Blog Post

Are carriers logging every action on your cell phone?

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

After you buy a smartphone and the required mobile broadband service, what you do with the device is your business, right? Maybe not. Earlier this month, the XDA-Developer site noticed that a preinstalled mobile app, named Carrier IQ, was logging all smartphone activities with no way to opt out. On Wednesday, a new video demonstration surfaced that demonstrates exactly what the Carrier IQ software does. And it’s disturbing, especially when you consider more than 141 million Android, BlackBerry, (s rimm) and Nokia (s nok) handsets have the software installed.

Here’s the entire 17 minute video; a bit long, yes, but if you have a smartphone, it’s well worth watching. If you want to skip the basic handset setup parts — showing that this is a freshly restored phone — hit the video around the 8 minute mark to see the logging aspects.

Trevor Eckhart created the video, which I found by way of Wired. Through using the Android (s goog) developer tools to monitor the phone’s usage, he shows several concerning activities that CarrierIQ captures:

  • Logging of keystrokes. Nearly every button — hardware or software — is noted when pressed. I noticed the keystrokes for input were based on ASCII standard codes, which are fairly universal. That means the keylogging feature can easily work across nearly all devices.
  • Text of incoming SMS messages. Don’t expect privacy of what you’re sending or receiving on a phone with CarrierIQ installed.
  • Web browsing information through what are supposed to be encrypted transactions. Eckhart did a simple Google search with the browser in a private mode using the secure HTTPS protocol. Yet, his exact search term in the browser was captured, even when using the phone on his home Wi-Fi network.

The Carrier IQ software can’t be disabled, either, making the situation even worse. Eckhart shows the service is set to run at all times and can’t be shut off through the standard “Force Close” option in Android. There’s no opt-out method; the service runs invisibly in the background; and there’s nothing a consumer can do to stop it. Why does CarrierIQ capture this data? According to the company’s website, the reason is to help both carriers and handset makers:

Recognizing the phone as an integral part of a mobile service delivery, and using the device to measure key parameters of service quality and usage, the Carrier IQ solution gives you the unique ability to analyze in detail usage scenarios and fault conditions by type, location, application and network performance while providing you with a detailed insight into the mobile experience as delivered at the handset rather than simply the state of the network components carrying it.

I understand the need to log data and share details — to a point. Let’s face it: Computers have logged such data for years; mainly to help troubleshoot problems. But those logs weren’t sent anywhere without the user’s knowledge, and that’s what makes this situation very different.

I’ll be looking into this a bit deeper, but while I do, there are some interesting questions raised by this video. Although consumers are buying smartphones — and assume they have ownership — are the handsets theirs to do with as they please, without the carriers or handset makers knowing what they’re doing? One could argue that the smartphone isn’t owned until it’s fully paid for, since carriers often subsidize the actual hardware costs, but I think the argument is lame, at best.

What about the network itself, which is generally required to gain the full benefit of having a connected device? Does the monthly fee to “rent” mobile broadband service mean consumers have no privacy rights while on the carrier network? From a consumer standpoint, I’d argue that yes, there should be some level of privacy. Then again, carriers spent billions of dollars on the infrastructure and want to protect their investment. Thoughts?

27 Responses to “Are carriers logging every action on your cell phone?”

  1. So I don’t see any indication that any information is being stored permanently or being transmitted to the wireless carrier or to CarrierIQ. The guy is looking at a debug log. I’m not an Android developer, but… isn’t debug logging turned on only when you’re actually debugging?

  2. what is not explicitly permitted must be denied. We pay for the phones and service. We should have full disclosure on what is installed and what it is doing and have the option to deny it – it is on a private device not on a public network. We understand our actions can be captured in a public area on a camera, but we don’t tolerate anyone installing monitoring devices in our private areas – that is an invasion of privacy!

  3. Welcome to cyber world, Oz is behind the curtain. A data map that parallels our physical world, bit by bit in an underworld. CarrierIQ is one pine needle on a pine tree, there is a forest of pine trees, Google’s existence is founded on the underworld. Take Android, the epitome of corporate influence, the OS is pushed by all major corporate players, OEM’s, Carriers, retail giants. Its not because its open source altruism, it is because of open source control. It is pushed because OEM’s, and Carriers can do what they want to the OS, while “free” means they get a higher profit margin. With this much corporate backing what choices of OS will consumers “choose“, they will “choose” Android. In theory the consumer has the choice, like in democracy voters have the “choice“. But actually the bulk of people make choices based on influencers in there environment, if advertising did not work then Google would not be a massively profitable company.
    We live in a pivotal time, we are living in the gap between the old ways of the industrial world and a new world that will be inside the walls of bits. We will have to learn as a society what is acceptable, and really, how to live in the new world. The new wild west, between the walls of bits. Only its global.