Written by Nick Heer.

Archive for November 30th, 2011

Surprise — Carrier IQ is Carrier-Mandated

Nilay Patel:

[T]he Google Nexus One, Nexus S, Galaxy Nexus, and the original Xoom tablet do not contain Carrier IQ software. Each of those devices was launched in direct partnership with Google as the flagship for a new version of Android, so it seems that the addition of Carrier IQ comes from OEMs and carriers after Google open-sources Android’s code. Carriers requiring manufacturers to include Carrier IQ would also explain why references to the software have been found in iOS

Carrier IQ is on iOS, Kind Of

Turns out Carrier IQ is also on iOS devices as far back as iOS 3. However, it’s only running when you explicitly allow it. It’s what powers the Diagnostics & Usage setting, which is toggled during setup and can be turned off at any time. Furthermore, it only logs technical call information and location only if Location Services are enabled. It does not log key presses, URL history, SMS content or any of that other scary stuff happening on other devices.

Grant Paul also points out that it appears to be carrier-specific, with entries for AT&T, Verizon, Sprint and KDDI.

Carrier IQ Press Release (PDF)

It turns out that this stuff about Carrier IQ has been known for a couple of weeks now. This is their press release from November 16.

While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools.

It is worth noting that I cannot find any information on exactly what is being transmitted to Carrier IQ or to the device manufacturer. However, it is clear that this statement is simply wrong, based on the video released on Monday, which shows that keystrokes, button presses and location data are all being recorded.

We can, however, get an idea of what Carrier IQ receives based on this Hacker News post and the included screenshots. I’ve mirrored one example in case the company decides to remove it from their site. They’ve also published a document on some “features” of their software (PDF link). It is clear that what is being tracked and submitted is well beyond any reasonable user expectations.

By the way, Apple had a small scandal earlier this year over iOS’s tendency to store cell tower location information. The story broke on April 20, 2011, Apple issued a plain-language response a week later and an update to fix the bug one week after that. In two weeks, Apple admitted there was a problem and fixed it.

It’s been two weeks, and all Carrier IQ has to show for it is a sloppy press release that dodges questions instead of answering them.

Comments Off

Amongst many other reasons, this is the primary one as to why comments are typically terrible, as put by Matt Gemmell:

Comments encourage unconsidered responses. You’ve just read an article, you feel strongly about it, and you have a text field just waiting there. When disagreeing, people tend to be at their very worst when writing comments. They use language and tones which they’d never use in email, much less in person. If your blog allows comments, you’re inviting people into your house – but sadly, some of them don’t conduct themselves appropriately.

When I had comments, most were knee-jerk responses. Occasionally I received something of value, but there’s no reason that should be on my website. It isn’t my opinion, and I don’t necessarily support or agree with it. As Marco said, having your own blog is easy and can be free, with services like Tumblr. Short responses are best through Twitter. That way, it’s clear whose opinion it is.

Nest Teardown

Nest proves that something as mundane as a thermostat can be beautiful. If it’s a well-designed product, people are more likely to use it. Since it’s so simple and can be controlled remotely, owners are more likely to save energy.

Spyware Right Out of the Box

Dan Goodin writing for The Register (emphasis mine):

Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software.

“But Nick,” you begin, “isn’t it hypocritical for you to be pointing this out after being more passive about Apple’s location tracking issue earlier this year? Are you some sort of paid shill?”

I would counter by pointing out that Apple was tracking locations, but this software (installed on a number of stock Android, BlackBerry and Symbian devices) is tracking what you do and where you do it. Tracking locations is invasive of privacy, but what Carrier IQ does is outrageous.

Update

“runjake” at Hacker News has posted a great analysis of what is covered, but also what is not covered by the Register article.