Carrier IQ has been a hot topic as of late, but not without good reason. The "service" that no one had really heard of before October of this year has been raising eyebrows for the last couple of months, leaving us all wondering how much data was actually being extracted from our devices.

While it definitely has a deep ditch to dig its way out of, CIQ has started on that long and tedious process by releasing a nineteen-page document detailing exactly what information is collected. The document gives a pretty in-depth explanation of what CIQ is really doing with the data being collected, how much of it is actually human-readable, and even goes as far as to address (and justify?) many of Trevor Eckhart's findings from a few weeks ago.

If you're curious about Carrier IQ, the document is a good, albeit long, read. You can find it in its entirety right here.

Update: After spending some time reading the doc, there are a few relevant points of interest that I feel should probably be highlighted:

  • While each mobile device containing Carrier IQ software can be implemented with a comprehensive list of analytics capabilities, what is actually gathered by a Network Operator is based on their business requirements and the agreements they form with their consumers on data collection.  [Emphasis theirs]
  • Our investigation of Trevor Eckhart’s video indicates that location, key presses, SMS and other information appears in log files as a result of debug messages from pre-production handset manufacturer software.  Specifically it appears that the handset manufacturer software’s debug capabilities remained “switched on” in devices sold to consumers. [Emphasis theirs]
  • Carrier IQ has discovered that, due to this bug, in some unique circumstances, such as a when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the layer 3 signaling traffic that is collected by the IQ Agent.  These messages were encoded and embedded in layer 3 signaling traffic and are not human readable. No multi-media messages (MMS), email, web, applications, photos, voice or video (or any content using the IP protocol) has been captured as a result of this profile bug, as only SMS traffic is embedded in layer 3 signaling messages to deliver SMSs to/from devices. [Emphasis theirs]
  • Location and Security of Data - The location of Carrier IQ MSIP servers varies by customer.  Carrier IQ provides a “Software-as-a-Service” model whereby we host the servers on behalf of some customers.  In other cases, our customer will host the MSIP system in their data centers.  In either case the security of the systems is paramount and our customers audit the protections we place in these systems and facilities.  To date we have not experienced any known data breaches.  It should also be noted that customer indentifying information beyond the hardware and subscriber serial numbers and phone numbers dialed/received is not kept in
    Carrier IQ deployed systems. [Emphasis ours]
  • Other uses of data - Under our customer contracts we are not permitted to analyze, resell or reuse any of the information gathered for our own purposes, or to pass to any third party unless required by law. [Emphasis ours]

The document also details how Carrier IQ uses location-based service to help carriers locate no service areas, as well as troubleshoot new services (like LTE). There is a tool included called IQ Insight that provides the location details to network technicians so they can pinpoint exactly what the problem is, along with how to repair it.

2011-12-13 13h52_09

2011-12-13 13h52_53

And here is the full summary portion of the document:

  • The source of personal information in Android log files shown by Trevor Eckhart in his video is a result of debug settings remaining in production devices and should be classified as vulnerability.  The IQ Agent software on the mobile device was not responsible for writing log messages containing personal information seen in the video.
  • Carrier IQ does not acquire or forward the content of multi-media messages (MMS), emails, photos, web pages, audio or video.  A detailed list of what is actually gathered can be found in Exhibit A and Exhibit B.  
  • In some unique circumstances described in this document, an unintended bug in a diagnostic profile allowed collection of layer 3 radio messages in which SMS messages may have been embedded.  While the layer 3 signaling data was provided to the Network Operators over whose networks the data was originally sent, they were not decoded or made available in human readable form to Carrier IQ, its customers or any third party.  Upon discovering the bug, Carrier IQ and its customers took immediate steps to remedy the bug and Carrier IQ customers are no longer uploading such data.
  • A specific numeric key code can be entered by the user to cause the IQ Agent software to commence an upload and the IQ Agent software on the device receives numeric key presses so that it can identify when this key code is entered.  Carrier IQ has never intentionally captured or transmitted keystrokes and is not aware of any circumstances where this has occurred. Carrier IQ is not a keylogger and no customer has asked Carrier IQ to capture key strokes.
  • Network Operators define through profiles which specific diagnostics are actually gathered from a device.  Carrier IQ writes profiles for each Network Operator to gather the diagnostic information they require.

