Carrier IQ

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Carrier IQ, Inc.
Type Private
Industry Mobile telecommunications
Predecessors Core Mobility company
Founded 2005
Founders Konstantin Othmer[1][2][3]
Headquarters Mountain View, California, United States
Number of locations London
Malaysia
Products Embedded diagnostic/data collection software
Services Mobile analytics services
Website www.carrieriq.com

Carrier IQ is a privately owned mobile software company founded in 2005 in Mountain View, California. It provides diagnostic analysis of smartphones to the wireless industry via the installation of software on the users phone, typically in a manner that cannot be removed without rooting the phone. The company says that its software is deployed in over 150 million devices worldwide.[4][5]

Products[edit]

IQ Agent is software, typically pre-installed on mobile devices by handset manufacturers or network operators, designed to gather, store and forward diagnostic measurements on their behalf. Data available can include metrics on the device itself (e.g., firmware, battery levels, application performance, web performance) and performance data on voice and data connectivity between the device and radio towers. The mobile device manufacturers or network operators determine which of these metrics are actually collected, according to a set of criteria known as a "profile."[6] The IQ Agent software runs in the background, and the user is not usually aware of its presence unless the implementation includes an on-off switch.[7]

IQ Agent periodically uploads data to a Carrier IQ MSIP (Mobile Service Intelligence Platform) system, which then feeds into the network operator's network performance monitoring and diagnostic tools. Whenever a mobile device uploads data, the IQ Agent can also download a new profile to change the selection of metrics gathered.

IQ Agent was first shipped in 2006 on embedded feature phones and has since been implemented on numerous devices and operating systems, including smartphones (Android, RIM,[8] iPhone), USB modems and tablets.

MSIP (Mobile Service Intelligence Platform) refers to the backend Carrier IQ software that receives mobile device diagnostic data directly from mobile devices containing the IQ Agent software. The platform aggregates data from many devices and produces KPIs (key performance indicators) that network operators and mobile device manufacturers can use to assess the quality of services they provide and to troubleshoot mobile device and network problems.

Analytics Domains are MSIP components that enable the system to calculate specific KPIs. Carrier IQ's first analytics domains were on CDMA signaling, later implementing UMTS (third-generation mobile cellular technology for GSM networks), LTE (a standard marketed as 4G LTE) and device-specific domains for device stability, battery and application performance.

IQ Insight is a suite of applications that gathers, analyzes and presents KPIs generated by MSIP through a web-based GUI (graphical user interface). The application delivers data through a geospatial or tabular view of issues (such as dropped calls or no-service conditions) and allows cross-domain analysis of KPIs.

IQ Care is a dashboard tool for network operator and mobile device customer care agents. When a mobile device user calls for support or troubleshooting, IQ Care provides the customer care agent with a dashboard showing the consumer's device configurations (e.g., mobile device serial number, firmware version), usage history (e.g., number of applications installed, battery life) and other user experience metrics (e.g., device and application crash data, radio technology analytics).

History[edit]

The company was founded by Konstantin Othmer and is a spin-off from his Core Mobility company. Through its Mobile Service Intelligence Platform (MSIP) its software "aggregates, analyzes, and delivers data to wireless carriers and device manufacturers. This information proves a valuable resource for these businesses to understand the quality of service their customers experience."[1]

On January 27, 2009, CEO Mark Quinlivan announced Carrier IQ had received $20 million Series C financing from Intel Capital, and Presidio Ventures, a Sumitomo Corporation Company.[9]

On February 9, 2009, Carrier IQ announced a partnership with Huawei Technologies to develop a "new range of datacards that will provide improved feedback on the mobile broadband user experience."[10]

On February 17, 2009, NEC and Carrier IQ announced a global partnership.[11]

On June 17, 2009, Carrier IQ was selected by TiE as a TiE50 award winner as "One of the Hottest Global Emerging Companies."[12]

