Carrier IQ, Your Phone Might Record Your Activities Silently

Martin Brinkmann
Dec 1, 2011
Updated • Sep 10, 2018
Security
|
21

If you have never heard about Carrier IQ before you can rest assured that you are not the only one.

Security researcher Trevor Eckhart published a research paper on Carrier IQ, a software that he discovered running on his HTC Android device, in mid November 2011. Lets start at the beginning and answer a simple question: What is Carrier IQ?

Carrier IQ is a software that runs on more than 140 million mobile phones according to information on the Carrier IQ website (which is no longer available). It is a monitoring software that can track user activities and data, including their personal information, locations, network communications, phone calls, messages and a lot more.

A few aspects make the software especially suspicious from a consumer perspective. Carrier IQ is not listed as a running application on the phone. The software furthermore cannot be stopped or deactivated on standard phones.

The Carrier IQ company stated that the Carrier IQ software "delivers Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers".

How can you find out if Carrier IQ is running on your phone?

It’s almost impossible for users to find off switches, user interfaces, policies, or references to IQRD anywhere on the phone. Using standard functionality, the only place you can see that the application is installed on the phone is in Menu -> Settings -> Manage Applications -> All, then scroll down to IQRD. This application has a non-descript icon and offers no information about itself. Even on old devices, IQRD runs continuously because it’s set to start automatically at boot. The only option you have to stop the application is to select “force stop”—which does nothing. The application continues to run.

The only option to remove Carrier IQ is to root the phone:

The only choice we have to “opt out” of this data collection is to root our devices because every part of the multi-headed CIQ application is embedded into low-level, locked regions of the phones. Even if you unlock your device and remove the base application with a sophisticated removal method, neutered, leftover code called from other applications will likely throw an error each time an old action is triggered.

It’s almost impossible to fully remove Carrier IQ. The browser is modified to send to Carrier IQ daemon, as is almost everything else. The application is so deeply embedded in our devices that a user must rebuild the whole device (system.img and boot.img) directly from source code to remove every part of CIQ.

Eckhart only looked at Android devices, but it is likely that other phone manufacturers are also making use of Carrier IQ.

I suggest you take a look at the YouTube video by the researcher that shows the Carrier IQ software in action on an Android device.

I suggest you read the two detailed articles (What is Carrier IQ? and CarrierIQ Part 2 for a deeper understanding of the situation.

My opinion? I'd stop using a phone immediately if it would run the software and would not give me an option to opt-out of it. What's your take?

Update: Carrier IQ has also be confirmed running on Apple's iOS. Security company BitDefender released a Carrier IQ Finder application for Android which is still available on the Google Play Store up to this date (September 2018).

Summary
Article Name
Carrier IQ, Your Phone Might Record Your Activities Silently
Description
Carrier IQ was a software that ran on more than 140 million mobile phones (Android and iOS) in 2011 according to security research.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Bill said on December 3, 2011 at 12:42 am
    Reply

    @ilev

    CarrierIQ is *NOT* present on any BlackBerry device.

    1. ilev said on December 3, 2011 at 10:16 am
      Reply

      According to whom ? RIM ? it is not RIM’ to decide but the carriers. I believe Trevor Eckhart.

      1. Bill said on December 5, 2011 at 1:13 am
        Reply

        Mr Eckhart speculated that Carrier IQ was present on all devices but no one, including Mr Eckhart, has provided evidence that it exists on BlackBerry (or Nokia) phones. Here’s the full statement from RIM:

        RIM is aware of a recent claim by a security researcher that an application called “CarrierIQ” is installed on mobile devices from multiple vendors without the knowledge or consent of the device users. RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to CarrierIQ.

  2. Martin said on December 2, 2011 at 9:47 pm
    Reply

    My Sprint LG Optimus S phone does have the app “com.carrieriq.iqagent” running and all settings are grayed out (cannot force close it). But there’s also a running service for iqagent and I was able to kill that. It did not restart on its own.

