Carrier IQ has been a hot topic as of late, but not without good reason. The "service" that no one had really heard of before October of this year has been raising eyebrows for the last couple of months, leaving us all wondering how much data was actually being extracted from our devices.
While it definitely has a deep ditch to dig its way out of, CIQ has started on that long and tedious process by releasing a nineteen-page document detailing exactly what information is collected. The document gives a pretty in-depth explanation of what CIQ is really doing with the data being collected, how much of it is actually human-readable, and even goes as far as to address (and justify?) many of Trevor Eckhart's findings from a few weeks ago.
If you're curious about Carrier IQ, the document is a good, albeit long, read. You can find it in its entirety right here.
Update: After spending some time reading the doc, there are a few relevant points of interest that I feel should probably be highlighted:
- While each mobile device containing Carrier IQ software can be implemented with a comprehensive list of analytics capabilities, what is actually gathered by a Network Operator is based on their business requirements and the agreements they form with their consumers on data collection. [Emphasis theirs]
- Our investigation of Trevor Eckhart’s video indicates that location, key presses, SMS and other information appears in log files as a result of debug messages from pre-production handset manufacturer software. Specifically it appears that the handset manufacturer software’s debug capabilities remained “switched on” in devices sold to consumers. [Emphasis theirs]
- Carrier IQ has discovered that, due to this bug, in some unique circumstances, such as a when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the layer 3 signaling traffic that is collected by the IQ Agent. These messages were encoded and embedded in layer 3 signaling traffic and are not human readable. No multi-media messages (MMS), email, web, applications, photos, voice or video (or any content using the IP protocol) has been captured as a result of this profile bug, as only SMS traffic is embedded in layer 3 signaling messages to deliver SMSs to/from devices. [Emphasis theirs]
- Location and Security of Data - The location of Carrier IQ MSIP servers varies by customer. Carrier IQ provides a “Software-as-a-Service” model whereby we host the servers on behalf of some customers. In other cases, our customer will host the MSIP system in their data centers. In either case the security of the systems is paramount and our customers audit the protections we place in these systems and facilities. To date we have not experienced any known data breaches. It should also be noted that customer indentifying information beyond the hardware and subscriber serial numbers and phone numbers dialed/received is not kept in
Carrier IQ deployed systems. [Emphasis ours]
- Other uses of data - Under our customer contracts we are not permitted to analyze, resell or reuse any of the information gathered for our own purposes, or to pass to any third party unless required by law. [Emphasis ours]
The document also details how Carrier IQ uses location-based service to help carriers locate no service areas, as well as troubleshoot new services (like LTE). There is a tool included called IQ Insight that provides the location details to network technicians so they can pinpoint exactly what the problem is, along with how to repair it.
And here is the full summary portion of the document:
- The source of personal information in Android log files shown by Trevor Eckhart in his video is a result of debug settings remaining in production devices and should be classified as vulnerability. The IQ Agent software on the mobile device was not responsible for writing log messages containing personal information seen in the video.
- Carrier IQ does not acquire or forward the content of multi-media messages (MMS), emails, photos, web pages, audio or video. A detailed list of what is actually gathered can be found in Exhibit A and Exhibit B.
- In some unique circumstances described in this document, an unintended bug in a diagnostic profile allowed collection of layer 3 radio messages in which SMS messages may have been embedded. While the layer 3 signaling data was provided to the Network Operators over whose networks the data was originally sent, they were not decoded or made available in human readable form to Carrier IQ, its customers or any third party. Upon discovering the bug, Carrier IQ and its customers took immediate steps to remedy the bug and Carrier IQ customers are no longer uploading such data.
- A specific numeric key code can be entered by the user to cause the IQ Agent software to commence an upload and the IQ Agent software on the device receives numeric key presses so that it can identify when this key code is entered. Carrier IQ has never intentionally captured or transmitted keystrokes and is not aware of any circumstances where this has occurred. Carrier IQ is not a keylogger and no customer has asked Carrier IQ to capture key strokes.
- Network Operators define through profiles which specific diagnostics are actually gathered from a device. Carrier IQ writes profiles for each Network Operator to gather the diagnostic information they require.