Ever since a researcher named Trevor Eckhart posted evidence that a program known as Carrier IQ is tracking mobile users’ keystrokes and activities, the Web has been abuzz trying to find out how much the program actually collects and how widespread it is.
Carrier IQ is an analytics program for mobile devices that advertises to carriers that it can “measure performance and user experience with no visible impact to your customers.” Eckhart, using his own HTC device, found that the program not only records information about app activity and battery life but also notes when users press any key on the phone and records text messages. He said the data is transmitted back to Carrier IQ’s servers.
That seems to contradict a statement from Carrier IQ, which clearly said that it doesn’t record keystrokes. The company also said it does not provide tracking tools, inspect or report the content of communications or provide real-time data reporting to its customers.
The company told Wired that the program is meant to gather information to improve users’ experience by collecting data on dropped calls, signal quality and other troubleshooting problems.
Eckhart has said there is evidence of the program in Android and BlackBerry devices; the program cannot be turned off without rooting the phone, he said.
Other researchers have found evidence of Carrier IQ in Apple devices.
“[Up] through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone,” wrote security researcher Grant Paul on his blog. He said that the program appears to be controlled by the “Diagnositcs and Usage” setting on Apple devices, meaning that it appears users can disable the program on those phones. He wrote that he’s “reasonably sure that it has no access” to text messages, browsing history or Web history.
In a statement, AT&T spokesman Mark Siegel confirmed that AT&T uses the software.
A law professor interviewed by Forbes raises the possibility that the software could violate federal wiretapping laws, which make it illegal to acquire the contents of communications without consent from users. Paul Ohm, a former Justice Department prosecutor and now a law professor at the University of Colorado Law School, told Forbes that he predicts there will be a class-action lawsuit over privacy issues very soon.