Updated: Though most U.S. operators use Carrier IQ’s handset monitoring software in some form, they’re not all using it to the same degree, according to the answers AT&T(s T), Sprint(s S), HTC and Samsung submitted to U.S. Senator Al Franken (D-Minn.) in response to his detailed questionnaire about their relationship to with the controversial company. Sprint, it turns out, is one of Carrier IQ’s biggest fans. It has embedded its IQ Agent into half the devices on its network, from smartphones to mobile data modems, and has been working with Carrier IQ since its inception in 2006, according to its responses released by Franken on Thursday (PDF).
Meanwhile, AT&T’s(s T) use of IQ Agent is far more limited. It resides in 900,000 of its devices and it only began ordering its handset vendors to embed the software handsets and modems in March. AT&T also confirmed that the software is in RIM’s(s RIMM) devices, despite that company’s denials of any involvement with Carrier IQ. But in the case of all BlackBerry and many Android phones, IQ agent is present because customers downloaded it as part of AT&T’s Mark The Spot application, a network health reporting tool all customers opt into.
In its letter to Franken (PDF), AT&T said it only collected anonymous generalized technical metrics on network, device and application performance and stability. Sprint, however, appears to delve a little deeper, tracking URLs visited and the location of specific devices in order to troubleshoot specific device problems. Sprint pointed out that this information is already ready available to Sprint through the network.
It also turns out we were right about the operators surreptitiously recruiting phones into virtual focus groups to analyze specific network or device problems. Both AT&T and Sprint admitted to using Carrier IQ’s analytics platform to set up different ‘profiles’ on different devices. Those profiles could be used, for instance, to order a certain batch of phones to track call-drop problems in a particular neighborhood, or commanding a particular class of smartphones to test signaling patterns on a particular application. Sprint said only 1.3 million of the 26 million IQ Agent-enabled devices are active at any given time, and within that pool, it has multiple profile subgroups, each testing a different problem. Both operators, however, said they used that data only for network diagnostic purposes, and not to do market research on their customers.
Update: Sprint has disabled IQ Agent in its phones, according to an email statement the operator gave to Mobile Burn. Only disabling the software, however, may still leave security holes. According to an analysis by the Electronic Frontier Foundation, Carrier IQ can still record actions in the device even if it doesn’t send that data to Carrier IQ’s servers or the operator. Since those actions are recorded in the system logs of smartphone platforms like Android(s goog), other applications may still have access to critical user information.
HTC and Samsungs’ answers were pretty much long streams of references to their operator customers. Samsung said it started embedding IQ Agent in 2007 at the behest of U.S. operators and has since shipped 25 million phones to those operators with the Carrier IQ software installed. In its letter (PDF), Samsung also outed customer Leap Wireless(s leap) in the process, saying the regional operator ordered it to install IQ Agent on four of its phones sold under the Cricket brand.
HTC’s letter (PDF) said it was investigating recent reports that the keystroke logging software Carrier IQ whistleblower Trevor Eckhart first exposed was actually a factory debug program, and not Carrier IQ’s application. Franken also sent questionnaires to T-Mobile and Motorola, (s mmi) which both have until Tuesday to respond.
In a statement, Franken said while he appreciated the detailed response,s he didn’t think they fully absolved the carriers, handset makers and Carrier IQ. Franken said he was particularly concerned about Carrier IQ’s recent revelation it had inadvertently captured SMS messages in its report data sending their contents back to its servers. An excerpt from Franken’s statement:
People have a fundamental right to control their private information. After reading the companies’ responses, I’m still concerned that this right is not being respected. The average user of any device equipped with Carrier IQ software has no way of knowing that this software is running, what information it is getting, and who it is giving it to—and that’s a problem. It appears that Carrier IQ has been receiving the contents of a number of text messages—even though they had told the public that they did not. I’m also bothered by the software’s ability to capture the contents of our online searches—even when users wish to encrypt them. So there are still many questions to be answered here and things that need to be fixed.
Sprint said the Carrier IQ software is installed on phones and modems made by Audition, Franklin, HTC, Huawei, Kyocera, LG, Motorola, Novatel, Palmone, Samsung, Sanyo and Sierra Wireless. AT&T said the embedded version of CIQ is installed in the Pantech Pursuit II, Breeze 3, P5000, and Pocket; the Sierra Wireless Shockwave; LG Thrill; ZTE Avail and Z331; the Sony Ericsson Experian Play; (s sne)(s eric) and Motorola Atrix and Bravo.