An Unofficial Carrier IQ FAQ: what is it, how it works, how to remove it from your phone such as HTC Evo 4G
Recently Carrier IQ has been all over the tech news, when a researcher (read: Android hacker) testing his phone found this software on his HTC EVO 4G that seem to be doing something fishy. He published his test results, and raised a firestorm. Now multiple lawsuits are hitting the company, at least one US Senator is getting involved, and controversy shows no sign of abating.
We will go over the facts, the rumors, and what are the statuses of various carriers and phone makers regarding this Carrier IQ thing. All sources of information will be cited so you can see for yourself. If you spot something that wasn't mentioned here, please feel free to add them in the comments.
NOTE: Updated 25-DEC-2011, added EFF reverse engineering CarrierIQ to understand what's being sent.
Editor's Note: For the purpose of this article, the term "Carrier IQ" will refer to the software and/or technology, not the company itself, unless noted otherwise.
What is Carrier IQ?
Carrier IQ is a company based in northern California that has a technology that it claims to help phone makers and carriers measure user experience, by collecting information about the user, which could help phone makers and carriers pinpoint problems with phone or network. (see Carrier IQ official statement)
However, one researcher Mr. Eckart, has shown that Carrier IQ appears to capture every single keystroke, contents of SMS messages, internet communications, what apps are loaded in your phone, and more. (See Eckart's blog) Some have alleged that this amounts to violation of US Federal Wiretap laws, and several class action lawsuit has been filed. Furthermore US Senator has sent a letter to the company requested detailed answer to the most pertinent questions. Even European regulators are now investigating Carrier IQ. At least three separate consumer privacy protection agencies in Europe (Germany, UK, and EU) are taking an interest in the Carrier IQ case. Even Google's CEO Eric Schmidt, called it a "keylogger" though he did not clarify on how he made that determination.
Carrier IQ the company has thus far denied all charges, and claims its software was misunderstood.
What Does Carrier IQ do?
According to Eckhart, the Carrier IQ app on his HTC Evo 4G is completely hidden except for its appearance in "running apps". There is no opt-in at all. Furthermore, it is impossible to opt-out, as the app cannot be "stopped", unlike normal apps.
Eckart then used Android Debug Bridge (ADB) to track what the phone's doing, and found that the Carrier IQ background application appears to knows which key is being pressed, what apps are running, what numbers are dialed, which SMS (recipient and content) and so on and so forth, even when the phone is on "airplane mode" (completely off the carrier network).
Eckhart did not actually see Carrier IQ app send information out of the phone. He also did not disassemble the code and see what exactly is being performed. He observed 'system level events' that is suspicious, but no proof of actual wrongdoing.
Carrier IQ, as reported by Wired Magazine in the latest update, admits to keeping a lot of data. However, it denies looking at the data individually, but admits that it has enough data that *can* be mined. (see latest Wired article )
That sounds bad. What EXACTLY does Carrier IQ do?
According to Carrier IQ's website, Carrier IQ listens to phone's system events, such as signal level, battery level, call duration and droppage, URL entered, SMS entered, and numbers dialed. Then based on the "profile" as specified by the phone carrier, only some of the data is kept. Then it encrypts the data and sends it back to Carrier IQ about once a day. Carriers can access their data through custom secured web interface, such as filter down to how many dropped calls in cell XYZ and so on. ZDNet has pulled out Carrier IQ's patent from the USPTO and inside are some technical language that raises concerns. Carrier IQ, on the other hand, does not deny that the app itself listens to a lot of data, but claims most of the data is discarded ON THE PHONE and very little is sent back to Carrier IQ. Furthermore, Electronic Frontier Foundation is now reverse engineering what each carrier's Carrier IQ "profile" is doing, and you are encouraged to participate.
The controversy regarding Carrier IQ is in just how much data do they get, can they be trusted to keep it secure, and whether they are ALLOWED such access to data in the first place if there is no chance to opt-out when it's set to hidden mode.
A different security researcher, Dan Rosenburg, claims that his studies shows that Carrier IQ does NOT violate privacy and does NOT read SMS messages or all keystrokes, only diagnostic data, and concerns are overblown. (see PC Magazine Article) According to him, the blame lies with HTC, who had disabled the opt-in messages (i.e. set to hidden mode). He, however, agrees that URL tracking and key tracking is suspicious and needs clarification. Yet another researcher, reported by NetworkWorld, went to CarrierIQ and studied the code independently (with CarrierIQ's permission) and found it NOT as suspicious as Trevor Eckhart claim to be. While it does track URL and SMS headers, it does NOT read contents or actually read individual keystrokes.
The difference between Rosenburg and Eckhart is Rosenburg actually disassembled the Carrier IQ code and can see what it actually does, whereas Eckhart simply use ADB and saw some system events that looks very suspicious. In other words, While Eckhart saw suspicious shadows through a window, Rosenburg actually opened the door and peeked inside.
How is this different from diagnostic software, like, say Dr. Watson in older version of Windows?