On June 16, 2010, Bridgescale Partners announced $12 million in Series D financing for the company.[13]

On October 18, 2010, VisionMobile announced Carrier IQ had joined the "100 Million Club" with its software installed on 100 million phones.[14]

On March 22, 2011, Carrier IQ announced Mobile Intelligence for 4G technologies, including LTE and HSPA+.[15]

On August 31, 2011, Operating Partner at Mohr Davidow Ventures Larry Lenhart was named CEO. The announcement noted that in the second quarter of 2011 Carrier IQ passed the petabyte milestone in processed analytics data.[16]

On October 19, 2011, Carrier IQ and third party vendor Nielsen Company announced a partnership on analyzing data.[17]

On October 27, 2011, IDC named Carrier IQ "Innovative Business Analytics Company Under $100M"[18]

On November 12, 2011, Trevor Eckhart published a report indicating that Carrier IQ software was capable of recording user keystrokes.

On February 27, 2012, Carrier IQ announced an extension to its IQ Care platform designed to allow mobile operators to provide consumers with direct insight into their mobile device experience.[19][20]

On May 8, 2012, Carrier IQ appointed Magnolia Mobley, former Verizon Lead Privacy Counsel, as Chief Privacy Officer and General Counsel.[21][22]

Rootkit discovery and media attention[edit]

On November 12, 2011, researcher Trevor Eckhart stated in a post on androidsecuritytest.com[23] that Carrier IQ was logging information such as location without notifying users or allowing them to opt-out,[24] and that the information tracked included detailed keystroke logs,[25] potentially violating US federal law.[26] On November 16, 2011, Carrier IQ sent Eckhart a cease and desist letter claiming that he was in copyright infringement by posting Carrier IQ training documents on his website and also making "false allegations."[27][28] Eckhart sought and received the backing of user rights advocacy group Electronic Frontier Foundation (EFF).

On November 23, 2011, Carrier IQ backed down and apologized.[29] In the statement of apology, Carrier IQ denied allegations of keystroke logging and other forms of tracking, and offered to work with the EFF.[30]

On November 28, 2011, Eckhart published a YouTube video that demonstrates Carrier IQ software in the act of logging, as plain text, a variety of keystrokes. Included in the demonstration were clear-text captures of passwords to otherwise secure websites, and activities performed when the cellular network was disabled.[31] The video of the demonstration showed Carrier IQ's software processing keystrokes, browser data, and text messages' contents, but there was no indication that the information processed was recorded or transmitted. Carrier IQ responded with the statement, "The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools."[32][33] A datasheet for a product called Experience Manager on Carrier IQ's public website clearly states carriers can "Capture a vast array of experience data including screen transitions, button presses, service interactions and anomalies".[34]

If the claims by Eckhart are true, the process of sending usage data is in conflict with Carrier IQ's own privacy policy which states: "When Carrier IQ's products are deployed, data gathering is done in a way where the end user is informed or involved."[35]

Legal actions against Carrier IQ[edit]

Many have already been seeking suit against Carrier IQ, including:

Detection and removal[edit]

Numerous apps have been released that can detect the Carrier IQ. Detecting Carrier IQ normally doesn't require the device to be rooted. The removal process is more advanced and requires the user to root the device, or unlock the device's boot loader (applies only on Nexus devices) in order to remove it. Rooting the device may void its warranty, since system files are modified.

