Since last week, Carrier IQ has been the subject of intense scrutiny by smartphone users, privacy advocates, and politicians who fear the company’s eponymous software has been secretly tracking user location data and keystrokes.
But an independent report by security consultant Dan Rosenberg has found that the Carrier IQ software, which is used by wireless carriers and handset manufacturers to monitor and improve service, may not be the boogeyman that it has been made out to be.
According to Rosenberg’s tests, which were conducted using a Sprint Samsung Epic 4G Touch, Carrier IQ is not capable of recording SMS text bodies or web page or email content. The software can record what URLs users have visited even if they are HTTPS sites, but not the pages’ content. Rosenberg also reports that the software is able to record what dialer buttons you press to determine where you are calling, but cannot record other keystrokes.
Rosenberg’s findings would seem to directly contradict the initial widespread speculation about Carrier IQ being able to seemingly spy on usage habits at will. Rosenberg does, however, concede that his findings are only valid on the particular phone he was using since handset manufacturers and wireless carriers can request that Carrier IQ tailor its software to their liking.
He also suggests that smartphone manufacturers provide users with the ability to opt out of having to use Carrier IQ, something that doesn’t exist on most phones at this point. Rosenberg further suggests that a third party be put in charge of overseeing the type of data Carrier IQ collects in order to prevent any potential future abuses. It is worth noting that any data that is collected by Carrier IQ is automatically anonymized before being sent out for review.
The Carrier IQ issue was first brought to light when security researcher Trevor Eckhart posted a two-part YouTube video showing Carrier IQ at work. In the video, the software appears to be logging Eckhart’s individual keystrokes. Since the initial postings, Carrier IQ has been heavily criticized for its lack of transparency. Senator Al Franken has formally requested that the company provide information on how its software functions and, according to PC World, regulators in Europe have begun launching their own investigations into the product.
Carrier IQ, for its part, has adamantly denied suggestions that it is trying to secretly track users or capture their keystrokes. Check back here for any updates about Carrier IQ and what the software means to you.