Featured Mobileburn Video

Carrier IQ explains its software, points a finger, and acknowledges a bug

News by Michael Oryl on Wednesday December 14, 2011.

t-mobile · software news · michael oryl

Sponsored links, if any, appear in green.

Today a beleaguered Carrier IQ, maker of software used by wireless carriers to see how phones on their networks are being used, issued a lengthy report on what its software does and does not do.

The company explains that the intent of its software, in a nutshell, is to pass data to carriers on where and when calls fail, what parts of the network are causing consumers problems, how phones interact with wireless networks, and to help diagnose phone battery and performance issues. It can also take such information from many consumers and aggregate it "to provide performance scorecards and heat maps by market or city, or by type of device."

The data, which is typically uploaded every 24 hours in an encrypted form, according to Carrier IQ, can also help carriers offer one-on-one support to customers. The service rep can get access to the consumer's recent phone experience with the network, and even take a peek at which applications have been heavily using CPU power or overly draining the phone's battery.

The piece of software that goes onto a phone is called the IQ Agent, and it comes in three forms. It can be a pre-loaded, more or less off-the-shelf application that the carrier loads into the device; it can be loaded by the consumer directly (and later be uninstalled) at the request of a service technician; or it can be embedded into the device. The embedded version is the only version of IQ Agent that has access to low-level cellular radio information that can be used to track tower issues. The embedded version also requires that the phone manufacturer write some custom code that will allow the phone to pass this low-level data to the IQ Agent.

This, says Carrier IQ, is where the problems of personal data being seen in unencrypted, human readable log files on a HTC EVO 4G for Sprint arose from. Carrier IQ claims that the developer who worked on interfacing with Carrier IQ's programming interface (presumably working for HTC) left some debugging messages enabled on production software. The use of such debugging information being passed to log files is common practice, I assure you. The only problem is that the developer failed to turn off the debugging code when he or she was finished. It was a human mistake, a simple oversight. Carrier IQ offered the following statement regarding the original findings by security researcher Trevor Eckhart:

"Our investigation of Trevor Eckhart's video indicates that location, key presses, SMS and other information appears in log files as a result of debug messages from pre-production handset manufacturer software. Specifically it appears that the handset manufacturer software's debug capabilities remained 'switched on' in devices sold to consumers."

Carrier IQ says that its IQ Agent stores its own data in an encrypted form in a temporary location until it is ready for transmission to the carrier, and that log files are not used for storing data or for collecting it in the first place. The collected data is typically a summary of events in the previous 24 hours, and averages roughly 200KB in size, according to the company. Carriers do not charge the consumer for the data used by these transfers.

The specific data collected is defined by the Carrier IQ's customer, the wireless carrier. Carrier IQ says that, based on the carrier's requirements, the data can be anonymous or tied to the specific handset. Carriers also determine how often the data is transmitted, which metrics are included, and how the data should be processed or summarized before transmission. Updated rule sets (called profiles) can be sent to the phone when necessary.

Carrier IQ does own up to an SMS-related bug, though:

"Carrier IQ has discovered that, due to this bug, in some unique circumstances, such as a when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the layer 3 signaling traffic that is collected by the IQ Agent. These messages were encoded and embedded in layer 3 signaling traffic and are not human readable."

Saying the data is not human-readable does not count for much, though. We all know that JPG image files are not human readable as-is, but any kid with a web browser knows how to decode them into a form that humans understand. Carrier IQ points out that "no multi-media messages (MMS), email, web, applications, photos, voice or video (or any content using the IP protocol) has been captured." That's due to the fact that those services use regular data, and don't rely on the special service channel that SMS is transmitted over.

Others have pointed out that the IQ Agent appears to be a keylogger, capturing dial-pad keystrokes. This is true, to some extent, but carriers already have access to all of the phone numbers that a handset calls (naturally). The supposed key-logging is related to giving consumers the ability to enter a special code that will manually cause the IQ Agent to upload its data - typically at the carrier's request. Carrier IQ also notes that a specially coded SMS message can have the same effect.

"Carrier IQ has never intentionally captured or transmitted keystrokes and is not aware of any circumstances where this has occurred. Carrier IQ is not a keylogger and no customer has asked Carrier IQ to capture key strokes."

The embedded version of the IQ Agent can, however, capture the URLs of web pages that the consumer accesses with his or her phone - if the carrier requests it. That's certainly cause for alarm for some people, but at least they can rest assured that the actual page contents are not accessed. Still, there are likely plenty of websites that include sensitive data on URLs, and that data would be available to Carrier IQ's software and carrier customers.

As a former developer and generally technical guy, I can appreciate the pickle that Carrier IQ is in. While I have only its side of the story to go on here, Carrier IQ appears to be taking a lot of heat largely for things it hasn't done, or was unaware of. You know, general FUD. None of this would have detonated this way had the company, and its carrier customers, been more up front with consumers about what data is being tracked and how it's being used.

That's the lesson we've learned here. Even seemingly innocuous things can be "evil" if done behind our backs.

Let's all move on now.

blog comments powered by Disqus

About the author

Michael Oryl
Michael is the Philadelphia based owner and former editor-in-chief of MobileBurn.com. You can follow him on Twitter as @MichaelOryl

Related Stories