Updates[edit]

On December 12, 2011, Carrier IQ issued an in-depth look at its software to educate the public on what it can and can not do. The document is titled "Understanding Carrier IQ Technology".[38] There are credits given to Dan Rosenberg and Trevor Eckhart. The nineteen page document provides a technical breakdown of how the software on a mobile phone works with "profiles" provided by the carrier to give the carriers performance data of their networks and devices running on them. The document appears as if it will be updated on a regular basis as more questions are answered over time. On December 1, 2011, Carrier IQ issued a "clarification" to its November 23 statements: "While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen... As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities... Carrier IQ acts as an agent for the operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers – the mobile operators. Carrier IQ does not gather any other data from devices. Carrier IQ is the consumer advocate to the mobile operator, explaining what works and what does not work. Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps operators’ customer service to more quickly identify the specific issue with the phone."[39]

There has been debate whether Carrier IQ software actually sends the collected data in real time or if it is stored on the phone and only gets read out later. The company clearly states on its web page that its software is able to provide real-time data: "Carrier IQ’s Mobile Service Intelligence solution eliminates guesswork by automatically providing accurate, real-time data direct from the source – your customers' handsets.".[40]

In February 2012, TelecomTV, in association with Carrier IQ, filmed a panel discussion/debate titled, 'The Data Dilemma' and addressing the question: Do operators collect user data for the benefit of their customer or for their own commercial and financial betterment? Participants in the videotaped panel discussion were Mike Short, Vice President, Telefónica Europe; Dean Bubley, Founder, Disruptive Analysis; Charlotte Patric, Principal Analyst, Gartner; and Martyn Warwick, Moderator, TelecomTV.

On May 8, 2012, Carrier IQ appointed a Chief Privacy Officer: Magnolia Mobley, formerly Verizon's Lead Privacy Counsel. This news spurred a new round of articles and discussions about privacy in mobile communications.[41][42][43]

Problems with Carrier IQ's clarification[edit]

While the contents of SMS messages are kept private, as the clarification states, the simple reporting of the success or failure of an SMS transmission provides valuable information about customer habits that would not normally be available outside of the cellular network itself.

Because the information is transmitted over the web on a regular basis, an internet service provider will be able see entries in the named.log file that resides on its name server at times when any user with an affected phone is connected to the internet by WiFi. This method of connecting is extremely common, as many users seek to keep their cellular data charges as low as possible by also utilizing their home or corporate wireless networks.

A likely privacy violation is targeted marketing by the home or company's internet service provider. Examples of possible targeted marketing include offering competing phone plans, android apps that facilitate additional sales, such as television guides, and even hardware sales, like faster or integrated WiFi routers. Worse still, such targeted marketing is likely to appear as an printed insert in the users monthly bill from the ISP. The resulting printed marketing also worsens the environmental impact of paper.[relevant? ]

In short, because of the way Carrier IQ works, even if the company acts with the best of intentions, the software betrays users by leaking information outside of the control of either Carrier IQ or the affected user's phone company.

Distribution[edit]

On December 1, 2011, AT&T, Sprint, and T-Mobile confirmed it was on their phones. Sprint said, "We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool... The information collected is not sold and we don't provide a direct feed of this data to anyone outside of Sprint." Verizon was the only one of the four biggest U.S. firms to say it was not installed on their phones.[44]

Apple, HTC, and Samsung said the software was installed on their phones. Apple said it had quit supporting the application in iOS 5. It said, "With any diagnostic data sent to Apple, customers must actively opt-in to share this information... We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so." It said it would scrub the software from phones in some future release.[45] HTC (whose Android phone was the subject of Eckhart's video) said, it was required on its devices by a "number of U.S. carriers." It added "It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ."[44]

Nokia and Research in Motion (now BlackBerry Ltd) have said Carrier IQ categorically was not authorized for their phones.[44]

According to the company's website the software is also installed on NEC mobile devices,[46] and the company has a partnership with Vodafone Portugal.[47]

Although the phone manufacturers and carriers by and large say the software is strictly used to monitor its phone systems and not to be used by third parties, a press release on October 19, 2011 touted a partnership with Nielsen Company. The press release said, "Together, they will deliver critical insights into the consumer experience of mobile phone and tablet users worldwide, which adhere to Nielsen’s measurement science and privacy standards. This alliance will leverage Carrier IQ's technology platform to gather actionable intelligence on the performance of mobile devices and networks."[48]

