Feeds

Carrier IQ meets feds 'to educate them'

Smartphone-probing app firm seeks to avoid being probed

Build a business case: developing custom apps

The makers of the controversial smartphone app Carrier IQ have reportedly been quizzed by federal regulators over concerns that its technology tracked user activity and uploaded data to mobile operators behind the back of consumers.

The Washington Post reports that senior Carrier IQ execs have met with representatives from US consumer watchdog The Federal Trade commission and staff from the Federal Communications Commission (FCC) to explain its position. Controversy over Carrier IQ's mobile network diagnostic tool reignited earlier this week after it emerged, via freedom of information requests, that the FBI is using data captured by the app.

The FBI denies asking for data obtained by Carrier IQ's software, at least directly. It seems that information snaffled by the utility was handed over by carriers in response to lawful interception requests, The Guardian reports.

Carrier IQ said it had sought meetings with regulators in order to allay possible concerns and defuse privacy fears. It denies being hauled in as part of a more formal investigation.

"Carrier IQ sought meetings with the FTC and FCC to educate the two agencies… and answer any and all questions," Andrew Coward, the senior vice president for marketing, told the Post. He added that he was unaware of any official investigation into the firm.

Coward met FTC and FCC staffers alongside Carrier IQ chief executive, Larry Lenhart, as well as congressional staff. US senator Al Franken wrote to Carrier IQ last month soon after the controversy about its technology first emerged.

Security researcher Trevor Eckhart was the first to raise concerns about Carrier IQ's technology. After initially serving Eckhart with a cease and desist letter the firm has since come around and explained how its technology operates in a way that has defused many of the original concerns. It's not a mobile rootkit or keylogger, contrary to initial reports and descriptions of the technology by Google's chairman Eric Schmidt, respectively. However transparency and privacy issues remain valid concerns.

Carrier IQ explained earlier this month that its technology is only designed to diagnose operational problems on networks and mobile devices, such as dropped calls, data transmission speeds and battery life. "While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video," it said (PDF statement here).

Actually that last bit turns out to be not entirely true because the software firm was obliged to admit that a security bug meant its application did collect the contents of SMS messages in some circumstances. An SMS message would get embedded in signalling if, for example, a user received a message during a call. The data would be encoded and not easily readable by a human, as explained in a blog post by Kaspersky Lab's Threatpost blog here.

Smartphone manufacturers and US network providers confirmed that phones and networks using Carrier IQ technology include Apple, AT&T, Sprint, HTC, Samsung and T-Mobile. The formerly obscure software runs on more than 141 million handsets, according to stats prominently displayed on Carrier IQ's site.

Apple is reportedly going to use a future software update to remove the unholy utility from Jesus phones, where diagnostic reports generated via the software are only sent back with the permission of users. The technology is even more deeply embedded in Android smartphones. Users have the ability to detect the app using third-party detection tools from anti-virus firm but don't have the ability to actually remove it.

Comment

None of this is what you'd call terribly reassuring but we're still inclined to believe, as Carrier IQ insists, that its technology is not designed as a tool for lawful interception but as a means for carriers to diagnose handset and network problems. Each implementation is different and so the diagnostic information actually gathered by Carrier IQ's technology varies between different mobile operators. ®

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
KDE releases ice-cream coloured Plasma 5 just in time for summer
Melty but refreshing - popular rival to Mint's Cinnamon's still a work in progress
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Another day, another Firefox: Version 31 is upon us ALREADY
Web devs, Mozilla really wants you to like this one
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Mozilla keeps its Beard, hopes anti-gay marriage troubles are now over
Plenty on new CEO's todo list – starting with Firefox's slipping grasp
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.