Blog Post

HTC, Sprint Acknowledge Using Carrier IQ Software But Deny Snooping

Sprint (NYSE: S), HTC, and Carrier IQ–the companies at the heart of a growing tempest over privacy rights on smartphones–have broken their silence about Carrier IQ’s software, which is billed as a diagnostic tool for wireless carriers but has been shown to record keystrokes and even encrypted search terms on some smartphones.

With the rest of the mobile industry scrambling to distance themselves from Carrier IQ, the companies behind the products demonstrated by security researcher Trevor Eckhart earlier this week acknowledged the controversy in separate statements to The Verge, saying that the software is used for ordinary diagnostic reports needed to help improve the performance of mobile devices and mobile networks. But no one appears to have a very good answer for why Carrier IQ’s software appears to record much more than dropped-call error messages, let alone what is being done with that data.

HTC, which made the Android phone used in Eckhart’s demonstration, claimed that the use of the software was a requirement by some U.S. carriers.

Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier.

It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application.

Sprint, the carrier for the HTC phone demonstrated in the video, had this to say:

Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service. We also use the data to understand device performance so we can figure out when issues are occurring. We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.

As for Carrier IQ itself, it only responded to probably the greatest crisis of its short life when a reporter for the Verge went to its offices in Mountain View and started asking questions. Andrew Coward (such an unfortunate name) told the Verge that Carrier IQ is going to have external security companies attempt to validate Eckhart’s research before commenting further.

So to recap: HTC says it’s Sprint’s problem. Sprint implies that it knows that Carrier IQ is recording sensitive information but that it totally doesn’t ever look at that information, we swear. And Carrier IQ wants to pay for its own report, which will do exactly nothing to clear up these issues.

This is not over by a long shot. Senator Al Franken of Minnesota called for an investigation into Carrier IQ Thursday, saying “it appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics-including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.”

Meanwhile, here are some tips via Extremetech on how to detect if Carrier IQ is running on your phone and how to remove it.