It is not that different, except for the fact that in Dr. Watson, you have a choice whether to send off the report or not, and thus you know this function exists. In contrast, Carrier IQ can be set to hidden mode where you are not even aware of its presence, thus giving you no chance to "opt out" of giving up this information.
So should I be worried about Carrier IQ at all?
Stay tuned. Just how "bad" Carrier IQ is may be overblown. It is of concern, but it's probably not as bad as "worst case scenario".
Who has access to Carrier IQ's data that was collected?
According to Carrier IQ, just themselves and the respective carrier has access to the data. In fact, Carrier IQ deny owning the data, stating that such data belongs to the carrier, so don't bother suing them to remove your data. They don't have the right to manipulate them.
Does the government have access to Carrier IQ's data?
Probably not. There was a "freedom of information" request sent to FBI asking them if they have Carrier IQ info. The requester for a "blanket denial" back, claiming "ongoing investigation". However, later FBI and Carrier IQ independently announced that they are NOT working with each other. Head of FBI stated categorically that they have never requested data from Carrier IQ, and Carrier IQ announced that they have not handed any information to FBI. (see Gizmodo report)
How did Carrier IQ get "revealed"?
In end of October, Trevor Eckhart, a system administrator for a company in Connecticut, noticed some unusual network traffic on the company network that doesn't fit any of the computer users. He eventually tracked them down as being sent by the cell phones on the company WiFi network. He tracked the data packets to "IQ Agent" on his HTC EVO 4G (on Sprint) that he cannot explain, nor can he terminate the app.
He investigated the app in detail, and found alarming things about it. He tracked the app down to a company called Carrier IQ, whose material on their own website made Eckhart very alarmed. He shared the results on XDA Developers, and received many confirmations. Apparently Carrier IQ claims to know what is happening on your phone, yet nobody has heard of Carrier IQ.
Mr. Eckhart approached Russell Holly of Geek.com, who concurred that it's important and his fears were justified. Mr. Eckhart chose to release the information that he have discovered, along with copies of the material that was publicly available on Carrier IQ's website, and let other people confirm or deny his results. That was in Mid-November. The story was also published by Geek.com
Carrier IQ found out, immediately withdrew the previously publicly accessible material, and sent a letter of "cease and desist" to Trevor Eckhart, claiming false allegations, copyright violation, and so on and so forth. (This was also reported by Geek.com) They demand Mr. Eckhart issue a public apology for maligning the company.
Instead of backing down, Trevor Eckhart went to Electronic Frontier Foundation, an organization that protects digital rights of users. Their lawyers wrote back to Carrier IQ, basically laughing at them for such a weak attempt to scare one guy. This was quickly picked up by various news agencies. Here is link to Wired magazine's report. EFF said Carrier IQ, in attempt to suppress Eckhart's findings, may have actually made it famous. This is known as the Streisand Effect (named after Barbara Streisand).
Carrier IQ quickly retracted the cease and desist, apologized, claim there was a "misunderstanding". However, the controversy only amplified, and now people are searching high and low for any signs of Carrier IQ in all their mobile devices.
Now that class action lawsuits has started, and a US Senator is starting an investigation into Carrier IQ, the proverbial **** has really hit the fan.
How many phones in the world have Carrier IQ?
According to Carrier IQ itself, over 141 million phones are equipped with Carrier IQ. There is a "ticker" on their website that shows this number.
How do I know if my Android device has Carrier IQ?
There are now several Android apps that scans your phone for signs of Carrier IQ
Project Voodoo is the first to push out a Carrier IQ Detector
Maker of Lookout Security have a Carrier IQ detector out as well
BitDefender anti-virus is third place with a Carrier IQ detector
More are hitting the market, and beware, some of them may be fake and just want to join the popularity. Use the big names.
Carrier IQ is only included if the carrier or maker customized their phone. Google Nexus phones, running pure Android, is not affected. Nor are any Android phones running "mod" ROMs based on Android Open Source Projecte (AOSP) ROMs, such as CyanogenMod. However, mods based on factory ROMs, such as HTC Sense or TouchWiz, will still be affected, unless specifically changed to remove Carrier IQ. (see here on how to load a new ROM on your Android device, and other customization mods )
What Smart Phone Operating Systems other than Android can I find Carrier IQ on?
- Symbian (?)
- WebOS (?)
- Blackberry OS (?) [Note: RIM denies putting Carrier IQ on their devices)
Windows Phone 7 does NOT have Carrier IQ.
No information on Bada, Meego, or the Chinese clone of Android called Ophone.
Who (Phone Maker) Includes Carrier IQ on their phones?
"Google Nexus" phones (Nexus One, Nexus S, Galaxy Nexus) do NOT have Carrier IQ.
HTC: All Android phones have Carrier IQ. Blames carriers for "wanting" Carrier IQ. (see Gizmodo post) There is no "off" switch on HTC Android phones.
Samsung: Android phones have Carrier IQ, according to Eckhart. However, there is a "hidden menu" to turn off Carrier IQ. It is not easily accessible.
