Feeds

Carrier IQ meets feds 'to educate them'

Smartphone-probing app firm seeks to avoid being probed

Choosing a cloud hosting partner with confidence

The makers of the controversial smartphone app Carrier IQ have reportedly been quizzed by federal regulators over concerns that its technology tracked user activity and uploaded data to mobile operators behind the back of consumers.

The Washington Post reports that senior Carrier IQ execs have met with representatives from US consumer watchdog The Federal Trade commission and staff from the Federal Communications Commission (FCC) to explain its position. Controversy over Carrier IQ's mobile network diagnostic tool reignited earlier this week after it emerged, via freedom of information requests, that the FBI is using data captured by the app.

The FBI denies asking for data obtained by Carrier IQ's software, at least directly. It seems that information snaffled by the utility was handed over by carriers in response to lawful interception requests, The Guardian reports.

Carrier IQ said it had sought meetings with regulators in order to allay possible concerns and defuse privacy fears. It denies being hauled in as part of a more formal investigation.

"Carrier IQ sought meetings with the FTC and FCC to educate the two agencies… and answer any and all questions," Andrew Coward, the senior vice president for marketing, told the Post. He added that he was unaware of any official investigation into the firm.

Coward met FTC and FCC staffers alongside Carrier IQ chief executive, Larry Lenhart, as well as congressional staff. US senator Al Franken wrote to Carrier IQ last month soon after the controversy about its technology first emerged.

Security researcher Trevor Eckhart was the first to raise concerns about Carrier IQ's technology. After initially serving Eckhart with a cease and desist letter the firm has since come around and explained how its technology operates in a way that has defused many of the original concerns. It's not a mobile rootkit or keylogger, contrary to initial reports and descriptions of the technology by Google's chairman Eric Schmidt, respectively. However transparency and privacy issues remain valid concerns.

Carrier IQ explained earlier this month that its technology is only designed to diagnose operational problems on networks and mobile devices, such as dropped calls, data transmission speeds and battery life. "While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video," it said (PDF statement here).

Actually that last bit turns out to be not entirely true because the software firm was obliged to admit that a security bug meant its application did collect the contents of SMS messages in some circumstances. An SMS message would get embedded in signalling if, for example, a user received a message during a call. The data would be encoded and not easily readable by a human, as explained in a blog post by Kaspersky Lab's Threatpost blog here.

Smartphone manufacturers and US network providers confirmed that phones and networks using Carrier IQ technology include Apple, AT&T, Sprint, HTC, Samsung and T-Mobile. The formerly obscure software runs on more than 141 million handsets, according to stats prominently displayed on Carrier IQ's site.

Apple is reportedly going to use a future software update to remove the unholy utility from Jesus phones, where diagnostic reports generated via the software are only sent back with the permission of users. The technology is even more deeply embedded in Android smartphones. Users have the ability to detect the app using third-party detection tools from anti-virus firm but don't have the ability to actually remove it.

Comment

None of this is what you'd call terribly reassuring but we're still inclined to believe, as Carrier IQ insists, that its technology is not designed as a tool for lawful interception but as a means for carriers to diagnose handset and network problems. Each implementation is different and so the diagnostic information actually gathered by Carrier IQ's technology varies between different mobile operators. ®

Internet Security Threat Report 2014

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.