The Inquirer-Home

Carrier IQ admits its software sees a lot of information but claims no rights over data

Hints at a mobile operator control problem
Mon Dec 05 2011, 09:22

MOBILE ANALYTICS FIRM Carrier IQ told The INQUIRER that its software does "see a great deal of information" and that it does "listen to SMSes" but that it has no rights over the data.

Carrier IQ, which has found its tracking software at the centre of a storm, has been fingered for possibly breaking US wiretap laws. However Andrew Coward, VP of marketing at Carrier IQ told The INQUIRER that the software is "seeing a great deal of information".

Coward revealed Carrier IQ's software can be loaded on almost any device, usually at the request of mobile operators. Coward said, "We've been around for about six years now and we started by putting software on feature phones and it has moved onto smartphones and other mobile devices. We have a generic software framework that can get loaded on pretty much any type of mobile device and that gets implemented by handset manufacturers usually at the request of operators but not necessarily always."

Given the battering Carrier IQ's brand is taking, Coward was still not willing to lay the blame at the feet of mobile operators, perhaps because they are the firm's customers, though he did agree that the firm was receiving the short end of the stick in the privacy blame game. Coward revealed the roadmap of how its software ends up on mobile phones and mentioned the tight control US mobile operators have over devices.

"So certainly here in the US, unlike Europe, the operators have a lot more control over the devices in the portfolio meaning the operators end up selling the devices in the most part. In the US the operators typically request that the handset manufacturers supplies our software on the phone and our contract is with the operators. The handset manufacturers work together with us to place the software on the phone, and obviously it has to be a two-sided relationship with the handset manufacturers because we're asking for a lot of analytical information and that has to be supplied."

Coward then provided an example of a source of data saying, "when it comes to getting information from the radio chipset, there is a lot of layer-3 messages and deep technical information that needs to be sent to us". After Coward provided this example, he was quick to distance Carrier IQ's access to it.

"We don't control any of the data, we don't have any rights on the data that comes in. The data is entirely under the jurisdiction of the operator. We can't sell it, we have absolutely no context to it. So it is ultimately a discussion between the trusted relationship between the operator and the consumer, and indeed operators are trusted with a huge amount of information from their customer, regardless of whether our technology is on the phone".

Coward highlighted that in Europe, the amount of data that can be collected is less and that, "opt-in/opt-out [to tracking] is the difference between the US and European markets".

One of the most damaging allegations made against Carrier IQ was that the firm's software tracked keystrokes, something it has denied. Coward quipped that if it was indeed recording all this data Carrier IQ "would be competing with Google for datacenter space".

"We are seeing a great deal of information, there are some very good questions that come out of that such as why would you even be interested in the content of an SMS message or a keypress. There are very specific reasons why that information is important, they have got nothing to do with holding that information or forwarding that information to the operator and are entirely due to internal reasons."

Coward confirmed that Carrier IQ does use SMSes as a control plane for its software. "Our software listens to SMSes that are destined for it because we see SMSes as control traffic for us, it is a very common way of controlling management type software on a mobile phone so we are looking for an SMS that comes to us that is specifically got our name on it that instructs our software to do something."

Although Coward wouldn't go into the specifics of SMS message parsing but at the very least it is likely the firm looks at the message's header in order see whether it needs to parse the contents of the message. This seems to tally up with some research that the firm has been pointing towards, that states Carrier IQ's software does know of the message length, phone number and status, but no message body.

Coward admits Carrier IQ's software does see a lot of data but by stating quite categorically that it is the operators that not only request the installation of the software in most cases but have final control over it, he shifts the spotlight onto the protagonists behind the curtain. The firm supplied The INQUIRER with statements from US mobile operators AT&T and Sprint, with AT&T stating, "In line with our privacy policy, we solely use [Carrier IQ] software data to improve wireless network and service performance."

Sprint admitted to using Carrier IQ software but stated, "We do not and cannot look at the contents of messages, etc., as some have speculated. Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service. We also use the data to understand device performance so we can figure out when issues are occurring."

AT&T's statement in particular should have users concerned. Effectively the firm states that the privacy policy that users agree to when signing their contract allows it to collect data from devices. As Coward told The INQUIRER, it has been supplying analytical software for six years now, and only now has it entered the public's consciousness, so it would be fair to assume this has been going on for a number of years.

Carrier IQ is feeling the effects of mob mentality at the moment, but the mobile operators - the firms that requested the software to be loaded and turned on - should be the real targets for venom. Coward hinted at the problem in his answers, that mobile operators have too much power, and while his firm could have rejected the business, Coward stated there are others that develop similar software.

Ultimately, Carrier IQ and its mobile analytics rivals are simply catering for a market, one that has been created by mobile operators. Carrier IQ and carriers such as Sprint say the software can improve customer service, but that is beside the point. Users should have the right to know what is being tracked and opt-in to the system, rather than having to sleuth around to stop their devices from leaking information. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?