Feeds

Crap mobile networks shamed by Carrier IQ API

Snoopware biz begs for forgiveness by dishing telco dirt

Secure remote control for conventional and virtual desktops

MWC 2012 Caught-out cellphone snoopster Carrier IQ has decided to come clean, hoping that punters will be prepared to have their phones' behaviour logged if they get to see the data too.

On Monday the company launched an API which allows network operators to create self-service portals showing customers how many times they've dropped off the network, or failed to connect due to network congestion. They'll also be able to see just why their data speeds were so slow, and what's eating their battery life: all the stuff that got Carrier IQ burnt when customers discovered it was logging without their permission.

Carrier IQ was set up in 2005, originally to monitor handset performance on behalf of the network operators. Manufacturers would make claims about performance or battery life, then blame the network when the handset failed to live up to them. So the network operators would drop Carrier IQ's software into the phone to find out what was happening. Carrier IQ monitors signal quality, battery consumption, running applications and suchlike, then reports it all back to the network operator who can use it to beat up the manufacturer.

Handset makers then got interested in having the data themselves, so they could be warned of opponents' assaults operators' concerns, all of which was great news for Carrier IQ who had a merry time supplying information to both sides. Until the users noticed.

Turns out that people don't like to be spied on by their network operators, or their handset manufacturers, and certainly not by both. Sprint publicly decried the software and more than 25 per cent of Carrier IQ's business disappeared overnight.

Carrier IQ had never tried to be secret, and neither did the operators, and seemed genuinely surprised at the fuss caused by what they considered to be a network tool. That might be hard to believe, but it's worth remembering that users are monitored all the time from the network side - location is tracked and stored for law-enforcement, every handoff between cells is recorded for traffic analysis, every dropped call is logged by network maintenance. Carrier IQ saw what it was doing as an incremental step, users saw it as a step over the line of acceptability.

The company is now betting that it was the apparent secrecy which upset people, rather than the collection of the data itself. By providing APIs Carrier IQ hopes network operators will create customer-facing portals to display what's eating the battery, how many times one's Android phone has crashed and which application was run directly prior to each crash. In theory that should reduce customer support calls, which are very expensive for the network operators, enabling the application to pay for itself.

Network operators could also display information about network congestion, if they so desired. Carrier IQ collects data on calls dropped due to a weak signal, but also those left hanging by an overloaded cell site. Users could, in theory, see if the slowness of their data connection was down to cell loading, a weak radio signal, or an insufficient backhaul connection, providing them with ammunition with which to beat up the network operator.

It's hard to imagine network operators choosing to share data to that depth, especially with their competition, but if they don't then users might decide that Carrier IQ isn't worth having at all, and if punters decide they don't want it then no operator will take the chance of being caught out again. ®

Providing a secure and efficient Helpdesk

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.