    1. ilev said on December 3, 2011 at 10:19 am
      Reply

      @Martin

      How To Check And Remove Carrier IQ Keylogger Activity On
      Android

      http://www.redmondpie.com/how-to-check-and-remove-carrier-iq-keylogger-activity-on-android/

  3. jake said on December 2, 2011 at 1:54 am
    Reply

    If “IQRD” doesn’t show in the all applications menu, does that mean its not on my phone? Haven’t gotten a system update in quite a while since I tried to root my phone unsuccessfully (lg ally)

    1. Hy said on December 2, 2011 at 9:21 pm
      Reply

      From everything I’ve read, yes, if IQRD does not show up that would seem to indicate that it’s not on your phone.

  4. Jim said on December 1, 2011 at 10:43 pm
    Reply

    It appears this is only found on “smart” phones…true? If so it’s yet another reason to keep me from getting one.

  5. ilev said on December 1, 2011 at 10:26 pm
    Reply

    Carrier IQ on iOS is OPT-IN and disabled by default. It generates only crash reports which every users can access on his iOS device and inspect the type of data collected. It is NOT a rootkit/keylogger type like on Android, Nokia, BlackBerry.
    The data is sent (if the user opt-in) only to Apple, unlike Android…. data which are sent to Carrier IQ’s servers / carriers servers FIRST and only than to the recipient.

    1. Jim Carter said on December 1, 2011 at 10:37 pm
      Reply

      If you’ll read my earlier post, this app is NOT present on my Samsung Android phone. Please hold off on the Apple passion. Those of us in the technology field are well aware of their shortcomings upon the release of every new product. They’re not perfect and no one else is either. They’re just a big corporation just like the rest.

  6. Jojo said on December 1, 2011 at 8:48 pm
    Reply

    This sounds scary and like something the USA government would concoct.

    1. boris said on December 1, 2011 at 9:01 pm
      Reply

      USA government would not create website telling everybody that they got software on 140 millions phones. I think our government is not that stupid.

      1. Dean said on December 2, 2011 at 1:27 pm
        Reply

        Sorry – but that really made me laugh.

  7. EuroScept1C said on December 1, 2011 at 7:14 pm
    Reply

    Personally I think this case is so deep, that none will find the “edge”. Who is behind etc… What that company receives is plain unbelievable and being in so many phones, I think ain’t just a random company…

    I’d really like to know who funds the company, but I wouldn’t hold my breathe…

  8. Jim Carter said on December 1, 2011 at 5:04 pm
    Reply

    No listing for “Carrier” or “IQRD” on my Samsung Infuse 4G phone from A T & T.

  9. oblongcircles said on December 1, 2011 at 4:48 pm
    Reply

    So if it is not listed under Manage Applications on my Android 2.1 phone, does that mean IQRD is not present?

    1. Martin Brinkmann said on December 1, 2011 at 4:51 pm
      Reply

      It appears this way, even though I cannot say it with 100% certainty.

  10. Dean said on December 1, 2011 at 4:31 pm
    Reply

    Oops, looks like the site you linked to is getting hammered! lol

    Cheers btw – very interesting.

  11. DanTe said on December 1, 2011 at 3:56 pm
    Reply

    Apple has been using this since iOS 3.1.3. Some phone carriers just continued this by demanding it be installed in Android phones. If there are any lawyers here, this is a good class action suit. You’ll get million$ in fees and the consumers gets a $10 coupon as settlement :)

  12. Hy said on December 1, 2011 at 3:23 pm
    Reply

    Thanks again, Martin. This is staggering news. I hope that as many people as possible will write, email, and call their phone providers and manufacturers and demand that Carrier IQ and all other spy programs be removed.

    The Extreme Tech website mentions running an app, Any Cut, to determine if IQRD and IQAgent are running on the phone. If so, that means the phone is infected. They recommend installing CyanogenMod to disable Carrier IQ.

    http://www.extremetech.com/mobile/107337-carrier-iq-is-the-best-reason-yet-to-switch-to-iphone

    What I would like to know is who exactly has access to all of those keystrokes being recorded on those 140 million phones…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.