Over 100 million smartphones are tracking their owners’ every step, Android developer Trevor Eckhart claims, thanks to software that comes preinstalled on phones from most major carriers.
During a security demonstration revealed on Monday, Eckhart showed how software developed by Carrier IQ tracks virtually everything a user does -- going as far as logging individual keystrokes and button presses. The company claims it helps its customers improve quality and performance “by counting and measuring operational information in mobile devices.” Security experts call it spyware.
Here's what YOU need to know:
What exactly is it watching?
Eckhart found evidence that Carrier IQ was doing much more than simply helping improve network quality; he said the company's software detects every button pressed, every text message sent, every website browsed to. His findings have not been confirmed, however, and at least one researcher suggested that, despite receiving such activity, there was no evidence that Carrier IQ was recording it.
What's a 'rootkit'?
Eckhardt described the Carrier IQ software a "rootkit," a word with negative connotations in the tech world. A rootkit is software buried deep within a computer (or smartphone) that has "root" or administrator-level access. While such software can be used for reasonable purposes -- total access to a device or computer would certainly be useful for quality assurance purposes -- it has gained notoriety through an associate with malware.
So isn't what Carrier IQ is doing illegal?
If the software is doing what the company claims, there shouldn't be any issue. If Eckhardt's findings are correct, however, and Carrier IQ is monitoring smartphones without informing their owners, that may be grounds for a class-action lawsuit based on a federal wiretapping law.
“If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very [like] a federal wiretap,” Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School, told Forbes.
So why is it there in the first place?
Carrier IQ claims its software is intended to help carriers monitor and evaluate network quality. It's a mobile analytics platform, used to improve the quality and the user experience, they claim, helping with issues such as dropped calls and battery drain.
Which carriers use the software?
Wireless carriers AT&T and Sprint have confirmed that their smartphones do come with the Carrier IQ software preinstalled on them. Verizon, on the other hand, has distanced itself from the software, insisting that its phones don’t carry Carrier IQ.
Which handset manufacturers have it?
Blackberry-maker RIM and Nokia announced Thursday that their smartphones don't come with Carrier IQ . But Eckhart said phones from many major manufacturers does include it, such as HTC and Samsung. Apple has not said whether its phones come with Carrier IQ, though some reports indicate they may as well.
What's going to happen?
On Thursday, Minnesota Senator Al Franken wrote a letter to Carrier IQ CEO Larry Lenhart, asking him to spell out exactly what sort of data his software is collecting. "Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information," Franken said in a statement. "The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling." Carrier IQ promises a complete investigation by independent security analysts -- but until then, the company won't comment further.