The Carrier IQ Story: Everyone Is An Idiot Software and Technology

Thursday, December 01 2011

The Carrier IQ Story: Everyone Is An Idiot

Gizmodo Is The National Enquirer of the Tech Industry

From Gizmodo's email blast last eve-

If you have any decently modern Android phone, everything you do is being recorded by hidden software lurking inside. It even circumvents web encryption and grabs everything—including your passwords and Google queries.

So I went checking, actually hoping to find this villainous software.

My Galaxy S II - No Carrier IQ.

My wife's Captivate Glide - No Carrier IQ.

My Nexus One - No Carrier IQ.

My peer's new Razr - No Carrier IQ.

I expect little from Gizmodo, but such a fundamentally unproven claim — so trivial to dismiss — really sets a new low.

But they're hardly alone. This whole story has been an exercise of hysterics and technical ignorance. Even on self-purportedly enlightened sites like Hacker News, the dominant opinion is superficial, lacking any real curiousity or discernment at all.

Why I Don't Fear Carrier IQ

If I did find the software on one of my devices, I can't say I'd be overwhelmed with fear.

The "security researcher" — realize that the media invents professions and credentials when they need a stooge to prop up a story without legs: when the WSJ ran with some domain stats I had gathered, they declared me the "world's preeminate domainologist". In reality my interest in domains started and ended with the fact that it was a large set of data usable for an index tutorial — became aware of the daemon on his Sprint phone while using the logcat tool available in the Android SDK. This is a tool run by millions upon millions of devs.

His observation actually wasn't unique, and the service had been noted and dismissed by many other devs using Sprint Android handsets over the prior year. He was the first, it seems, to announce unsupported, hysterical conclusions, the drama escalated when Carrier IQ poured fuel on the fire by sending him a heavy-handed cease and desist, which they later retracted (though I suspect that this whole episode will end in some large libel lawsuits against very sloppy organizations like Gizmodo).

He wasn't using a "packet sniffer". He was using the most rudimentary debugging tool that Android developers use, whereupon he found this software literally announcing its presence and what it was doing. Basically the exact opposite of hiding itself.

"But it records your keystrokes!" you say. There has been zero proof of this thus far. What has been shown is that the daemon software intercepts keystrokes, proudly announcing its achievement into an in-memory ring-buffer log. I suspect — with zero proof — that it uses these events to populate basic aggregate data such as "uses the keyboard heavily". Nor has it been shown that any of this data is actually transmitted to Carrier IQ beyond aggregate statistics.

Where are the logs of this activity? The history of your keypresses and your web activity? This is brutally easy to find, if it exists. Find it and become an internet hero.

But I doubt you will. Know why? Because the legal landmine that Carrier IQ would find itself in, operating in one of the most heavily regulated industries around.

It goes against intuition that they would record, much less transmit to themselves, this information when it would represent enormous liability. Perhaps I'll be proven wrong, but I highly doubt it.

Nothing that has been found contradicts exactly what Carrier IQ stated in their public announcement. All of the purported proof otherwise is a demonstration that most of the people manning the keyboards of the tubes don't have the slightest clue what they're talking about.

EDIT - 10:28PM - I've gotten a few emails deriding my "douchey" tone, in particular that I scarequoted "security researcher". I did so intentionally: Tech news has gone down a path of stupidification where nothing is validated, and where an expert opinion is drawn from the most rudimentary, superficial analysis. Looking at logcat entries does not make a security researcher — it makes a log dabbler.

In any case, Carrier IQ has spoken up regarding the issue, explaining pretty much exactly what I guessed above. Do you have to trust them? Perhaps not. But their explanation is entirely rational and in line with the service they provide.

EDIT - December 5th - Quite a dramatic narrative change has occurred. Now instead of being on every newer Android phone, it's actually on a subset from two US carriers (AT&T and Sprint). Further it isn't "recording" your keystrokes, it is, perhaps insecurely, logging a subset of details to the in-memory ring-buffer log (which is not "recording"). A nefarious app — if it requested and was granted the READ_LOGS manifest permission that startling few apps have — could exploit this sloppy logging.

