Blog

Infographic: Inside Carrier IQ’s smartphone agent

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

As more and more information comes out about Carrier IQ’s phone monitoring software, it’s becoming more difficult to sort out exactly what data its IQ Agent collects, records and ultimately sends the its operator customers. The Electronic Frontier Foundation, however, has prepared a handy infographic to help the more coding-challenged of us grasp IQ Agent’s complexity.

On Monday, Carrier IQ released detailed information about what IQ Agent can and cannot do, (You can read the full document as a PDF here), revealing its software can track information ranging from URLs to the frequency of application and SMS use, depending on how far down Agent is implemented in the OS. In its most embedded form, IQ Agent can even monitor radio-signaling data. Carrier IQ, however, vehemently denies that IQ Agent tracks keystrokes, contrary to the original findings of whistleblower Trevor Eckhart. This infographic, designed by the EFF’s Parker Higgins, shows keystrokes actually being logged in some devices with IQ Agent installed. We explain why that is below the graphic.

In the EFF’s blog, Peter Eckersley explains that the in some Carrier IQ implementations, keystroke data is being recorded in the log file, but that data isn’t sent back to Carrier IQ and the operators’ database. However, since other applications have access to that log file, that keystroke data could be making its way to other companies. Here’s Eckersley’s detailed but rather technical explanation:

Unfortunately, our current belief is that the layer-4 logging that has been observed, which goes to Android system logs, is in fact being inadvertently transmitted to some third parties and otherwise made available to other applications on the device. This happens when crash reporting tools collect copies of the system logs for debugging purposes. The recipients of such transmissions are unlikely to have anticipated receiving keystrokes, text messages, URLs or location information through such channels, but that can in fact happen on some of the phones to which Carrier IQ has been ported.

9 Responses to “Infographic: Inside Carrier IQ’s smartphone agent”

  1. And this is why I’m suing the shit out of these bastards. I don’t know what your privacy is worth to you… they think its worth nothing, I think its worth millions, guaranteed we will meet somewhere in the middle.

    • What sort of resourses can I aquire and utilize to gain the knowledge I need to completely destroy (legally)people that do this. I am dealing with this on a much smaller level but it is equally dangerous and frustrating to put it lightly.

  2. So basically random companies could be getting our bank passwords, PayPal passwords, email passwords etc.? All they have to do is grab a crash report? Seriously? This is criminal and nothing short of it.

  3. Caged Ideas

    Sadly, there really is no clean phone; the core problem is the way the networks themselves function. If every tower on the networked looked for every phone getting a call, there wouldn’t be enough bandwidth available. To deal with this problem, they track every phone real-time to see which towers have the best signal quality, this is what your carrier refers to when they guarantee “quality of service”. Worse yet your phone is nothing more than an open book to someone with a laptop and an antenna.

    Please take a moment to visit our blog and watch the news reports we’ve compiled for educational purposes at thecaseforprivacy.com/blogs/news to learn just how bad the problem really is.