Does your smartphone run Carrier IQ? Find out here
Apple, AT&T, Sprint confirm; Nokia, RIM, Verizon deny
The roster of confirmed smartphone manufacturers and network providers using the controversial Carrier IQ tracking software has grown to include Apple, AT&T, Sprint, HTC, and Samsung. Verizon, Nokia, and Research in Motion, meanwhile, have denied reports saying they employ it.
In a statement that was widely reported on Thursday, Apple confirmed that some undisclosed products use the software, which an independent researcher has documented secretly monitors users' key presses even when they're entered into webpages protected by the SSL protocol.
Apple didn't say which devices still use the diagnostic software or how long the company has relied on it. But according to a report published on Thursday by Ars Technica, the only iOS 5 device that runs Carrier IQ is the iPhone 4. "Other devices running iOS 5, such as the iPad, the new iPhone 4S, and older iPhone models updated to iOS 5 have had Carrier IQ stripped out," the report said, citing Apple.
The Apple statement, as reported by AllThingsD read:
We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.
Apple's admission, which leaves open the possibility that earlier iDevices still contain Carrier IQ, contrasted with blanket denials from Verizon, Nokia, and Research in Motion, all of which were named by Trevor Eckhart as providing devices that had the software installed.
“The reports we have seen about Verizon using Carrier IQ are false,” Verizon spokeswoman Debi Lewis wrote in an email to The Register.
In his own email, Nokia spokesman Mark Durrant wrote: “Further to your piece, CarrierIQ does not ship products for any Nokia devices, so reports that they have been found on Nokia phones are wrong.”
A statement from RIM, reported by IDG News, was even more categorical.
"RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution," the company said in a statement. "RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app.”
The denials contradicted research findings Eckhart published last month that claimed phones made or used by all three companies contained the tracking software. In an interview on Thursday, Eckhart conceded he had no hard proof. But he stood by the assertions that Verizon and Nokia had ties to Carrier IQ and cited links on Carrier IQ's website as support.
Eckhart said pages here and here both include executable files that install Carrier IQ on a variety of Nokia handsets. He also dug up this page, which appears to show IP address lookups for the subdomains vzw-collector.demo.carrieriq.com, vzw-dis.demo.carrieriq.com and hupload-vzw99.carrieriq.com. None of the three URLs responded to pings at time of writing.
A statement from Sprint, meanwhile, said:
Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service. We also use the data to understand device performance so we can determine when issues are occurring and how to resolve them. We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don't provide a direct feed of this data to anyone outside of Sprint.
Both HTC and Samsung, according to IDG, said they add Carrier IQ to their phones as required by unnamed carriers who buy the devices. An HTC statement went on to say that HTC isn't a Carrier IQ customer and receives no data from the app.
With a chorus of companies coming out of the wings to confirm or deny their use of the software, Carrier IQ's reticence is becoming deafening. If the software is really as innocuous as Android security researcher Dan Rosenberg suspects, it should be relatively simply for the Mountain View, California-based company to provide documentation that will put the matter to rest.
Instead, Carrier IQ representatives have have maintained radio silence for more than a week now. ®
This article was updated to add details in the third paragraph about the iPhone 4.
Sponsored: Global DDoS threat landscape report