Carrier IQ Explains Itself: 5 Highlights - higginshavem1951

Flying device and network symptomatic firm Toter IQ early Tuesday issued a detailed report roughly what it is up to with your smartphone data. The company has been under fire of all time since Trevor Eckhart discovered CIQ software working arse the scenes happening a assortment of smartphones. Johannes Eckhart originally accused CIQ of installment malware connected people's phones and monitoring users' key presses, SMS messages, location data and web browsing history.

Even Google's Executive Chairman Eric Helmut Schmidt recently referred to CIQ software as a keylogger. A keylogger is a typecast of malware that records your key presses in an attempt to discover sensitive information so much as passwords.

Patc CIQ admits that it does collect some of the information detailed by Eckhart, the company says its computer software is not used for malicious purposes and is not a keylogger. Rather, any data collected by CIQ software is accustomed better user experience and cellular meshing performance. Nonetheless, CIQ said it recently worked with Eckhart to identify some areas of bear on with the company's software.

What Is Carrier IQ?

Carrier IQ is a mobile diagnostic company that uses software package installed happening more than 150 million unsettled devices worldwide. CIQ package installed on mobile devices is titled the IQ Factor and collects diagnostic information about your device such as battery performance, device stability, meshwork coverage, interpreter call performance, and connectivity issues. CIQ says that while its software stern collect a wide variety of information, it is up to the carriers to determine what kind of data is collected on any given device.

Here's a look at some of the highlights from CIQ's report (PDF).

SMS Bug

It turns out the IQ Federal agent has been logging some users' SMS messages in limited circumstances such as when you encounter an SMS during a call or information session. The company blames this problem on a bug since CIQ software isn't supposed to capture content from individual communications. Captured SMS messages were never in a human readable format, according to the company. CIQ also aforesaid the SMS bug did not induce the company's software to platte network or app content, MMS, email, photos, articulation calls, or video.

Collects Phone Numbers, URLs

CIQ's software can record phone numbers both dialed and received if a carrier asks the CIQ agent to do so. Phone numbers are recorded so that network operators can diagnose and maintain their networks to help forbid dropped calls and other problems, according to CIQ. The company also points out that carriers already throw this information so CIQ isn't collecting anything a carrier doesn't already run into.

Web addresses can also be filmed if a carrier wants to diagnose performance issues. Say, for representative, Sprint smartphones were having problems connecting to Facebook.com from lower Manhattan. CIQ's software program could facilitate Sprint name this supply and improve the service, according to CIQ.

CIQ as wel emphasized that its software can only entrance URLs and not webpage content. This way selective information so much as usernames and passwords would not be captured.

About that keylogging…

Based on Eckhart's video, the CIQ agent on an HTC phone was logging key presses, SMS messages, location data, and web browsing history. But information technology turns out that, equally one security researcher had said, Eckhart was merely seeing output from debugging software package. CIQ says this was pre-eject debugging software that should never deliver been activated along a consumer device in the first place.

Debugging software is designed to display output based happening the actions a device or platform is taking at any given time. In the case of Eckhart's video this debugging output appeared in unmixed text log files built into the Android operating scheme. The problem is, reported to CIQ, is that its software does non use these lumber files to record or prevail system information. CIQ says its software was not accessing the Android log register selective information and perfunctory it on to the company or to carriers.

Nevertheless, having such elaborated information in a plain text file is a security risk, the accompany admits. CIQ says it is working with handset manufacturers and carriers to prevent this type of breach from happening again.

Not Removable By Default

There are three ways Carrier IQ computer software hind end cotton on your phone. These include two situations where the software is pre-installed on your phone and one where you can choose to install the Intelligence quotient agent even as you would whatever other app. Non surprisingly, the user download pick is the least best-selling option–probably because it gives you the power to delete the IQ agent.

The most popular right smart for carriers to pre-install the CIQ software is to use what the company calls the embedded IQ agent. When the IQ Agent is installed this way, the company claims users cannot erase IT "direct some method provided by Carrier IQ." In other speech, the embedded version of CIQ software is not designed to glucinium dismissible by you.

Where Does Your Data Go?

CIQ says its data is stored on your handset in a "secure temporary location" in a format that cannot be read without "specifically planned tools." This most verisimilar means the information is stored in an encrypted file in, although CIQ did non specify that.

Diagnostic information captured by the IQ factor is typically stored for busy 24 hours before being uploaded over an encrypted connection. The average out upload for this data is 200 Kilobytes; this data transfer does non appear to bet against your data programme usage and does not come out in whatever usance summaries for your account.

Once the data leaves your phone it ends up in one of 2 places: CIQ's data center or your carrier's data center. Some carriers choose not to host the diagnostic information on their own servers and alternatively pay CIQ to host the data for them.

Was This All For Zip?

CIQ's software doesn't appear to be the malicious software program Eckhart originally believed it to be. Nonetheless, if IT wasn't for Johannes Eckhart's testing of CIQ software the SMS hemipteron and the exposure related to debugging software may not have been discovered. It's too valuable just from a privacy standpoint to know that CIQ computer software exists on some phones and what it does. And so at to the lowest degree you can make an numerate choice about whether operating theatre not you want to use a device that has CIQ software installed connected it.

Connect with Ian Paul (@ianpaul ) and Today@PCWorld connected Twitter for the latest tech news and analysis.