Government response[edit]

On December 1, 2011, Senator Al Franken, chairman of the United States Senate Judiciary Subcommittee on Privacy, Technology and the Law sent a letter to Lenhart asking for answers to 11 questions and asking whether the company was in violation of the Electronic Communications Privacy Act, including the federal wiretap statute (18 U.S.C. § 2511 et seq.), the pen register statute (18 USC § 3121 et seq.), and the Stored Communications Act (18 U.S.C. § 2701 et seq.) and the Computer Fraud and Abuse Act (18 U.S.C. § 1030).[49]

A request to the FBI under the Freedom of Information Act for “any manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ” was denied, citing pending law enforcement proceeding. This has led to speculation that the FBI is using data obtained through Carrier IQ for investigations.[50]

Security responses[edit]

Fortinet has deemed Carrier IQ as a security risk/rootkit,[51] using definition Riskware/CarrierIQ!Android.[52]

Board of directors[edit]

Its board of directors in November 2011 are:[53]

See also[edit]

References[edit]

  1. ^ a b Carrier IQ, Inc., PrivCo.com
  2. ^ Konstantin Othmer, Our Team, Seraph Group
  3. ^ US 6167358, Othmer, Konstantin & Chris Derossi, "System and method for remotely monitoring a plurality of computer-based systems", published December 26, 2000 
  4. ^ Carrier IQ Named as an Innovative Business Analytics Company Under $100M to Watch, Mountain View, CA, October 27, 2011
  5. ^ Carrier IQ apologizes, drops threat to security researcher, by Stephen Shankland, 2011/11/25, CNET News.com
  6. ^ "Understanding Carrier IQ". 
  7. ^ "Update:How to turn off Carrier IQ on your iPhone". Computerworld. December 2, 2011. 
  8. ^ "T Mo: Carrier IQ on 450,000 phones, but use is limited". GigaOm. December 21, 2011. 
  9. ^ http://www.carrieriq.com/company/PR.CIQ-SeriesC.2009-01-27.pdf
  10. ^ "Carrier IQ bucks funding climate" (PDF). Retrieved 2011-12-06. 
  11. ^ "NEC and Carrier IQ Announce Global Partnership". GoMoNews. 
  12. ^ http://www.carrieriq.com/documents/17-june-2009-carrier-iq-wins-2009-tie50-award/5590/
  13. ^ "Bridgescale Partners Series D Funding" (PDF). Retrieved 2011-12-06. 
  14. ^ http://www.carrieriq.com/company/PR.100M_VisionMobile_FINAL_10_18_10.pdf
  15. ^ http://www.carrieriq.com/documents/22-march-2011-carrier-iq-announces-mobile-intelligence-for-lte-and-4g-technologies/5596/
  16. ^ http://www.carrieriq.com/company/PR.LarryLenhartCEO.pdf
  17. ^ http://www.carrieriq.com/company/PR.Nielsen_CIQ_News_Release_Oct_19_2011.pdf
  18. ^ http://www.carrieriq.com/company/PR.IDC_Names_Innovative_Companies_FINAL_10_27_11.led.pdf
  19. ^ "Carrier IQ: You should know what your phone knows about you". CNNMoney. 
  20. ^ http://www.carrieriq.com/documents/27-february-2012-carrier-iq-enables-mobile-operators-to-deliver-the-first-ever-quality-of-experience-consumer-dashboard/6623/
  21. ^ http://www.carrieriq.com/documents/8-may-2012-carrier-iq-appoints-former-verizon-lead-privacy-counsel-magnolia-mobley-as-chief-privacy-officer-and-general-counsel/7053/
  22. ^ Michael Gorman. "Carrier IQ hires former Verizon privacy counsel Magnolia Mobley as Chief Privacy Officer". engadget. 
