azrienoch · Dec 2, 2011 at 07:40 am

Carrier IQ Creeps Out Everyone

Over the last week, Carrier IQ received quite a lot of attention.  First, TrevE was served a Cease and Desist letter from Carrier IQ, including a prepared statement they insisted TrevE release on his website, denouncing his work.  The Electronic Frontier Foundation responded on TrevE’s behalf, calling the C&D a violation of constitutional rights, and malicious.  Carrier IQ apologized, calling the C&D, “misguided,” but made a statement denying many of the allegations.

Then TrevE released a video proving that every single allegation that Carrier IQ denied their software was capable of doing, their software actually does.  And apparently not even the mighty iPhone is free of Carrier IQ data mining.

In the last few days, pieces of the story made their way to The New York Times, Wall Street Journal, Washington Post, Forbes, Huffington Post, CNN, MSNBC, Fox News, and more–not typically the venues to announce mobile tech news.  There’s congressional interest in the matter, with Minnesota Senator Al Franken demanding answers about Carrier IQ by 14 December 2011.

A flood of statements poured in from companies of all sorts, proudly announcing that their products do not use Carrier IQ.  Statements from companies that use Carrier IQ are now trickling in, too.  Of the statements by companies who admit to using Carrier IQ, all of them include a list of data they do not collect.  That may be confusing because they immediately contradict TrevE’s video.

For example, from T-Mobile’s statement, “T-Mobile does not use this diagnostic tool to obtain the content of text, email or voice messages, or the specific destinations of a customers’ internet activity, nor is the tool used for marketing purposes.”

From Sprint’s statement, “We do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.”

The contradiction between these statements and the reality of the Carrier IQ software comes from a failure of explanation on the part of the carriers and of Carrier IQ.  It may be true that they do not receive that data, but the software most certainly collects it.  If their software was unable to collect all this information, it’d be much more plausible that they never receive it.  Why create diagnostic software capable of collecting more information than you collect?  It makes no sense, and these responses are frankly unbelievable.  They’re also astoundingly slimy semantic dodges, if not lies.  And if not lies, the burden of proof is on the carriers, and yet to be fulfilled.

What baffles me is that, had users had an opt-out option–a full disabling of Carrier IQ software–there would be no issue.  Or, at least, very little issue.  But that’s not what we have here.  In fact, Sprint said, “The Sprint privacy policy makes it clear we collect information that includes how a device is functioning and how it is being used.”

In other words, the Terms of Sevice itself is the opt-out option.  If we don’t like it, we don’t have to use Sprint’s services.  The problem is, what is made “clear” by the privacy policy, isn’t.

We called Sprint Customer Service yesterday to see about getting a contract and a new smartphone, and specifically asked about Carrier IQ.  The customer service representative, Jason, assured me that Sprint did not use Carrier IQ.

Now, I believe this is a singular example of ignorance-nearing-idiocy.  Sprint obviously, publicly admits they use Carrier IQ’s software.  Nothing in itself to pursue.  However, it goes far to show just how much of an option we have, here.  If a random customer cannot be informed of their contractual obligations because a customer service representative isn’t even informed of those contractual obligations, the It’s-in-the-Terms-of-Service defense does not work.

On top of that, the next step in exposing the depth of evil to which Carrier IQ is used is proving that the only way “law enforcement offers could log into a special Sprint Web portal and, without ever having to demonstrate probable cause to a judge, gain access to geolocation logs detailing where they’ve been and where they are,” is using Carrier IQ.  (Source: Sprint fed customer GPS data to cops over 8 million times.)

Regardless of whether Carrier IQ was used to help the Feds spy, I doubt the Sprint privacy policy actually says that Sprint shares information with law inforcement.  I don’t know.  Maybe.  I’ll call and ask Jason at Sprint tomorrow.


_________
Want something on the XDA Portal? Send us a tip!

azrienoch

azrienoch is an editor on XDA-Developers, the largest community for Android users. View azrienoch's posts and articles here.
Mario Tomás Serrafero · Jul 29, 2015 at 12:10 pm · 1 comment

OnePlus 2 vs Moto X Style: Which is The Better Flagship?

Two big industry names have announced their newest flagship phones within the past few days. Both have also promised great performance for a cheap price, and now that we know the specifications and details about both the Moto X Style and the OnePlus 2, we can begin planning our next purchase and debating which one is better. So, judging from everything we know, which phone is more impressive?

DISCUSS
Mathew Brack · Jul 29, 2015 at 10:35 am · 2 comments

Making Your Own Xposed Modules Is Easier Than You Think

Close to the heart of XDA is the Xposed Framework by Rovo89. Most of us will have used it but you may feel that the module repository is missing something. We have the solution with several guides aimed at getting you started to build your own modules, something that may be daunting but can open an entire new field of development with a little time and effort.     Where better to start than at the beginning? Rovo89 has created a straight forward tutorial for getting started with development for Xposed....

XDA NEWS
Jimmy McGee · Jul 29, 2015 at 06:00 am · 2 comments

ZenFone 2 Lolliflash and ZenPower Giveaway!

We recently did an in-depth review of the Asus Zenfone 2 but one of the things people may not be aware of is that ASUS has actually created a line of accessories to compliment the ZenFone, or any other Android device. The Lolliflash is a Lollipop-shaped external flash and the ZenPower is a thin 10,000mAh external battery. In today's video, Jordan shows off the Lolliflash and the ZenPower Accessories. Additionally, ASUS and XDA have teamed up to give away 5...

XDA NEWS