[Source Carrier IQ Via Android and Me]

Cameron Summerson
Cameron is a self-made geek, Android enthusiast, horror movie fanatic, musician, and cyclist. When he's not pounding keys here at AP, you can find him spending time with his wife and kids, plucking away on the 6-string, spinning on the streets, or watching The Texas Chainsaw Massacre on repeat.

  • William D

    A company like this, that abuses smartphone open platforms to embed itself in, disguises itself, and then blames the carrier is nothing more than bloatware, violation of privacy, and completely unnecessary for carriers to use to determine issues with the phone, network, or else; is likely to lose money and go under within the next 6 months.

  • William D

    A company like this, that abuses smartphone open platforms to embed itself in, disguises itself, and then blames the carrier is nothing more than bloatware, violation of privacy, and completely unnecessary for carriers to use to determine issues with the phone, network, or else.

  • Andrew D

    The entire document seemed fishy to me, not so much explaining what Carrier IQ does but denying everything that the Android community, specifically Trevor, has found out about their service.

  • http://twitter.com/mikeGsays GarciaM25

    So....... pretty much this article was a placeholder for the link to the document, as in, read this and YOU report back to us to tell us what it all says, huh, Cameron? That's what I got from the last line at least.... very atypical reporting from AP, here!

    • Cameron Summerson

      I didn't say "tell us what it says," I said tell us what "you think," as in share your feelings on the subject matter. Pretty big difference between the two.

      • J Rush

        That's why you're my favorite writer for AP Cam. Epic wording. Love Artem and everyone else too. They're just as epic.

      • http://twitter.com/mikeGsays GarciaM25

        And I didn't use quotes, I said "as in," so that's an even bigger difference - thank you for taking the time to read through it and actually report on this, no sarcasm included, because I wasn't going to! That's why you get the big bucks!

  • mastermind26

    19 pages of information that is basically irrelevant as to why or what it is really doing. It's like a science paper with no real information.

  • CurlyJ

    "If you decide to dive deep into it, let us know what you think."

    Heres a concept - you could report on what it says - oooooooooooo

    Whats the point of telling us its released - but not giving any facts about the document and the contents?

    or u cant be bothered?

    • J Rush

      Probably because no one has the time or patience to write a full blown article on something that's already been written. You learn to read in school for a reason...no offense to anyone who didn't go to school or learned to read.

      • CurlyJ

        i will stick with my last answer :)

  • Johnny

    Here's where this is all going, I think. Carrier IQ is saying that they provide guidance to their customers (phone manufacturers and/or carriers) on how to integrate the Carrier IQ software (this is the third option, or "Embedded IQ Agent"). Exactly what the phone manufacturers/carriers do with that information, how they implement or what they do or don't tell their end users is up to them, not Carrier IQ. In other words, this is a pass-the-buck article. And in reality, they may have a good point. If Sprint goes and adds all this code into their phones, then it really is Sprint that is doing the spying on us, and it is Sprint that should have told us, and should have given us the option to get out of this. It will be interesting to see where this goes from here.

  • modplan

    I tried to explain this to you all...

  • Chris

    Thanks carrier IQ! Thanks to you I rooted my EVO; turned out to be one of the best things I could do in that situation. People just root and install a custom ROM. It's not as difficult as it may seem. You will be done with all the games carriers play on their customers. Thanks again Carrier IQ, I now know the joys of being rooted!

    • ChumbleSpuzz

      Just did the same. After all the other security issues with HTC, this was the last straw. Should have done it much sooner.

  • Marc

    This is what gets me. First they say that it was the phones were left in "debug" mode that caused the data leak. Then they say "Upon discovering the bug, Carrier IQ and its customers took immediate steps to remedy the bug and Carrier IQ customers are no longer uploading such data."

    Has there been any record of anyone with the Carrier IQ software on their phones had the "debug" mode turned off?

    • Tomas – University Place, WA

      Marc, those were two different data leaks - one that was a bug is the one that might put a simultaneous SMS message in the level three information CIQ reported for a call (SMS actually uses level three to pass info), and the other that was the manufacturer/carrier (whoever last fiddled with the OS Software) had left the debug mode activated and the debug being activated is what was logging the extra information that Carrier IQ does not access or record.
      Reading comprehension (and knowledge of the OSI levels) would go a long way toward understanding the info CIQ provided.
      (DISCLAIMER: I am not connected to Sprint, CIQ, any manufacturer, or other persons or companies involved with this. I'm a retired Bell System communications engineer.)