Join 3,513 readers in helping fund MetaFilter (Hide)


"Carrier IQ is used to understand what problems customers are having with our network or devices so we can take action to improve service quality."
November 29, 2011 11:06 PM   Subscribe

CarrierIQ, a data-logging software present on most new Android, Blackberry and Nokia phones, secretly records keystrokes, dialed numbers and text messages. It also can't be turned off. Trevor Eckhart, the Android user who discovered and recorded it, labelled CarrierIQ a rootkit (you can read Eckhart's further analysis here). CarrierIQ sent Eckhart a cease-and-desist letter (PDF here), but has since backed off. Eckhart's findings confirm earlier rumors.
posted by alexoscar (103 comments total) 28 users marked this as a favorite

 
Apparently even switching to wifi doesn't help.
posted by infini at 11:11 PM on November 29, 2011


Here's the writeup on the situation (at least concerning Android) from XDA.
posted by Burhanistan at 11:19 PM on November 29, 2011 [2 favorites]


*smugly posts from iPhone*
posted by furiousxgeorge at 11:29 PM on November 29, 2011 [6 favorites]


Well, as it is pointed out: this is pretty much par for the course for most other smartphone's on the market. Carriers put on whatever they want that they think will be useful for themselves (ie, network stability, monetization of app sales, whatever). Android OS is open for the cell carriers to use it how they see fit, to keep doing business as usual. And it looks like most AOSP are based off the carrier builds, so include the CarrierIQ code as well.

Looks like the straight from google source projects are going to get a lot more work behind them, and the mod groups are going to start searching to remove CIQ as well.
posted by mrzarquon at 11:38 PM on November 29, 2011


*smugly posts from iPhone*

You really have no idea what is on that phone, but the location logging is bad enough.
posted by psycho-alchemy at 11:39 PM on November 29, 2011 [13 favorites]


furiousxgeorge: "*smugly posts from iPhone*"

*Smugly posts link to the very next post about Siri's refusal to help with women's reproductive health.*
posted by klanawa at 11:43 PM on November 29, 2011 [9 favorites]


Jokes on you, I'm not pro-choice.
posted by furiousxgeorge at 11:47 PM on November 29, 2011 [4 favorites]


Yeah, this is seriously bullshit. Fortunately android so you can install a completely clean install of android on your phone. You can also use cyanogen mod which is an alternative distro for lots of devices.

As far as surreptitious data recording goes the iPhone isn't pristine, a few months ago it was discovered the phone was storing point by point location history data, which could be extracted by anyone with physical access to the phone.

At least with Android there are things you can do right away, rather then waiting for a patch.
posted by delmoi at 11:47 PM on November 29, 2011 [3 favorites]


> Fortunately android so you can install a completely clean install of android on your phone. You can also use cyanogen mod which is an alternative distro for lots of devices.

Cyanogen is really the only viable choice for the vast majority of users as far as getting a clean ROM, provided they have a supported device. Installing the AOS is not simply a matter of sucking down the code to your phone and will be well beyond the purview of most handset owners.

I like tinkering around with my Android phone, but this is a totally unacceptable intrusion and I don't want to take any focus away from device manufacturer and carrier culpability by handwaving the issue away by just saying you can go flash another ROM. Pressure needs to be brought to bear on those responsible.
posted by Burhanistan at 11:51 PM on November 29, 2011 [8 favorites]


> but the location logging is bad enough.

You mean the location logging feature that Apple promptly fixed in an OS update, and was not something you were at risk for unless someone got their hands on the (unencrypted) backup files of your iPhone? Yes, that is entirely the same as the CarrierIQ system that logs all your data to their central servers, regardless of if you opted into their services or not, or if you are even using their phone with a carrier that has a contract with them (the software logging still checks in and runs after you've changed sims, ie bought a used phone).

This isn't about Apple or Google. This is about what the carriers and manufacturers are doing the OS once they get their hands on it. Apple isn't mentioned because carriers don't have that option with them, and well, Apple is the only manufacturer of the hardware. If this was found on iOS, Apple would have hell to pay (and Apple would be the only culprit in question, various PR spins about subcontractors or vendors or carriers couldn't happen) as well.

But again, this is also on Nokia and Blackberry phones as well: so if you want to shake your fists at someone, shake them at the carriers who think they have the right to spy on and take control of the device you bought (even if subsidized) because they are trying to maximize income streams.
posted by mrzarquon at 11:52 PM on November 29, 2011 [20 favorites]


*Smugly posts link to the very next post about Siri's refusal to help with women's reproductive health.*
That's actually a really serious issue with these smartphone AIs. With unintelligent tools there isn't as much of a 'moral' dimension, they do exactly what you ask. But with smart agents, especially ones hosted in central 'clouds' it's more problematic. What happens if the phone detects you might be trying to commit a crime? But what about drug related queries?

