It seems the dark side of pre-installed software on our Android devices is emerging, as the Carrier IQ controversy continues. What Android researcher and app developer Trevor Eckhart uncovered with Carrier IQ’s data collection methods has upturned an entire mobile industry, questioning what mobile carriers and manufacturers are really doing with the information generated by our handset activity. Carrier IQ has already issued a statement, defending a snowball of accusations regarding its “rootkit” software status. But it’s really companies like AT&T and HTC that will come under fire, as they are the ones paying for and utilizing consumer data.
While carriers speedily responded to the Carrier IQ saga, manufacturers have had less to say on the matter. Samsung, for instance, has not released a statement, though their latest Galaxy Nexus and the original Xoom are said to be CIQ-free. Apple even released a statement, saying that they’ve discontinued the use of Carrier IQ software, clarifying that it’s a user opt-in service.
Carrier IQ detector app, security commentary
While Carrier IQ isn’t malicious software, it’s still raising concerns over privacy and fair data use, and this ongoing debacle has affected an entire industry, going so far as to prompt a Carrier IQ detector app release for Android. The new Voodoo Carrier IQ detector app will track the tracker, though it’s a very new tool and has plenty of kinks to work out. Supercurio, the team behind the new app, has released its source code for those that want to help refine the tool.
Security providers have also been pulled into the mix, as companies like Lookout received countless inquiries from customers after Carrier IQ was exposed to the mobile community. “The most alarming aspect of Carrier IQ’s software is that most consumers are neither aware of its presence on their mobile devices, nor the level of data that is being collected,” says Tim Wyatt, Lookout’s Principle Engineer.
“Metrics are all the rage these days, and it’s hip to be a metrics-driven company. It’s critical to consider users’ privacy, however, and the more sensitive the data that is being touched, the more critical it is to give your users a clear opt-out path. While this isn’t currently an option provided by Carrier IQ and its partners, we’re hopeful that it will become one in the near future.”