only), can't opt-out of or stop (on Android). A "bug" that collects your SMS messages. All hidden away with the intention of users never knowing... Yeah, there's a company I'm going to believe what they say.

Sorry about this but did IQ's suddenly drop. We have a software package that is added without our knowledge and reads our actions. locations. communications etc and we trust it. Please do me a favour. If a carrier had software that was truly diagnostic installed on their phones they would be shouting it out from the tops of mountains to increase sales. However lets look at the actions involved.
1) Software is discovered. Action? individual is threatened
2) Features of software shown. Action? Denial by Company
3) Carrier Action? Either denial or silence
Only under continuous pressure have the carriers and the software vendor began to release sketchy details.
Ask yourself are these the actions of truthful company's acting in the best interests of the end user
Well what do you think?

The issue on privacy and the policies companies hold is dangerous just to overlook what can result down the line. Read the following quote:

"We're not sending your every keystroke to the carrier - no carrier has asked for that feature"

This does not imply anything other than it does not happen at this moment because no carrier has asked for it yet. What happens when it is financially beneficial to gather this data?

Again, this same situation happens when looking to the following quote:

"If an SMS message happens to get caught in our monitoring data, a human can't read it"

Sure, no human can read the encrypted data as it stands, but this does not indicate that someone at the end of the line does not have a tool to decrypt and make it human readable. They would be doing this to gather their diagnostics anyways.

I don't care what the software does, who makes it, approves it or otherwise what it collects. I don't want it or any other software pushed or added to my phone before or after I purchase it without my explicit consent. It seems like this type of behavior is more and more openly accepted as business as usual when it shouldn't be under any circumstances.

I realize the younger generation is more passive about this type of behavior growing up with myspace, facebook etc and posting half they're lives online and youtube but I really hate that companies get away with this type of behavior with little to no consequences. Regardless of how innocuous the data they collect may be or seem, to me it's still an invasion of my privacy.

I believe there are two issues.

1. Privacy
2. Trust

If someone is going to have something installed on your device then fine as long as it is made available to the user and it is clear to the user what is going on. In other words, this company has on-going proof that their date is not invading privacy but assisting with technical troubleshooting.
That was not made clear nor were most people aware this software was installed.

That just punches a hole in item number two. If you can't trust these guys, then why would you trust them to come clean and reveal all the information now. Even Maddoff, the swindler, kept denying there was a problem until it blew up in his face.

Regardless of intent by anyone. I am quite happy that RIM never placed or authorized anyone (other than the owner of the device) to install it on BlackBerry's.

We can make legitimate complaints about RIM's lack of media innovation or other such things but every time I check on them, they seem to be doing the right and ethical thing in my view.

So far the only two that have earned my trust are RIM for the device manufacturers and Verizon for the carrier. I'm actually considering switching to Verizon over this issue.

Did you not read the news today about the FBI getting access to users data from carriers via Carrier IQ (and possibly others like it)?

You're ok with that? I'm not, even though I'm not involved in any criminal activity, I am not ok with people spying on other people's communications under the guise of rooting out "terrorism" The FBI denied a Freedom of Information Act request regarding Carrier IQ. That's the entire story. What other people choose to believe about that fact is beyond me.

sounds like u know wat ur talking about! im glad i have no need to worry now, cuz surely the FBI denying the freedom of information on a program that logs your location, conversations, and behavior is nothing to lose sleep over!

jeez these conspiracy nuts right? i mean what coulld possibly be gained by a government having access to its citizens private communcations and behaviors!?

I will write again what I wrote on your other stories about Carrier IQ, and I only signed up here two weeks ago to respond with my experience over the last month. Long story short I order a NEW Blackberry Torch from Verizon online. Shipped to me from the warehouse in a box with the seal broken and battery installed. Sent it back and received another Blackberry in the SAME condition..with the seal broken! Sent it back and the third phone was ALSO in a box with the seal broken! I finally went into the Verizon store to get a sealed box. As I was activating the phone with a tech guy online I asked about Carrier IQ and if it was on my Blackberry. He said "yes". I asked how can I have it removed and his response was "I can not give you those instructions". From my experience and discussions with a tech guy at Verizon I believe Verizon has installed Carrier IQ on their Blackberrys. If you want more info in detail and the name of the tech guy email me.

This post is ridiculous in every sense of the word!!! We are supposed to believe a company and carriers who initially hid stuff from us to collect info on us, and then now say there is nothing to worry about. "SURE..."

All I want to know and what everyone should want to know is how to REMOVE the app from our devices.

"We're not sending your every keystroke to the carrier - no carrier has asked for that feature"

What about sending them to yourself? Or other people?

Do you know how relatively little storage space EVERYBODY'S keystrokes in North America would take up gigabytes-wise? A trifle. You could do it on the cheap, easy. Place the user-identification info with it and you can call up their every keystroke ever if you wanted.

I was hoping every other device had this 'malicious software' installed except for BB's.