Politically sensitive queries are a whole other issue, Abortion is probably an oversight. Suppose someone looks for prostitution in Nevada, what should Siri say? Should an intelligent agent simply try to help you accomplish whatever you're trying to do to the best of it's ability, or steer your behavior to socially productive ends?
posted by delmoi at 11:52 PM on November 29, 2011 [5 favorites]


I've been kind of wanting a smartphone, not so much, now.
posted by maxwelton at 12:48 AM on November 30, 2011 [1 favorite]


Cyanogen is really the only viable choice for the vast majority of users as far as getting a clean ROM, provided they have a supported device

Hard to say, really. At best, you can probably only say it's as "clean" as those compromises known and dealt with a priori.
posted by Blazecock Pileon at 12:49 AM on November 30, 2011


Can anyone in the UK find CarrierIQ running on their phone? I can't, on my new high-end Android stock phone, but I can't download the test tool either: "This content is not supported on this phone".

Wondering whether it's incompatible with EU data protection laws, so the carriers can't run it, or whether it's just much better hidden how.
posted by Devonian at 1:05 AM on November 30, 2011 [1 favorite]


Hard to say, really. At best, you can probably only say it's as "clean" as those compromises known and dealt with a priori.
Uh... if you read the thread the DigiNotar certs seem to have been removed in a few days. You're really grasping at straws to make android look bad.
posted by delmoi at 1:23 AM on November 30, 2011 [4 favorites]


Cyanogen is really the only viable choice for the vast majority of users as far as getting a clean ROM, provided they have a supported device.

This is actually my criteria for purchasing new phones: does Cyanogen support it? If no, I'm not buying it.

That said, I completely agree about not wanting to take away from this. For many users, flashing a new ROM is simply beyond their technical skills--just because there's a solution doesn't mean that it's a practical or viable solution for most users.

I'm honestly sort of surprised that there hasn't been any legislation addressing this sort of privacy invasion from carriers--it seems to far outside the realm of what your average user would expect, you know?
posted by MeghanC at 1:24 AM on November 30, 2011


(reading more closely the DigiNotar bug was switched to 'started' status September 2nd, and 'fixed' October 9th)
posted by delmoi at 1:29 AM on November 30, 2011 [1 favorite]


delmoi: "(reading more closely the DigiNotar bug was switched to 'started' status September 2nd, and 'fixed' October 9th)"

Thanks for providing a reason to update my Cyanogen install. Will do so this weekend.
posted by ArmyOfKittens at 1:57 AM on November 30, 2011


But it's Open!
posted by DoctorFedora at 2:45 AM on November 30, 2011 [1 favorite]


Apparently Cyanogen is not supported for my T-Mobile Samsung Galaxy S. I has a sad now.
posted by explosion at 4:07 AM on November 30, 2011


I'm honestly sort of surprised that there hasn't been any legislation addressing this sort of privacy invasion from carriers

Seriously?

Or do you mean like the legislation to retroactively make warrantless wiretapping legal, and to grant absolute immunity to all companies who were happily doing it while it was illegal?

As far as everyone (except some of us unwashed masses*) is concerned, privacy is bad, and the more surveillance systems that can be baked into anything and everything, the better.

*And we probably just have Something To Hide.
posted by -harlequin- at 4:20 AM on November 30, 2011 [13 favorites]


I really love the fight in here over which proprietary, closed-source software from which mega-corporation is less evil than who's.

It seems like in 2011 it should be apparent that corporations, no matter how touchy-feelie their PR or design departments are, do not have your best interests at heart and it isn't a good idea for you to run their software with your private data without being able to see exactly what it really does all the way down.
posted by DU at 4:48 AM on November 30, 2011 [5 favorites]


I can't find it on my HTC Desire. Whether that's because it wasn't bought from a carrier or because I'm in Europe, I don't know - still, just knowing that these kinds of things get put onto the phone is pushing me ever closer to rooting it and installing Cyanogen.
posted by ZsigE at 4:59 AM on November 30, 2011


Wondering whether it's incompatible with EU data protection laws
Like poking a hungry bear whilst rubbing honey on your succulent, tasty limbs.
posted by fullerine at 5:10 AM on November 30, 2011 [1 favorite]


Apparently Cyanogen is not supported for my T-Mobile Samsung Galaxy S. I has a sad now.

