Feeds

Carrier IQ meets feds 'to educate them'

Smartphone-probing app firm seeks to avoid being probed

Remote control for virtualized desktops

The makers of the controversial smartphone app Carrier IQ have reportedly been quizzed by federal regulators over concerns that its technology tracked user activity and uploaded data to mobile operators behind the back of consumers.

The Washington Post reports that senior Carrier IQ execs have met with representatives from US consumer watchdog The Federal Trade commission and staff from the Federal Communications Commission (FCC) to explain its position. Controversy over Carrier IQ's mobile network diagnostic tool reignited earlier this week after it emerged, via freedom of information requests, that the FBI is using data captured by the app.

The FBI denies asking for data obtained by Carrier IQ's software, at least directly. It seems that information snaffled by the utility was handed over by carriers in response to lawful interception requests, The Guardian reports.

Carrier IQ said it had sought meetings with regulators in order to allay possible concerns and defuse privacy fears. It denies being hauled in as part of a more formal investigation.

"Carrier IQ sought meetings with the FTC and FCC to educate the two agencies… and answer any and all questions," Andrew Coward, the senior vice president for marketing, told the Post. He added that he was unaware of any official investigation into the firm.

Coward met FTC and FCC staffers alongside Carrier IQ chief executive, Larry Lenhart, as well as congressional staff. US senator Al Franken wrote to Carrier IQ last month soon after the controversy about its technology first emerged.

Security researcher Trevor Eckhart was the first to raise concerns about Carrier IQ's technology. After initially serving Eckhart with a cease and desist letter the firm has since come around and explained how its technology operates in a way that has defused many of the original concerns. It's not a mobile rootkit or keylogger, contrary to initial reports and descriptions of the technology by Google's chairman Eric Schmidt, respectively. However transparency and privacy issues remain valid concerns.

Carrier IQ explained earlier this month that its technology is only designed to diagnose operational problems on networks and mobile devices, such as dropped calls, data transmission speeds and battery life. "While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video," it said (PDF statement here).

Actually that last bit turns out to be not entirely true because the software firm was obliged to admit that a security bug meant its application did collect the contents of SMS messages in some circumstances. An SMS message would get embedded in signalling if, for example, a user received a message during a call. The data would be encoded and not easily readable by a human, as explained in a blog post by Kaspersky Lab's Threatpost blog here.

Smartphone manufacturers and US network providers confirmed that phones and networks using Carrier IQ technology include Apple, AT&T, Sprint, HTC, Samsung and T-Mobile. The formerly obscure software runs on more than 141 million handsets, according to stats prominently displayed on Carrier IQ's site.

Apple is reportedly going to use a future software update to remove the unholy utility from Jesus phones, where diagnostic reports generated via the software are only sent back with the permission of users. The technology is even more deeply embedded in Android smartphones. Users have the ability to detect the app using third-party detection tools from anti-virus firm but don't have the ability to actually remove it.

Comment

None of this is what you'd call terribly reassuring but we're still inclined to believe, as Carrier IQ insists, that its technology is not designed as a tool for lawful interception but as a means for carriers to diagnose handset and network problems. Each implementation is different and so the diagnostic information actually gathered by Carrier IQ's technology varies between different mobile operators. ®

Remote control for virtualized desktops

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
HTML5 vs native: Harry Coder and the mudblood mobile app princes
Developers just want their ideas to generate money
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.