azrienoch · Dec 13, 2011 at 08:30 am

Carrier IQ Releases a Report, FBI is Silent

Carrier IQ released a 19-page document explaining their software, how it’s used, and how it protects the data it collects.  Much of it we already heard, but now with more thorough detail.  Click here to listen to this article.

After describing the basics of Carrier IQ and how it’s implemented–a section which points a finger squarely at the manufacturers and carriers–the document addresses specific questions people asked since the issue blew up in the media.  They begin by answering Trevor Eckhart’s (XDA Recognized Developer, TrevE) video that shows IQ Agent listening to keystrokes.

We cannot comment on all handset manufacturer implementations of Android. Our investigation of Trevor Eckhart’s video indicates that location, key presses, SMS and other information appears in log files as a result of debug messages from pre-production handset manufacturer software.  Specifically it appears that the handset manufacturer software’s debug capabilities remained “switched on” in devices sold to consumers… The IQ Agent does not use the Android log files to acquire or output metrics.

But they recognize the danger of that information sitting in Android logs, and recommend that manufacturers and carriers turn off debugging to keep those logs hidden.  Then, they claim to have found a bug during their investigation that actually sends encrypted SMS texts, but they promise that they don’t unencrypt those messages.

Carrier IQ has discovered that, due to this bug, in some unique circumstances, such as a when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the layer 3 signaling traffic that is collected by the IQ Agent.

They then explain that web URLs are collected at the behest of the carrier, as they say, to diagnose Internet browsing issues.  All of this information is stored on your device until it is uploaded, which “is typically [every] 24 hours.”  They do not provide the complete range of intervals their software is capable of setting in a profile.  However, the upload can be manually triggered, either by entering a keycode or by remote control, with commands sent in SMS texts.  According to TrevE, these texts are hidden from the user.

Lastly, the report addresses its collection of location data.  They explain the intended use of the information, but do not explain the criteria for location collection.  That is, we don’t know the intervals at which your GPS location is recorded, and if the software on the phone determines whether to send only some of those locations.  This is important because the FBI may have excessively pinged information collected by Carrier IQ’s software, without warrant, to track the locations of individuals.

In fact, MuckRock News, a website that helps people request information from the FBI,  reported that their FOIA request for reports on Carrier IQ was denied.  The reason given is that release of that information would compromise an ongoing investigation.  Either they are still using that information,  investigating Carrier IQ, or both.  The denial itself is confirmation that the FBI has such documents.

Personally, I wouldn’t be surprised if they launch an investigation of Carrier IQ in order to buy some time before admitting their use of the data.  As far as Carrier IQ is concerned, I appreciate the explanation of your software’s intended use, but what we want to know, all of our concerns, require the full disclosure its actual use.


_________
Want something on the XDA Portal? Send us a tip!
Mario Tomás Serrafero · Feb 27, 2015 at 03:52 pm · 1 comment

PhotoMath: A Math Beginner’s Dream App

To me, applications like this one are really important for school students. I bought my first significant Android the same year I began my Physics degree at my university, and immediately I realised how tremendously helpful it was. From accurate graphing applications to TI emulators (don't judge me, the real thing costs crazy amounts here!), passing through giants like Wolfram and MATLAB Mobile, there were a lot of tools for one to excel with. In fact, I'd say that without Android I wouldn't have chosen...

XDA NEWS
Mario Tomás Serrafero · Feb 27, 2015 at 12:47 pm · 2 comments

Leaked Galaxy S6 Apps Hit the Forums

XDA Recognized Contributor Albe95 has shared with us what looks to be Galaxy S6 applications. The ones he's provided are the GearManager, the Optical Reader, GeoNews and Kids Mode. The applications are available for download through the links in the opening post, but keep in mind it is likely that they might not be compatible with your device. There's also new information about more applications and system interface features revealed in the same thread:     The alleged S6 statusbar and panel are ported to the...

XDA NEWS
Emil Kako · Feb 27, 2015 at 12:31 pm · 1 comment

Which App for iPhone Do You Wish Was on Android?

Only a few years ago, it was normal for a major app release to be available for iOS but come months later to Android. That seems to no longer be the case, as Android has advanced tremendously with Google putting a huge effort into its Play Store and ecosystem. However, while the majority of major app releases are now made available for both platforms at the same time, there are a few iOS exclusives that some of us wish were on our favorite mobile OS (Hyperlapse comes to mind). Let us know which apps for the iPhone you wish were on Android.

DISCUSS
Share This