Are you sure? I installed a port of Cyanogenmod on my Samsung Vibrant (T-mobile) two weeks ago, switching from another ROM. And I don't see any unsupported Galaxy S phones on CM's devices page.
posted by grrarrgh00 at 5:19 AM on November 30, 2011


At least with Android there are things you can do right away, rather then waiting for a patch.
posted by delmoi


Yes YOU can. However, what percentage of Android users even understand this sentence:

Fortunately android so you can install a completely clean install of android on your phone. You can also use cyanogen mod which is an alternative distro for lots of devices.

So for 99.99 percent of the population a patch is far more effective.
posted by justgary at 5:33 AM on November 30, 2011 [2 favorites]


but I can't download the test tool either

Where is this tool?
posted by You Should See the Other Guy at 5:39 AM on November 30, 2011


Whether that's because it wasn't bought from a carrier or because I'm in Europe, I don't know

I'm guessing in open markets where one can swap SIMs on a whim, there'd be no point installing this. Wonder if it might even be a US regulation/requirement?
posted by infini at 5:42 AM on November 30, 2011


Wonder if it might even be a US regulation/requirement?

I'm bizarrely used to the idea that the US government is already intercepting and parsing all the communications on my phone -- but a mandatory rootkit installed on my device would still horrify me. I hope this is still unlikely. But I'd be happier if there was a cardboard sign at the front desk of Google and Apple reading "We haven't been legally required to add keylogger and not tell you. Watch this sign."
posted by ~ at 5:59 AM on November 30, 2011 [3 favorites]


MetaFilter: Like poking a hungry bear whilst rubbing honey on your succulent, tasty limbs.
posted by DWRoelands at 6:02 AM on November 30, 2011


Are you sure? I installed a port of Cyanogenmod on my Samsung Vibrant (T-mobile) two weeks ago, switching from another ROM. And I don't see any unsupported Galaxy S phones on CM's devices page.

Should have been more specific. I have the Galaxy S 4G (SGH T959V), which is currently unsupported.
posted by explosion at 6:27 AM on November 30, 2011


I haven't installed Cyanogen on my HTC Thunderbolt because it's not an officially supported device, which surprised me, and it's not clear that my 4G radio will still work afterword. On the other hand, I can't find any evidence of this mod on my Verizon Thunderbolt at all, though I'm surprised they let it show up in the apps list.
posted by adamdschneider at 6:28 AM on November 30, 2011


The scummy behavior of CarrierIQ's lawyers indicate that this is not a trustworthy company and that there's a good chance that a normal person would not like how they use the data.

The EFF has done some wonderful work here by not letting abuse of the legal system get in the way of the truth.
posted by Llama-Lime at 6:34 AM on November 30, 2011 [7 favorites]


Oh, great. I just switched on my new Android phone for the first time, ten minutes ago. No sign of anything with IQ in the name on the list of running processes, I gather it would show up if it was there? Obviously I will need to get root access for myself so as to be able to poke around and break things, it's a bit insulting that they make it even slightly difficult.

I'm new to this so forgive my ignorance here, but once you have root can't you just edit stuff in /etc/init.d/ or wherever to stop it running things you'd rather not have?
posted by sfenders at 6:53 AM on November 30, 2011


No sign of anything with IQ in the name on the list of running processes, I gather it would show up if it was there?

Apparently not. Part of the 'rootkit' allegation is that it hides itself in the list of running processes.
posted by papercrane at 7:02 AM on November 30, 2011 [1 favorite]


Another issue with applications is outlandish permissions. Offering location privileges to a map application is ok, but why would ever Evernote or Angry Birds need coarse or GPS (!) location? Explaining how a program uses permissions should be obligatory.

Can anyone in the UK find CarrierIQ running on their phone?


Nothing in All Apps here either.
posted by ersatz at 7:22 AM on November 30, 2011 [1 favorite]


why would ever Evernote or Angry Birds need coarse or GPS (!) location?

In this case, the answer for most free apps is "targeted ads." They get more money if they can display Chicago ads to Chicago customers. Same reason they require network access.
posted by chundo at 7:32 AM on November 30, 2011 [1 favorite]


I just searched for "carrier iq" in Google's Android market, and the only two results for apps were a stupid meditation aid.
posted by Burhanistan at 7:40 AM on November 30, 2011


And it looks like most AOSP are based off the carrier builds, so include the CarrierIQ code as well.
Actually, everything I've heard so far from developers suggests that it is not part of AOSP/AOSP-based ROMs.

