Stay on Top of Enterprise Technology Trends
Get updates impacting your industry from our GigaOm Research Community
As more and more information comes out about Carrier IQ’s phone monitoring software, it’s becoming more difficult to sort out exactly what data its IQ Agent collects, records and ultimately sends the its operator customers. The Electronic Frontier Foundation, however, has prepared a handy infographic to help the more coding-challenged of us grasp IQ Agent’s complexity.
On Monday, Carrier IQ released detailed information about what IQ Agent can and cannot do, (You can read the full document as a PDF here), revealing its software can track information ranging from URLs to the frequency of application and SMS use, depending on how far down Agent is implemented in the OS. In its most embedded form, IQ Agent can even monitor radio-signaling data. Carrier IQ, however, vehemently denies that IQ Agent tracks keystrokes, contrary to the original findings of whistleblower Trevor Eckhart. This infographic, designed by the EFF’s Parker Higgins, shows keystrokes actually being logged in some devices with IQ Agent installed. We explain why that is below the graphic.
In the EFF’s blog, Peter Eckersley explains that the in some Carrier IQ implementations, keystroke data is being recorded in the log file, but that data isn’t sent back to Carrier IQ and the operators’ database. However, since other applications have access to that log file, that keystroke data could be making its way to other companies. Here’s Eckersley’s detailed but rather technical explanation:
Unfortunately, our current belief is that the layer-4 logging that has been observed, which goes to Android system logs, is in fact being inadvertently transmitted to some third parties and otherwise made available to other applications on the device. This happens when crash reporting tools collect copies of the system logs for debugging purposes. The recipients of such transmissions are unlikely to have anticipated receiving keystrokes, text messages, URLs or location information through such channels, but that can in fact happen on some of the phones to which Carrier IQ has been ported.