News

Explaining CarrierIQ in Relation To Android

by  •  • Comments Off `1,305` Total Views

Ok, so the latest fun is about something XDA-Developers discovered last month. My how time drags on until the mainstream Media catches on. Many articles out there explains the horror of this rootkit(rootkit=bad) software but no one explains it’s original use.

Quoting right from CarrierIQ‘s site:

Carrier IQ’s Mobile Service Intelligence solution eliminates guesswork by automatically providing accurate, real-time data direct from the source – your customers’ handsets. Our powerful platform aggregates, analyzes and delivers that data via easy-to-use web applications that help wireless carriers make smart business decisions.

According to this the embeded backdoor software was made to help Wireless Carriers monitor and fix any issues hardware or software wise. Is it installed on a couple of devices?

Carrier IQ is unique in the wireless industry because we are the only company embedding diagnostic software in millions of subscribers’ phones.

Oh, millions you say? Hmmm. Well we don’t know yet for how long this has been going on or the damaging effects but what we do know is that Android in it’s purest form does not have it embedded or installed. Here’s a quote from someone in the Android Code forum:

CarrierIQ is not a part of Android nor is it in any way in the AOSP code, it is a third-party monitoring framework added by device manufacturers at the request of carriers.

No official Google build nor AOSP source builds nor AOSP-derived ROMs (CyanogenMod, MIUI, etc.) contains it.

To my knowledge it’s found in its most invasive forms in HTC devices for Sprint and AT&T.  Verizon denies that any of their devices use it and I haven’t seen anyone show otherwise, no idea on T-Mobile or non-US carriers.  Apparently many or all Blackberries and iPhones have it as well, but in a less invasive form that we don’t have many details on.

Does this make you feel a little bit safer? Probably not. However most security experts know that it’s never a matter of  ”if” your info is logged somewhere somehow, It’s usually a matter of  ”when” your info will be taken and used maliciously. Try to stay smart with your personal information and MAYBE you can hold that time off a little bit…

Be a fan
Link to this post!