Carrier IQ, Your Phone Might Record Your Activities Silently
If you have never heard about Carrier IQ before you can rest assured that you are not the only one.
Security researcher Trevor Eckhart published a research paper on Carrier IQ, a software that he discovered running on his HTC Android device, in mid November 2011. Lets start at the beginning and answer a simple question: What is Carrier IQ?
Carrier IQ is a software that runs on more than 140 million mobile phones according to information on the Carrier IQ website (which is no longer available). It is a monitoring software that can track user activities and data, including their personal information, locations, network communications, phone calls, messages and a lot more.
A few aspects make the software especially suspicious from a consumer perspective. Carrier IQ is not listed as a running application on the phone. The software furthermore cannot be stopped or deactivated on standard phones.
The Carrier IQ company stated that the Carrier IQ software "delivers Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers".
How can you find out if Carrier IQ is running on your phone?
Itâ€™s almost impossible for users to find off switches, user interfaces, policies, or references to IQRD anywhere on the phone. Using standard functionality, the only place you can see that the application is installed on the phone is in Menu -> Settings -> Manage Applications -> All, then scroll down to IQRD. This application has a non-descript icon and offers no information about itself. Even on old devices, IQRD runs continuously because itâ€™s set to start automatically at boot. The only option you have to stop the application is to select â€œforce stopâ€â€”which does nothing. The application continues to run.
The only option to remove Carrier IQ is to root the phone:
The only choice we have to â€œopt outâ€ of this data collection is to root our devices because every part of the multi-headed CIQ application is embedded into low-level, locked regions of the phones. Even if you unlock your device and remove the base application with a sophisticated removal method, neutered, leftover code called from other applications will likely throw an error each time an old action is triggered.
Itâ€™s almost impossible to fully remove Carrier IQ. The browser is modified to send to Carrier IQ daemon, as is almost everything else. The application is so deeply embedded in our devices that a user must rebuild the whole device (system.img and boot.img) directly from source code to remove every part of CIQ.
Eckhart only looked at Android devices, but it is likely that other phone manufacturers are also making use of Carrier IQ.
I suggest you take a look at the YouTube video by the researcher that shows the Carrier IQ software in action on an Android device.
My opinion? I'd stop using a phone immediately if it would run the software and would not give me an option to opt-out of it. What's your take?
Update: Carrier IQ has also be confirmed running on Apple's iOS. Security company BitDefender released a Carrier IQ Finder application for Android which is still available on the Google Play Store up to this date (September 2018).Advertisement