Carrier IQ has released the most detailed assessment of what its controversial software can and can’t do on your mobile phone, weeks after it first entered the mobile consciousness when it appeared to be tracking individual keystrokes. The reality appears less sinister, but it’s still not clear how wireless carriers are storing, aggregating, and analyzing the data they capture from your phones through the software.
It’s probably fair to say these have been the most hectic two weeks in the short history of Carrier IQ, a company founded in 2005 with the goal of helping wireless carriers understand how to deliver better services to handsets. After Wired published a video from a security researcher that appeared to show Carrier IQ’s software recording all sorts of personal data–such as encrypted search terms–from Android phones running on Sprint (NYSE: S) and AT&T’s networks, a privacy furor arose that will see company executives meeting with members of Congress later this week to explain themselves, according to an interview published by AllThingsD with CEO Larry Lenhart and vice president of marketing Andrew Coward.
Carrier IQ’s document (embedded below) reveals that the company did find a problem with its software after a through re-examination: a bug in the software could allow text messages to be captured by the software if a message comes in while the user is on the phone. It said those messages would have been “encoded” and “not human readable,” but admitted that it shouldn’t be capturing that sort of data and pledged to fix the bug.
The company also claimed that the depiction of individual keystrokes and actions that appeared to be captured by the software are actually captured by the Android log files that a handset manufacturer configures, as opposed to Carrier IQ’s software. That data is not sent off the handset by Carrier IQ’s software to wireless carriers, and Carrier IQ said it was talking to handset manufacturers about ways to prevent that data from being recorded.
So what is being transmitted to wireless carriers? There’s the basic diagnostic information about dropped calls and handset performance that most people understand is collected by a wireless carrier, but the software also has the ability to capture the URLs (but not the content) of Web sites that you visit on your phone as well as information about how often you are using certain applications. It does not capture exactly what you do within those applications, such as which stories you’re reading on the New York Times (NYSE: NYT) app or your status updates on the Facebook app.
Each wireless carrier that is working with Carrier IQ defines that data-collection process a little differently, the company said. The carriers themselves have been quite happy to let Carrier IQ take the brunt of the questioning over the use of this software, and the release of the document is a clear attempt to turn the questioners back onto the carriers.
“Carrier IQ and our customers believe the analytics our software delivers has a direct impact on the operation, maintenance and reliability of networks and the ability of Network Operators to actually understand and solve consumer problems when they call for help,” the company said in wrapping up its report.
Perhaps now it’s time for Sprint and AT&T (NYSE: T) to produce a similar document.