Shame...would have been a better story and a happy ending

Revolutions occuring all over the world thru social media and cell phone based organization of people. occupy wall street scaring the hell out of conservative corporate america. and now the discovery of a logging tool that tracks a users every key stroke, location, and behaviors on the most widely available and pushed mobile OS (android) in america.

yea, if theres one thing ive learned from this increasingly orwellian society we live in, its never trust authority, and theres always more to the story. if you honestly think that this PR stunt is the truth behind carrier IQ then, well, ignorance is bliss so they say.

if you dont get where im going with this, well, youre part of the problem.

Dig the whole pollyanna tone in this piece:

"Carrier IQ is just that, a diagnostic tool to help your carrier identify problems with your device or coverage."

Right, and DDT is just that, a farming tool to help your grower handle problems with your food or body.

Whether they mean well or not, which has yet to be proven, they've opened up a deeply exploitable vulnerability and acted like a cheating husband caught in the sack with the babysitter and the proclaiming, "Who do you believe, me or your lying eyes?"

Call us crazy to smell a rat. After all, that was patriotism that led the carriers to turn over all our information without probable cause, right comrade?

Those of you not in the goody gumdrop they said everything's ok and it's not their fault anyway club, EFF has posted a far more helpful and non-partisan piece:

Someday I suppose the anthropologists will explain why the near entirety of this generation didn't give half a darn about their rights and privacies being stripped away by government and Wall Street at nearly each and every turn.

For now, lets remember to stand up to all scum who don't provide full disclosure, have something to hide, and who take us for dumber than we look/act.

Better men than we died for the Fourth Amendment. Lets keep it.

From the report:

"What this means is that keystrokes, text message content and other very sensitive information is in fact being transmitted from some phones on which Carrier IQ is installed to third parties."

Think you could live without the diagnostic assistance?

I'm offended that a flack white paper from an embattled telco-parasite is treated like gospel at Crackberry.

Both the carriers and Carrier IQ are far from off the hook until further notice. For all we know, Carrier IQ sold the carriers a bill of goods. There's no rush. Lets do our research fully before we pass judgment.

This is very disappointing. Wondering if "Joe" of Crackberry has received a big fat check from Carrier IQ to encourage him to BELIEVE. Carrier IQ does an about face? A cease and desist order for Trevor Eckhart? Where's the Carrier IQ credibility? Perhaps this is directed to those who still believe in Santa.
My question is who does Carrier IO market this info to. In Trevor Eckhart's expose, he demonstrates that the opt out feature in one particular phone has no effect whatsoever and the app cannot be deleted.
CointelPro, Homeland Security and The Patriot Act are only a few of the info gathering mechanisms that will glean and archive info as well as ID thieves.
Nice to know that the odds with my Bold 9930 are a little better as BB rebukes the Carrier IQ encroachment. I have other family members on my Verizon Account with a IPhone4s and a HTC who are now looking at my Bold 9930.

Good points. However, RIM may not put it on your Bold, but Verizon does. Read my Verizon post above and my experience with them and my conversation with a tech guy over the phone when I asked if Carrier IQ was installed on my NEW Torch 9850 and how can I take it off....

Sprint said they have it on 96 percent of their phones. This little innocent diagnostic tool apparently, though, is not so innocent in Sprint's mind.

Also note the piece the other day where the FBI refused to discuss their use of Carrier IQ:

Everyone from EFF to the carriers are now on the people's side, leaving Carrier IQ, their whitepaper, and the spooks on the other side.

Crackberry was about a week late even covering this story when Trevor first broke it, then never got on top of it, then got pollyanna over Carrier IQ's failed attempt to justify their model.

The very top security experts, such as EFF and Bruce Schneier, find Carrier IQ alarming. Schneier predicts mobile phones are absolutely the next battleground for hacking and malware and it's going to get ugly.

Lets ease up on the Dooodledingle coverage, the screensavers, the .99 off some lightshow app and start getting real about mobile security. Needs its own forum and should be the top priority moving forward, especially since Android is far and away the most compromised platform and the embattled PlayBook is about to Vulcan mind meld with it.

Mark my words folks, this is only the beginning of what's going to be a big, big, big privacy and security issue in the months and years to come.

Brushing off something like Carrier IQ is a huge mistake, no matter how it all ends up. This thing was poorly coded, secretly inserted, messengers were then shot or attempted to be shot, and then denial was not just a river in Africa.

In the end, everyone wants out of it.

We were right to be suspicious and right to want it the hell off our phones until we know exactly what the story was.

Even non-malicious app makers and coders can provide things that do huge damage to one's personal information, finances and security. Everyone wants to snoop on you and make money off it. If we stand together we can stop it.

after reading this entire article, I find it very interesting how Verizon or any other company would not offer you instructions how to remove this software from their BlackBerry phone??
In my opinion, I do not trust Carrier IQ one bit - sorry, but i do believe SixYearBlackberryUser 100 % i can actually see that happening.
How can you receive a brand new spankin' BlackBerry Torch 9850, with the seal broken, not once, twice, but 3 times, only to go in person, to ask how to remove it from the phone.

They won't give you instructions how to do it - very highly suspicious to me.

I don't care if Carrier IQ has posted a PDF file explaining what it does, or what it doesn't do.

If I were you my dear BlackBerry users- i would ask to remove Carrier IQ ASAP

This is MY opinion, I have a right to it.!