Apple: Apple confirms it is using a less onerous version of Carrier IQ since iOS 3. It can be turned off, but not removed. (see Chpown's blog) Apple also claimed that it will no longer use Carrier IQ in future versions of iOS 5. (see All Things D blog)
Nokia: no known device with CarrierIQ
UPDATE: Gizmodo has summarized the responses posted by HTC and Samsung regarding Carrier IQ.
Who (Carriers) is using Carrier IQ-equipped phones?
Verizon has vehemently denied using Carrier IQ at all. (see Gigaom post) Though some older phones may have Carrier IQ.
Sprint has acknowledged that it does use Carrier IQ to improve customer relations. It denies looking at actual phone numbers, SMS messages, and so on. (see Computerworld article [Link broken]) Later admits that about half of of their users are affected by Carrier IQ, responding to Senator Al Franken's request. (see Gizmodo report )
AT&T acknowledged that it does use Carrier IQ, and offered no details (See Computerworld article) In response to Senator Al Franken, says about 900,000 users are affected, and gave list of devices (see Gizmodo report)
T-Mobile says they do use Carrier IQ, offered no details. (see Computerworld article) However, they also denied asking phone makers to put in Carrier IQ. (Twitter announcement no longer available) Tmobile support FAQ confirms that it does have Carrier IQ deployed. (see earlier link to Crackberry) Here is a full list of T-Mobile devices with Carrier IQ installed (via TMONews)
US Cellular: no Carrier IQ
O2: no carrier IQ
Vodafone: no carrier IQ now (apparently it was tried earlier in Portugal, but ended in 2009)
Orange: no carrier IQ
No information on other carriers.
How can I stop Carrier IQ on my phone?
Right now, only Android version has been studied in detail, and specifically, the HTC Android version baked into the HTC Sense ROMs.
Trevor Eckhart have made available his security app, Logging Test, available on XDA Developers for you to scan your device, but your device may have to be rooted for this to work. [Update: the $1.00 donation version had disappeared from Android Marketplace],
Security researchers warned that attempt to remove Carrier IQ may actually screw up your phone, as Mr. Eckhart didn't seem to have analyzed whether his modification to system ROM would have any unintended consequences.
According to Eckhart and other developers on XDADevelopers,, Samsung's version of Carrier IQ can be turned off through a hidden menu, but I have not been able to find how to open up such a menu.
ChpOwn found that iOS has Carrier IQ, but the default setting is OFF. However, there seems to be no way to remove it permanently. Apple, however, have commented that they will remove CarrierIQ from future revisions of iOS 5. Here is how you can stop Carrier IQ on iOS 5 devices (thanks to Cnet) If you use iOS4 or iOS3 device, you need to disable the "feedback" function from within iTunes your device sync to, not directly on the device. This is also explained in the link above.
Another option for Android phones is to root it and load a clean ROM (based on AOSP) which would not have Carrier IQ incorporated. However, this would involve setting up your phone all over again. How to root your device and load mod ROMs is beyond the purview of this hub.
How Can I Sue HTC, Samsung, and/or Carrier IQ?
Two separate class action lawsuits has been filed in the US: one in Chicago Illinois, and one in St. Louis Missouri. (See PaidContent.com report on this ) against HTC and Samsung, as well as Carrier IQ.
UPDATE: A separate lawsuit has been initiated against carriers like T-Mobile, Sprint, AT&T, as well as Apple. (See Businessweek report )
Why do such software exist?
Devices are getting more complicated every day, with hundreds of components, millions of lines of code, all interacting with each other, and when things don't work, the devices makers and service providers don't hear about them until irate customers call in. By then it may be too late. Thus, companies are trying to get information from the customers as soon as possible. However, this raises privacy issues.
If you are an Android user, you are probably familiar with the "send feedback" screen. When an app crashed (force close), you often get a screen that lets you send some information back to the developer, if you wish to do so. it contains some debug information that is complete gobbledygook if you don't speak Android. You can then choose to actually send it or cancel.
The controversy about Carrier IQ is not that it doesn't do what it does, but rather it can be set to "hidden mode", where it sends this sort of feedback without you ever be aware of it even exists in your phone, much less allow such information to leave your phone.
An anonymous UK phone network engineer answers questions on the network in general and why Carrier IQ is sometimes necessary (thanks to ZDNet)
Why is Carrier IQ referred to as a rootkit?
Researcher Eckhart used the term rootkit on the website. His justification is the app is baked into the system ROM and is considered a system process (running as "root" security level), and is nearly impossible to detect, much less remove, and has hooks into nearly everything the system does. Rootkit is a valid description.
In contrast, spyware can be easily detected and removed. Rootkits cannot.
Is what Carrier IQ did legal in the US?
It depends on who you ask.
To some experts, this is a CLEAR violation of Federal Anti-Wiretap Act. (See Forbes article) However, the same law expert warned that Carrier IQ may be acting as an agent for the carriers or the phone makers and thus is exempt from such provisions. This will cost a lot of money to get resolved.
Additional Resources on Carrier IQ
- US Senator Al Franken's Letter to Carrier IQ
Senator Al Franken sent an open letter to Carrier IQ's president, asking him to clarify various issues, such as what data is logged, what data is transmitted, and so on.