Where is this tool?
Here is the "Logging Test App"; you will need to be rooted for this. TrevE (the author of that program and the person who broke the news on CIQ) has also provided a more inclusive application to find and remove various logging softwarez that you can find here.

This is what goes into manually removing it from the firmware yourself, in case you're curious. There are also posts in some of the individual phone sections on removal (e.g. Samsung Epic 4G).

explosion: There are other good ROMs for the SGS 4G...
posted by nTeleKy at 7:56 AM on November 30, 2011 [1 favorite]


I see discussion of CIQ on Samsung and HTC phones, but does anyone know if it's present on Motorola phones as well? I'm eligible for a Verizon handset upgrade, and my current phone is growing unusable, but holy FUCK does this news throw a bucket of ice water on my Droid razr craving
posted by cobra_high_tigers at 8:01 AM on November 30, 2011


> And it looks like most AOSP are based off the carrier builds, so include the CarrierIQ code as well. Actually, everything I've heard so far from developers suggests that it is not part of AOSP/AOSP-based ROMs.

Yeah, there might be a bit of confusion. AOSP ROMs are those built from scratch using the Android Open Source available from Google. However, a good deal of hacked or reworked ROMs available on places like XDA are not originally AOSP, but are mods of existing ROMs from stock carrier devices. This distinction is usually made in the forums, though.
posted by Burhanistan at 8:07 AM on November 30, 2011


> For many users, flashing a new ROM is simply beyond their technical skills

This news makes me even less inclined to buy a smartphone than I already was, if that were possible. (I have an older low-end Blackberry only because my job pays for it and requires me to carry it.) I am not a tech novice but I did manage to brick a linksys router on my first try installing tomato firmware, and I've seen a great many hope-me messages from people who toasted their iPhones trying to jailbreak them. The notion of spending the price of a smartphone and having to risk turning it into a paperweight just to be sure it's spyware-free is not very tempting.
posted by jfuller at 8:13 AM on November 30, 2011 [1 favorite]


So I don't have a smartphone. I have a craptacular LG slide-y phone that takes bad pictures but has survived many a fall. I was considering getting the Samsung Galaxy II in the spring when my contract comes up for renewal (we have Sprint). I once was very technical but now I have a six year old and I'm losing my touch. If I buy a new phone in the spring, do I have to go find all these test and tools and fix my phone before I even start using it?
posted by PuppyCat at 9:10 AM on November 30, 2011


From the apologists' camp:

"Carrier IQ -- the 'evil' we agree to and hate that we did it"

I've been kind of wanting a smartphone, not so much, now.

Yeah, I like my Android phone, but it's really not all that. It's ridiculous that some of these phones sell for more than decent netbooks.

Google Voice is pretty dope; I'm thinking of killing my monthly phone bill and making people send me text messages to my Google Voice number and use Skype for voice/video calls. Then I would never have to answer the phone! :D

The only problem is that I got my Google Voice number too late! All the good ones were taken. (I was still able to get 4-PEYOTE in a decent area code.)

The only problem with this plan is emergencies. And kids. Damn those kid emergencies!

I can't find it on my HTC Desire.

Does it really show up in the list of applications or running services? I would think not. That would be the whole "rootkit" complaint.

How can you tell if your Android phone has CarrierIQ? Is there a list of models/carriers/dates?
posted by mrgrimm at 9:15 AM on November 30, 2011


"Sit down and keep your cock and your hands to yourself. I don't pay you so you can fuck me."
posted by mrgrimm at 9:24 AM on November 30, 2011


So for 99.99 percent of the population a patch is far more effective.

While this obviously made-up statistic may be true, I seriously doubt it is that high for the smartphone-owning population. Not to say that your point isn't true for a majority of smartphone users, but it is surprising what a typical member of a well-connected modern society can do. Remember, there are kids today that have never known a world without cellphones, the internet, or computers in the home. Extrapolating your own worldview onto everyone else is often an incorrect assumption.

All that aside, I've heard a lot about this, but is there a reliable list somewhere of which phones are affected, or even better, how to check based on carrier, manufacturer, etc? I have a Motorola smartphone, and from all accounts, their name hasn't been mentioned anywhere in this CarrierIQ stuff, but this is likely due to them doing all their logging software in-house, (Blur). Unfortunately, I'm not keen to go the CyanogenMod route because there are some features that are unique to my phone that I would lose if I did.
posted by mysterpigg at 9:24 AM on November 30, 2011


If I buy a new phone in the spring, do I have to go find all these test and tools and fix my phone before I even start using it?

