If you have never heard about Carrier IQ before you can rest assured that you are not the only one. Security researcher Trevor Eckhart published a research paper on Carrier IQ, a software that he discovered running on his HTC Android device, in mid November. Lets start at the beginning, and with a simple question: What is Carrier IQ.
Carrier IQ is a software that runs on more than 140 million mobile phones (according to information on the Carrier IQ website). It is a monitoring software that can track user activities and data, including their personal information, locations, network communications, phone calls, messages and a lot more.
A few aspects make the software especially suspicious from a consumer perspective. Carrier IQ is not listed as a running application on the phone. The software furthermore cannot be stopped or deactivated on standard phones.
The Carrier IQ company stated that the Carrier IQ software "delivers Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers".
How can you find out if Carrier IQ is running on your phone?
It’s almost impossible for users to find off switches, user interfaces, policies, or references to IQRD anywhere on the phone. Using standard functionality, the only place you can see that the application is installed on the phone is in Menu -> Settings -> Manage Applications -> All, then scroll down to IQRD. This application has a non-descript icon and offers no information about itself. Even on old devices, IQRD runs continuously because it’s set to start automatically at boot. The only option you have to stop the application is to select “force stop”—which does nothing. The application continues to run.
The only option to remove Carrier IQ is to root the phone:
The only choice we have to “opt out” of this data collection is to root our devices because every part of the multi-headed CIQ application is embedded into low-level, locked regions of the phones. Even if you unlock your device and remove the base application with a sophisticated removal method, neutered, leftover code called from other applications will likely throw an error each time an old action is triggered.
It’s almost impossible to fully remove Carrier IQ. The browser is modified to send to Carrier IQ daemon, as is almost everything else. The application is so deeply embedded in our devices that a user must rebuild the whole device (system.img and boot.img) directly from source code to remove every part of CIQ.
Eckhart only looked at Android devices, but it is likely that other phone manufacturers are also making use of Carrier IQ.
I suggest you take a look at the YouTube video that is a live demonstration of the Carrier IQ software by the security researcher himself.
My opinion? I'd stop using a phone immediately if it would run the software and would not give me an option to opt-out of it. What's your take?
Update: Carrier IQ has also be confirmed running on Apple's iOS. Read the blog post here for detailed information.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.