Carrier IQ, Your Phone Might Record Your Activities Silently - gHacks Tech News

Carrier IQ, Your Phone Might Record Your Activities Silently

If you have never heard about Carrier IQ before you can rest assured that you are not the only one. Security researcher Trevor Eckhart published a research paper on Carrier IQ, a software that he discovered running on his HTC Android device, in mid November. Lets start at the beginning, and with a simple question: What is Carrier IQ.

Carrier IQ is a software that runs on more than 140 million mobile phones (according to information on the Carrier IQ website). It is a monitoring software that can track user activities and data, including their personal information, locations, network communications, phone calls, messages and a lot more.

A few aspects make the software especially suspicious from a consumer perspective. Carrier IQ is not listed as a running application on the phone. The software furthermore cannot be stopped or deactivated on standard phones.

The Carrier IQ company stated that the Carrier IQ software "delivers Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers".

How can you find out if Carrier IQ is running on your phone?

It’s almost impossible for users to find off switches, user interfaces, policies, or references to IQRD anywhere on the phone. Using standard functionality, the only place you can see that the application is installed on the phone is in Menu -> Settings -> Manage Applications -> All, then scroll down to IQRD. This application has a non-descript icon and offers no information about itself. Even on old devices, IQRD runs continuously because it’s set to start automatically at boot. The only option you have to stop the application is to select “force stop”—which does nothing. The application continues to run.

The only option to remove Carrier IQ is to root the phone:

The only choice we have to “opt out” of this data collection is to root our devices because every part of the multi-headed CIQ application is embedded into low-level, locked regions of the phones. Even if you unlock your device and remove the base application with a sophisticated removal method, neutered, leftover code called from other applications will likely throw an error each time an old action is triggered.

It’s almost impossible to fully remove Carrier IQ. The browser is modified to send to Carrier IQ daemon, as is almost everything else. The application is so deeply embedded in our devices that a user must rebuild the whole device (system.img and boot.img) directly from source code to remove every part of CIQ.

Eckhart only looked at Android devices, but it is likely that other phone manufacturers are also making use of Carrier IQ.

I suggest you take a look at the YouTube video that is a live demonstration of the Carrier IQ software by the security researcher himself.

I suggest you read the two detailed articles (What is Carrier IQ? and CarrierIQ Part 2 for a deeper understanding of the situation.

My opinion? I'd stop using a phone immediately if it would run the software and would not give me an option to opt-out of it. What's your take?

Update: Carrier IQ has also be confirmed running on Apple's iOS. Read the blog post here for detailed information.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Hy said on December 1, 2011 at 3:23 pm
      Reply

      Thanks again, Martin. This is staggering news. I hope that as many people as possible will write, email, and call their phone providers and manufacturers and demand that Carrier IQ and all other spy programs be removed.

      The Extreme Tech website mentions running an app, Any Cut, to determine if IQRD and IQAgent are running on the phone. If so, that means the phone is infected. They recommend installing CyanogenMod to disable Carrier IQ.

      http://www.extremetech.com/mobile/107337-carrier-iq-is-the-best-reason-yet-to-switch-to-iphone

      What I would like to know is who exactly has access to all of those keystrokes being recorded on those 140 million phones…

    2. DanTe said on December 1, 2011 at 3:56 pm
      Reply

      Apple has been using this since iOS 3.1.3. Some phone carriers just continued this by demanding it be installed in Android phones. If there are any lawyers here, this is a good class action suit. You’ll get million$ in fees and the consumers gets a $10 coupon as settlement :)

    3. Dean said on December 1, 2011 at 4:31 pm
      Reply

      Oops, looks like the site you linked to is getting hammered! lol

      Cheers btw – very interesting.

    4. oblongcircles said on December 1, 2011 at 4:48 pm
      Reply

      So if it is not listed under Manage Applications on my Android 2.1 phone, does that mean IQRD is not present?

      1. Martin Brinkmann said on December 1, 2011 at 4:51 pm
        Reply

        It appears this way, even though I cannot say it with 100% certainty.

    5. Jim Carter said on December 1, 2011 at 5:04 pm
      Reply

      No listing for “Carrier” or “IQRD” on my Samsung Infuse 4G phone from A T & T.

    6. EuroScept1C said on December 1, 2011 at 7:14 pm
      Reply

      Personally I think this case is so deep, that none will find the “edge”. Who is behind etc… What that company receives is plain unbelievable and being in so many phones, I think ain’t just a random company…

      I’d really like to know who funds the company, but I wouldn’t hold my breathe…

    7. Jojo said on December 1, 2011 at 8:48 pm
      Reply

      This sounds scary and like something the USA government would concoct.

      1. boris said on December 1, 2011 at 9:01 pm
        Reply

        USA government would not create website telling everybody that they got software on 140 millions phones. I think our government is not that stupid.

        1. Dean said on December 2, 2011 at 1:27 pm
          Reply

          Sorry – but that really made me laugh.

    8. ilev said on December 1, 2011 at 10:26 pm
      Reply

      Carrier IQ on iOS is OPT-IN and disabled by default. It generates only crash reports which every users can access on his iOS device and inspect the type of data collected. It is NOT a rootkit/keylogger type like on Android, Nokia, BlackBerry.
      The data is sent (if the user opt-in) only to Apple, unlike Android…. data which are sent to Carrier IQ’s servers / carriers servers FIRST and only than to the recipient.

      1. Jim Carter said on December 1, 2011 at 10:37 pm
        Reply

        If you’ll read my earlier post, this app is NOT present on my Samsung Android phone. Please hold off on the Apple passion. Those of us in the technology field are well aware of their shortcomings upon the release of every new product. They’re not perfect and no one else is either. They’re just a big corporation just like the rest.

    9. Jim said on December 1, 2011 at 10:43 pm
      Reply

      It appears this is only found on “smart” phones…true? If so it’s yet another reason to keep me from getting one.

    10. jake said on December 2, 2011 at 1:54 am
      Reply

      If “IQRD” doesn’t show in the all applications menu, does that mean its not on my phone? Haven’t gotten a system update in quite a while since I tried to root my phone unsuccessfully (lg ally)

      1. Hy said on December 2, 2011 at 9:21 pm
        Reply

        From everything I’ve read, yes, if IQRD does not show up that would seem to indicate that it’s not on your phone.

    11. Martin said on December 2, 2011 at 9:47 pm
      Reply

      My Sprint LG Optimus S phone does have the app “com.carrieriq.iqagent” running and all settings are grayed out (cannot force close it). But there’s also a running service for iqagent and I was able to kill that. It did not restart on its own.

      1. ilev said on December 3, 2011 at 10:19 am
        Reply

        @Martin

        How To Check And Remove Carrier IQ Keylogger Activity On
        Android

        http://www.redmondpie.com/how-to-check-and-remove-carrier-iq-keylogger-activity-on-android/

    12. Bill said on December 3, 2011 at 12:42 am
      Reply

      @ilev

      CarrierIQ is *NOT* present on any BlackBerry device.

      1. ilev said on December 3, 2011 at 10:16 am
        Reply

        According to whom ? RIM ? it is not RIM’ to decide but the carriers. I believe Trevor Eckhart.

        1. Bill said on December 5, 2011 at 1:13 am
          Reply

          Mr Eckhart speculated that Carrier IQ was present on all devices but no one, including Mr Eckhart, has provided evidence that it exists on BlackBerry (or Nokia) phones. Here’s the full statement from RIM:

          RIM is aware of a recent claim by a security researcher that an application called “CarrierIQ” is installed on mobile devices from multiple vendors without the knowledge or consent of the device users. RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to CarrierIQ.

    Leave a Reply