Unclear, but to me, the answer seems to be "pretty much."
posted by mrgrimm at 9:25 AM on November 30, 2011


To paraphrase Niels Bohr: 'your thoughts may be paranoid, but they're never paranoid enough to be true.'
posted by jamjam at 9:29 AM on November 30, 2011 [2 favorites]


It doesn't seem to be present on the stock build of Android 4.0 on the HSPA+ Galaxy Nexus, which would lead me to believe that stock 2.x is probably free of it too. I'm less confident that such will be the case on Verizon's Nexus, Verizon being the slippery bastards that they are.
posted by invitapriore at 9:55 AM on November 30, 2011


Does it really show up in the list of applications or running services? I would think not. That would be the whole "rootkit" complaint.

The fpp link I happened to click on said: "Also, as seen in the video, only an application named HTC IQAgent is displayed as a running application on my HTC device. A second program called IQRD never makes itself known as a running application." Obviously there's no guarantee that anything at all would need to show up in the list, but at least for that one installation it does make an appearance.

I would like an open-source phone, please.
posted by sfenders at 10:01 AM on November 30, 2011



I would like an open-source phone, please.


This is what Mozilla is proposing to do with the Boot2Gecko project.

Full disclosure: I work for Mozilla but not on that project.
posted by gen at 10:25 AM on November 30, 2011 [4 favorites]


Hmm, According to this
It’s almost impossible for users to find off switches, user interfaces, policies, or references to IQRD anywhere on the phone. Using standard functionality, the only place you can see that the application is installed on the phone is in Menu -> Settings -> Manage Applications -> All, then scroll down to IQRD. This application has a non-descript icon and offers no information about itself. Even on old devices, IQRD runs continuously because it’s set to start automatically at boot. The only option you have to stop the application is to select “force stop”—which does nothing. The application continues to run. This is all particularly
So if you have it, it should show up as an application, I don't seem to have anything called IQRD it on my G2
posted by delmoi at 10:29 AM on November 30, 2011


> While this obviously made-up statistic may be true, I seriously doubt it is that high for the smartphone-owning population.

The percentage of people who actually go out of their way to jailbreak their iPhones or root their Droid phones is pretty minimal from everything that I have seen. Hell, the number of people who plug their iPhones into their computers for backups is only something like 50% (which is in part why Apple finally put iCloud backup out there). Just because you and all the nerds you know have smartphones and can jailbreak them doesn't mean all people with smartphones are your nerds. A majority of my non technical friends have them as well, and only update them when I tell them to and they remember to get around to it.

Privacy shouldn't be a luxury of the well informed nerds. Trying to downplay the impact of something like CIQ because "well, atleast they can patch their phone to get rid of it" isn't really an answer or solution for the majority of people who use the devices. It is the same reason why the FTC is making FaceBook make all privacy changes to peoples accounts explicitly Opt-In: you should have informed consent about what privacy information you are giving away, not handwaved away in some basic "well, you should have really known that we were collecting all this information, it's your responsibility as a consumer to do research" way.
posted by mrzarquon at 10:45 AM on November 30, 2011 [5 favorites]


it isn't a good idea for you to run their software with your private data without being able to see exactly what it really does all the way down.

There's an app for that.
posted by swift at 10:52 AM on November 30, 2011


There is no evidence anywhere that doesn't go back to the original article that these are on BlackBerry phones. I can't find a trace of it on my 9900 and nobody on the crackberry boards can either. As well, CIQ's job postings aren't looking for BB OS or BBX or QNX developers. I refuse to believe that my BB is at risk, at least not from CIQ.

Oh, and Forbes says CIQ is only on US phones, so once again, it's great to be in Canada.
posted by ethnomethodologist at 11:02 AM on November 30, 2011 [1 favorite]


The percentage of people who actually go out of their way to ........

I completely agree with you on the point you eventually get to, but I was just noting that majority != 99.99%. In today's world, "nerds" are quite a bit more than 0.01%.
posted by mysterpigg at 11:06 AM on November 30, 2011


Getting rid off CarrierIQ was what finally pushed me to move to a custom ROM on my Epic 4G. Of course, I'm implicitly trusting that rom's developers not to have done anything sneaky of their own. Such an interesting future - when a group of random strangers on the internet seems more trustworthy than the company you bought the phone from...
posted by bitmage at 12:15 PM on November 30, 2011 [5 favorites]


And there's this: Phone 'Rootkit' Maker Carrier IQ May Have Violated Wiretap Law In Millions Of Cases.