  23. ^ "Home to Logging Test App". Android Security Test. Retrieved 2011-12-06. 
  24. ^ How much of your phone is yours?, By: Russell Holly, 2011/11/15, Geek.com
  25. ^ Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything, By David Kravets, 2011/11/29, Wired.
  26. ^ Andy Greenberg (2011-11-30). "Phone 'Rootkit' Maker Carrier IQ May Have Violated Wiretap Law In Millions Of Cases". Forbes. Retrieved 2011-12-02. 
  27. ^ https://www.eff.org/sites/default/files/eckhart_cease_desist_demand_redacted.pdf
  28. ^ Carrier IQ Tries to Censor Research With Baseless Legal Threat, By Marcia Hofmann, 2011/11/21, EFF.org
  29. ^ Carrier IQ Drops Empty Legal Threat, Apologizes to Security Researcher, By Marcia Hofmann, 2011/11/23, EFF.org
  30. ^ Carrier IQ Press Statement, November 23, 2011, (Carrier IQ official response to incident)
  31. ^ BUSTED! Secret app on millions of phones logs key taps, By Dan Goodin, 30th November 2011 - The Register.
  32. ^ Carrier IQ ‘Wiretap’ Debacle: Much Ado About Something?, By Matt Peckham, December 1, 2011, (questions about transmission), Techland - TIME.com
  33. ^ "'Secret' app installed on millions of Android phones reads your messages | Mail Online". London: Dailymail.co.uk. 2 December 2011. Retrieved 2011-12-02. 
  34. ^ IQ Insight Experience Manager, Product Overview (PDF:2009), Carrier IQ.
  35. ^ "Company :: Privacy and Security". Carrier IQ. Retrieved 2011-12-06. 
  36. ^ [1]
  37. ^ "Class action suit against Carrier IQ". Retrieved 6 December 2011. 
  38. ^ "Understanding Carrier IQ Technology". Carrier IQ. Retrieved 13 November 2012. 
  39. ^ http://www.carrieriq.com/company/PR.CIQ_Press_Statement_DEC_1_11.pdf
  40. ^ "Overview". Carrier IQ. Retrieved 2011-12-06. 
  41. ^ Why transparency is crucial to the success of mobility by Wayne Rash, FierceMobileIT
  42. ^ Remember Carrier IQ? Well, It's Still Around and Kicking. by Ina Fried, All Things D
  43. ^ Can Carrier IQ's new Chief Privacy Officer build a 'culture of privacy'? by Dieter Bohn, The Verge
  44. ^ a b c Jaikumar Vijayan (December 1, 2011). "AT&T, Sprint confirm use of Carrier IQ software on handsets". Computerworld.com. Retrieved 2011-12-02. 
  45. ^ "How to turn off Carrier IQ on your iPhone - iPad/iPhone - Macworld UK". Macworld.co.uk. 2011-12-02. Retrieved 2011-12-02. 
  46. ^ NEC and Carrier IQ Announce Global Partner, February 17, 2009, Carrier IQ.
  47. ^ News Release: Vodafone Portugal Pioneers Innovative Mobile Broadband Experience Management Architecture Using Carrier IQ Technology, July 31, 2009, Carrier IQ.
  48. ^ Nielsen and Carrier IQ Form Global Alliance to Measure Mobile Service Quality, October 19, 2011, Carrier IQ.
  49. ^ "Sen. Franken Demands Answers from Company Accused of Secretly Logging Location and Private Information | Al Franken | Senator for Minnesota". Franken.senate.gov. 2011-12-01. Retrieved 2011-12-06. 
  50. ^ Loftus, Tom (December 13, 2011). "Carrier IQ Fights Speculation Around FBI Link". The Wall Street Journal. 
  51. ^ "Carrier IQ On Android". 
  52. ^ "Riskware/CarrierIQ!Android". 
  53. ^ "Board of Directors". Carrier IQ. Retrieved 2011-12-02. 

External links[edit]

Rootkit wiretapping & privacy controversy