In a 19-page report from Carrier IQ, the company explains what information it does and does not collect and finally offers an explanation of why research posted by security expert Trevor Eckhart showed the software reacting to keypresses and revealing location data. In short, they said it wasn’t their fault.
“Our investigation of Trevor Eckhart’s video indicates that location, key presses, SMS and other information appears in log files as a result of debug messages from pre-production handset manufacturer software,” the company said in a statement. “Specifically, it appears that the handset manufacturer software’s debug capabilities remained ‘switched on’ in devices sold to customers.”
The company also acknowledged that, due to a bug in its software, some text messages may have been included in some of its data if, for example, calls and text messages were made at the same time. “SMS messages may have unintentionally been included in the layer 3 signaling traffic and are not human readable,” the company said in its report.
Carrier IQ asserted that “no multimedia messages, e-mail, web, application, photo, voice or video” has been captured because of the bug and that its software cannot read or copy the content of Web sites. It also denied that the program, as designed, captures keystrokes or the content of SMS messages. Data is held for an average of 24 hours, the company said, and can’t be read without Carrier IQ’s own tools.
The report, released Tuesday morning, does not make any mention of ongoing investigations into the company by any branch of the U.S. government. Also on Tuesday, the company made it clear that it had never provided its data to the FBI, in reference to reports that the agency had denied a request for information on the company because of possible or pending investigations.
The company has been asked by several lawmakers for more information, and some have called for the Federal Trade Commission to investigate possible privacy violations.