Comments Permalink

Reader Comments

I'm sorry but I have to dismiss this article as speculation. The tool being used is logcat, which reports all information taken into and out of functions written for the android SDK. Let's call this black box function taking in these values (which are linked to full text messages, key presses, and more) "Carrier IQ". Saying he is wrong in worrying over the fact that Carrier IQ is taking in this information is quite misinformed. Yes, he did not use a packet sniffer to see the data leaving the device, but let's be honest here, would that tool really much information anyway? What's to say that the information transmitted from the device is not encrypted? I would honestly be surprised if any information leaving Carrier IQ would be in plain text for a packet sniffer to see anyway. The issue at hand is the input of this function, which violates privacy; not the output. Unfortunately, that's what this author of this article has failed to realize.

Matthew Match @ 12/1/2011 12:10:15 PM

"The tool being used is logcat, which reports all information taken into and out of functions written for the android SDK"

I actually develop for Android. I know what logcat is, and just as a heads up, it is in no way what you describe (such a log would be *enormous*).

"Saying he is wrong in worrying over the fact that Carrier IQ is taking in this information is quite misinformed."

What is misinformed is inventing end results that the evidence does not support. Approximately 99% of the chatter about this product are by people who know nothing about software, logcat, Android, etc.

Is there nefarious goings on? Perhaps. Has it been proven? Absolutely not...at all. Just a lot of people inventing a reality that doesn't exist. They have event hooks is the entirety of what is demonstrated.

Dennis Forbes @ 12/1/2011 12:27:29 PM

"His observation actually wasn't unique, and the service had been noted and dismissed by many other devs using Sprint Android handsets over the prior year."

Name one.

Michael Fanara @ 12/1/2011 1:04:34 PM

I've looked at the research data, and while I was pissed to find a program I didn't know about looking at my device interactions, I also haven't been able to see that CarrierIQ is storing the data in long term memory or files. The Eckhart research so far hasn't shown to me a central repository where all the logcat data goes, or falsifiable proof that the data is being transmitted instantly to a remote location.

To me it appears to be simply listening, evaluating and, I'm guessing here based on my own PC dev experience, triggering a CIQ action if the evaluation meets a requirement ie "SMS Recieved" increases "Heavy SMS usage threshold counter.variable"

Thoughts?

Don @ 12/1/2011 1:35:51 PM

@Michael-

Seriously? This isn't difficult to find.

http://forum.xda-developers.com/archive/index.php/t-864271.html

http://www.wirelessforums.org/alt-internet-wireless/re-wizard-exposes-carrier-iq-107517.html

http://androidforums.com/galaxy-prevail-all-things-root/406807-mod-carrier-iq-remover-3-2-final-10-26-11-a.html

http://www.reddit.com/r/Android/comments/fvj6t/creators_of_syndicaterom_found_and_disabled/

Carrier IQ is not a new discovery. The mandate of the company is public, and they raised funds based upon the basic service that they provide.

Dennis Forbes @ 12/1/2011 6:12:24 PM

How did you check for CarrierIQ on the Captivate Glide? Rooting the Glide is not available yet it seems since the phone is new.

CJ @ 12/1/2011 7:23:44 PM

You don't need a rooted phone to detect Carrier IQ. A simple debug session is enough. It is hidden in plain sight, and it is a complete abuse of the term "root kit" as applied to it.

And after writing that earlier, the providing carrier (Rogers Canada) has since stated that they don't make use of this service.

Dennis Forbes @ 12/1/2011 7:39:17 PM

I agree with the OP. this whole thing is being blown way out of proportion. Carrier IQ would be better off, offering money to use their logging software like various rating companies do for radio or TV. Nielsen, Arbitron, etc.

IMO it appears to be part of HTC logging software. I bet if you delve into their EULA you will find references to carrier IQ.

morris @ 12/1/2011 9:03:16 PM

I would say this is a great piece... almost accurate even. Except that ATT admitted that CIQ sent them peoples SMS messages. They claimed it was a bug in the software though. So you shouldn't be worried.

Jim @ 12/16/2011 2:52:11 PM

Add Comment

Name *:

Email Address:

(your email address is not displayed)
Website:

Comment *:

About the Author

Dennis Forbes is a Toronto-based software architect. While focused primarily on the .NET and SQL Server worlds, Dennis frequently ventures outside of this comfort zone into game development and image processing. He has been published in several industry magazines, has been quoted in the Wall Street Journal and has been interviewed by NPR.

He is a vice president and lead software architect at an innovative New York City hedge fund back-office services firm.

Dennis has been working on solutions for the financial, telecommunications, and power generation markets for over 15 years.