Carrier IQ’s Stealth Logging Software Discovered On Android, BlackBerry And Nokia Phones; References Also Found In iOS


Carrier IQ logo

Few days back, Trevor Eckhart of Connecticut revealed that many Android, BlackBerry and Nokia phones come bundled with software called IQRD developed by a company called Carrier IQ that secretly logs everything a user does on the mobile phone.

The creepy thing is that Eckhart found the software logging even personal information such as text messages and web searches, which has raised serious privacy concerns.

Carrier IQ on it’s part denies its software logs keystrokes and claims that their software is “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.” However, a video published by Eckhart clearly undercuts that claim.

PC World reports:

After connecting his HTC device to his computer, Trevor found that IQRD is secretly logging every single button that he taps on the phone–even on the touchscreen number pad. IQRD is also shown to be logging text messages.

In the video, Eckhart shows that Carrier IQ is also logging Web searches. While this doesn’t sound all that bad by itself, it suggests that Carrier IQ is logging what happens during an HTTPS connection which is supposed to be encrypted information. Additionally, it can do this over a Wi-Fi connection with no 3G, so even if your phone service is disconnected, IQRD still logs the information.

Wired reports that Carrier IQ apparently threatened to sue Eckhart but backed down when Electronic Frontier Foundation backed his findings. Forbes believes that the company may have violated wiretapping laws.

According to Eckhart, it is not possible for a user to turn off the logging on the Android based HTC smartphone.

Interestingly, iPhone developer and hacker – chpwn reports that he has also found references of Carrier IQ’s software in Apple’s iOS, but it seems to be logging information related to device’s performance and does not seem to have access to capture information such as text messages and Web searches like seen on the HTC smartphone.

Carrier IQ is run from a number of different daemons, depending on the firmware version of the device: (You can view this on a jailbroken iPhone with iFile or extract it from a software update bundle if you want to check the files out yourself.)

  • iOS 3: /usr/bin/IQAgent
  • iOS 4 and 5: /usr/bin/awd_ice2 or /usr/bin/awd_ice3

chpwn concludes:

Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely.

The good news is that iPhone users can choose to disable the logging by simply going to Settings -> General -> About -> Diagnostics & Usage -> Don’t Send.

While we are fine with carriers collecting information related device’s performance, Carrier IQ seems to have crossed the line by even recording key strokes on the mobile phone.

Let us know what you think in the comments below.

[via Trevor Eckhart’s blog, chpwn’s blog]

Like this post? Share it!