I can only assume the carriers are culpable in this as well, since they are the ones who actually installed the rootkit on the phones. They're certainly going to be held responsible for--ahahahahahaaha, sorry, couldn't keep a straight face.

They're going to buy off congress again and get off scott free, let's be honest.
posted by mullingitover at 2:59 PM on November 30, 2011 [2 favorites]


This is what keeps me from screwing around with third-party ROMs.
posted by mullingitover at 3:00 PM on November 30, 2011 [1 favorite]


Why is this not a thing, but iPhones storing cached vague locations a while back was a huge deal? Is it just that we all secretly don't hold the other companies (especially the carriers themselves) to any real standards?

Reminds me of things like the manufactured "issues" surrounding the Prius while the American automakers seem to have a recall of some sort every couple of weeks, yet nobody really says anything because, apparently, nobody really expects any better of them.
posted by DoctorFedora at 3:08 PM on November 30, 2011 [2 favorites]


(and by "not a thing," I mean "why isn't this getting really wide coverage, because it is in an insane and actual invasion of privacy to a potentially wildly illegal degree")
posted by DoctorFedora at 3:09 PM on November 30, 2011


This is what keeps me from screwing around with third-party ROMs.

That and the fact that I've replaced like 10 shitty phones under warranty for hardware reasons. (That problem could be fixed by not getting shitty phones, I suppose, but no!)

by "not a thing," I mean "why isn't this getting really wide coverage

For some reasons, this story has been growing slowly. I saw a post from Dennis O'Reilly about it today on G+. I think it will get pretty big, but "Android" is not the monolithic target that "iPhone" is.

I still would like to know whether my phone has the rootkit without having to root the phone to find out. Despite Eckhart's claim, Verizon (my carrier) says no:

"These reports are entirely erroneous," says Verizon spokesman Jeffrey Nelson. "We do not use Carrier IQ for any purpose."

So far we’re to understand that Verizon does not use Carrier IQ’s software in any way – let’s hope we hear similar things from the rest.
posted by mrgrimm at 3:16 PM on November 30, 2011


"thus far I have seen Verizon officially deny that they are using it on any of their phones, however several carrier domains have been unearthed such as vzw-collector.demo.carrieriq.com and hupload-vzw99.carrieriq.com"

Yeah, I think this story will get bigger before it dies.
posted by mrgrimm at 3:19 PM on November 30, 2011


I'm happy to report no sign of Carrier IQ's rootkit on my T-Mobile phone android phone. Still, it makes me paranoid. It took this long to become public? How long has it been installed?

This is why I feel Google should've forbidden the OEMs from tinkering with any Google-branded devices. Google phone should mean 100% Google-blessed experience. Anything with Google's name on it implicates them in whatever crap the OEMs and carriers foist on the end user.
posted by mullingitover at 3:23 PM on November 30, 2011


Google phone should mean 100% Google-blessed experience.

God no. It's an phone running Android OS, not a Google Phone. What's the point of making Android open if no one can modify or improve it?
posted by mrgrimm at 3:27 PM on November 30, 2011


mrgrimm: "What's the point of making Android open if no one can modify or improve it?"

Android is open source, and OEMs are free to knock themselves out ladening it with crap to their hearts' content. They just can't call it a Google phone without Google's blessing, and that's why Google should own the experience.
posted by mullingitover at 3:32 PM on November 30, 2011


> hey just can't call it a Google phone without Google's blessing, and that's why Google should own the experience.

Not to quibble, but only a few of the devices running Android are actually "Google" phones and referred to as such in marketing or nomenclature.
posted by Burhanistan at 3:33 PM on November 30, 2011


Burhanistan: "Not to quibble, but only a few of the devices running Android are actually "Google" phones and referred to as such in marketing or nomenclature."

Any phone with the Android Market app installed is a Google Phone.
posted by mullingitover at 3:38 PM on November 30, 2011


This is why I feel Google should've forbidden the OEMs from tinkering with any Google-branded devices. Google phone should mean 100% Google-blessed experience. Anything with Google's name on it implicates them in whatever crap the OEMs and carriers foist on the end user.
...
Google should own the experience.


Where have I heard that business plan before?
posted by entropicamericana at 3:38 PM on November 30, 2011 [1 favorite]


For further example, according to Google, these are all Google Phones.
posted by mullingitover at 3:40 PM on November 30, 2011


> Any phone with the Android Market app installed is a Google Phone.

Not really. Only the devices listed here that have the "with Google" slogan are.
posted by Burhanistan at 3:40 PM on November 30, 2011


No True Google Phone fallacy, etc.
posted by Burhanistan at 3:42 PM on November 30, 2011


No True Google Phone fallacy, etc.


