IPhones and Android devices may be secretly logging user locations, underscoring the growing list of smartphone privacy concerns.
Security researcher Trevor Eckhart published a video on his website showing how Carrier IQ software installed on many Android phones tracks searches, text messages, and other user activities, reporting them to wireless carriers.
Carrier IQ has been found on the iPhone as well, although iOS experts note it appears to serve a more limited function on Apple’s devices.
The software is diagnostic software hidden on smartphones that sends information and statistics back to carriers, helping them understand how customers use their phones.
Carrier IQ said its product helps wireless carriers identify quality-control issues such as dropped calls and battery drain, and that it does not record keystrokes or track user location, but Eckhart’s video calls this into question.
He shows the software recording key strokes, encrypted search data and SMS message content, leading to speculation about whether the company is unwittingly collecting more user data than necessary or is being purposely deceptive.
Use of sophisticated connected devices is growing, along with attendant privacy concerns, and device makers, wireless carriers, social media sites and other mobile industry players are being called upon to be more transparent about the information they collect and how it can be used.
Social media giant Facebook recently settled with the FTC regarding privacy violations and agreed to two decades of independent monitoring of its practices, and Microsoft, Apple and Google have come under fire this year regarding the tracking and storage of user location data.
However, the rights and responsibilities of the parties involved in privacy protection are not always clearly defined.
Mobile technology develops at lightning speed, and regulation both within the mobile communications industry and from outside agencies struggle to balance users’ needs for constant, seamless connectivity with privacy rights.
Wireless carriers using Carrier IQ are aware of the breadth and depth of information the software collects, but as users and regulators become more aware of the issue, their practices may be subject to closer scrutiny.
Some carriers and phone makers responded quickly as controversy mounted over the software, with many wondering to what extend the software is used on mobile phones overall.
RIM said it “does not pre-install the Carrier IQ app on BlackBerry smartphones or authorize its carrier partners to install the Carrier IQ app before sales or distribution.”
“Any report that Verizon Wireless uses Carrier IQ is patently false,” said Jeffrey Nelson, a Verizon spokesperson, in an e-mail.
“Nokia is aware of inaccurate reports which state that software from CarrierIQ has been found on Nokia devices,” the Espoo, Finland-based handset maker said in an e-mail. “Carrier IQ does not ship products for any Nokia devices, so these reports are wrong.”
Eckhart performs his security tests on HTC phones, but estimates Carrier IQ is installed on more than 140 million handsets from many different makers. The software is impossible to remove by anyone but advanced users who know how to tinker with a device’s root system.
Eckhart called the software a “rootkit,” meaning it is capable of gaining access to a phone’s operating system without user permission. Carrier IQ threatened legal action regarding Eckhart’s claim, but later withdrew its cease and desist order and issued an apology.
Mobile industry players can be sure this probably isn’t the last word from either Carrier IQ or its critics as the battle for greater transparency with personal information in the mobile industry continues.