At the end of the day, anything that says 'Google' anywhere in or on it comes with Google's tacit approval and customers will (rightly) keep Google in mind when they have a bad experience with it. You'd think this would make them more careful about letting OEMs run with whatever greedy idiot scheme the carriers come up with.
posted by mullingitover at 3:47 PM on November 30, 2011 [1 favorite]


No argument there.
posted by Burhanistan at 3:48 PM on November 30, 2011


This kind of unwanted surveillance wouldn't be so bad if the company made the recordings of me available to me, but if I was erroneously accused of a serious crime, and I thought that CarrierIQ's logs of my daily activity would prove my innocence, and if I asked CarrierIQ to make my exculpating information available to me, I'm pretty sure they'd tell me to take a hike, and leave me to rot in prison.

Actually, maybe they wouldn't tell me to take a hike - maybe they wouldn't even bother to reply at all.
posted by -harlequin- at 6:03 PM on November 30, 2011


looks like it's been found in iOS after all...

i hear there will be hell to pay?
posted by radiosilents at 8:02 PM on November 30, 2011 [3 favorites]


*smug shit eating grin wilts*
posted by benzenedream at 9:05 PM on November 30, 2011 [1 favorite]


Question - does anyone have any idea what information is actually being transmitted to CIQ? If the app isn't transmitting the keystrokes, maybe its not as bad as it seems?

But I really can't see why the app would log all keystrokes if it wasn't transmitting them.
posted by His thoughts were red thoughts at 9:19 PM on November 30, 2011


Android phones are marketed as being Android phones, not as "Google phones." So not being allowed to call your phone a "Google phone" wouldn't really impact marketability.
posted by delmoi at 9:56 PM on November 30, 2011


radiosilents: "looks like it's been found in iOS after all...

i hear there will be hell to pay
"

Ow! My schadenfreude!

Oh, wait. There's an update at the bottom, and it isn't even in the same ballpark as everyone else. Still, though! I had a moment of self-reflection about my delight deep concern about the fact that nobody seems to be able to get it even nearly as minimally wrong as Apple has so far.

I'd like to see Windows Phone get some market traction, though. Nice to see competition in the computer-and-now-phone industry that doesn't involve blindly aping what the market leader does.
posted by DoctorFedora at 10:14 PM on November 30, 2011


I'd like to see Windows Phone get some market traction, though. Nice to see competition in the computer-and-now-phone industry that doesn't involve blindly aping what the market leader does.
I'm pretty sure CIQ was on windows phones.
posted by delmoi at 12:03 AM on December 1, 2011


Yeah, but still. That comment of mine was actually pretty much just thinking out loud. ^^;
posted by DoctorFedora at 2:23 AM on December 1, 2011


furiousxgeorge: "*smugly posts from iPhone*"

I wouldn't be so smug, it looks like Carrier IQ is on the iPhone also.
posted by octothorpe at 10:25 AM on December 1, 2011


Carrier IQ: How To Find It, And How To Deal With It

It's not installed on my droidX on verizon apparently.
posted by Big_B at 10:45 AM on December 1, 2011 [1 favorite]


octhothorpe, don't you mean something more like this?
posted by rodgerd at 11:00 AM on December 1, 2011


Can anyone in the UK find CarrierIQ running on their phone? I can't, on my new high-end Android stock phone, but I can't download the test tool either: "This content is not supported on this phone".

Most of the British, Australian, and NZ carriers have denied they install CarrierIQ. How much that's worth when it comes from companies like Vodafone, I leave up to you...
posted by rodgerd at 11:04 AM on December 1, 2011


Apple's official statement to All Things Digital.
posted by entropicamericana at 12:40 PM on December 1, 2011 [1 favorite]


Apple: We Don’t Use Carrier IQ… In Most Of Our Products… Anymore.
posted by octothorpe at 2:31 PM on December 1, 2011 [2 favorites]


At this point, Chpwn believes the daemon does not have access to the UI layer, which means it may not be able to capture the kind of data exposed in Android devices.

That's good to know.
posted by Blazecock Pileon at 3:00 PM on December 1, 2011


Most of the British, Australian, and NZ carriers have denied they install CarrierIQ. How much that's worth when it comes from companies like Vodafone, I leave up to you...

rodgerd, do you have a cite for this? I can't find anything from Australian carriers denying that they use CIQ...
posted by His thoughts were red thoughts at 4:50 PM on December 1, 2011


do you have a cite for this?

It's in the Register article I linked.
posted by rodgerd at 12:50 AM on December 2, 2011


For those with Blackberries, a Carrier IQ version for RIM phones has been shown to exist (whether your own phone happens to have it installed is another question.) From this thread on crackberry.com:

Posted by Sith_Apprentice Friday, Dec 02, 2011 4 hrs ago

Using a factory device (9650 running OS 6) i downloaded from ota.carrieriq.com/rim. The modules were not present on the device fresh out of the box, or on any device where i manually updated the software. Also, the application MUST be granted trusted status in order to work properly. I installed the app (and set all permissions to DENY).

Below is a list of modules in the "Stable" OS 6 release:
Application Module - IQAgent
Library Modules - IQAgent-1
IQAgent-10
IQAgent-11
IQAgent-12
IQAgent-13
IQAgent-14
IQAgent-15
IQAgent-16
IQAgent-17
IQAgent-2
IQAgent-3
IQAgent-4
IQAgent-5
IQAgent-6
IQAgent-7
IQAgent-8
IQAgent-9

The app also requests the following access:
USB
Bluetooth
Phone
Location Data
Server Network
Internet
WI-FI
Cross Application Communication
Device Settings
Media
Application Management
Themes
Input Simulation
Browser Filtering
Recording
Security Timer Reset
Display Information while Locked
Email
Organizer Data
Files
Security Data

I can also confirm that there is no icon for this application, though it does show under "IQAgent" in the application management listing and is listed as optional.

Update:
The application and all listed modules removes easily with a delete of the application. No wipe or extreme measures needed. I do not think BlackBerry users need to be worried about this app, if its found, simply go in and uninstall it.

posted by jfuller at 7:07 AM on December 2, 2011 [1 favorite]


Researchers find big leaks in pre-installed Android apps
posted by jeffburdges at 12:24 PM on December 2, 2011 [1 favorite]


Voodoo Carrier IQ Detector

getting decent reviews so far. doesn't seem like it requires rooting. i'll give it a try and let you know how it works for me...
posted by mrgrimm at 12:53 PM on December 2, 2011


also, Verizon: No Carrier IQ, No Way
posted by mrgrimm at 12:54 PM on December 2, 2011


"Detection score (not reliable yet): 0"

:D
posted by mrgrimm at 12:56 PM on December 2, 2011


Don't believe a word Verizon says about anything privacy-related. They denied turning over user data in the whole NSA fiasco, after all, and we saw how well that worked out.

From this article:
In fact, after a more thorough review, the only incorrect information published by Trevor Eckhart was information he published about Verizon Wireless. A spokesperson from Verizon clarified that the privacy policy information they published on their website was not in any way related to CarrierIQ. In fact, Verizon claims to not have any dealings at all with CarrierIQ on any of their handsets. Of course, the Verizon spokesperson failed to comment when Mr. Eckhart responded by pointing out that his research discovered three IP addresses in the CarrierIQ network that were pointed to by domains like vzw-collector.demo.carrieriq.com and hupload-vzw99.carrieriq.com.
Seriously, after CarrierIQ was essentially caught lying about what their software does in that press release, why is anyone citing press releases by other companies with similar incentives as some sort of proof of anything?
posted by invitapriore at 1:13 PM on December 2, 2011 [2 favorites]


why is anyone citing press releases by other companies with similar incentives as some sort of proof of anything?

I'm not citing them as proof of anything. I'm just citing them to show they exist. I don't believe anything ANYONE says about anything.

Oh, you mean Geek.com. Yeah, just poor word choice, I think. They should have used "contested information" rather than "incorrect."
posted by mrgrimm at 1:34 PM on December 2, 2011


Yeah, mrgrimm, no worries, I figured that's what you were doing since you just posted the title of the article.
posted by invitapriore at 1:53 PM on December 2, 2011


Why hasn't anyone disassembled these binaries to figure out exactly what they do yet?
posted by delmoi at 2:18 PM on December 2, 2011


Oh, I'm sure there are a lot of people disassembling it right now, but the focus will be on turning on remote keylogging and sending the results to their own servers.
posted by benzenedream at 4:22 PM on December 2, 2011 [1 favorite]


"Carrier IQ hit with privacy lawsuits as more security researchers weigh in"
posted by delmoi at 9:59 AM on December 3, 2011 [2 favorites]


FBI Refuses Freedom of Information Act Request About Carrier IQ
posted by jeffburdges at 6:50 PM on December 12, 2011


« Older In 2009, Urumqi, China exploded in riots. The ass...  |  Siri Can't or Won't Search for... Newer »


This thread has been archived and is closed to new comments