back to article BUSTED! Secret app on millions of phones logs key taps

An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users. In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ …


This topic is closed for new posts.
  1. Spud2go

    Oh well,

    back to carrier pigeon for me then.

    Seriously though, WTF!? Has anyone had a play with the iPhone to see if St. Jobs has snuck something similar on his gadget? Wouldn't be surprised (sadly) after the 'consolidated.db' fuss.

    1. Oliver Mayes

      This article has nothing to do with iPhones. While all phones have their flaws I don't understand why you feel the need to try and hijack this comment thread to attack apple.

      1. Anonymous Coward
        Anonymous Coward


        The article says that while it was demonstrated on an Android handset software from the same company with similar functionality is present on Blackberry and Nokia handsets too. Parent asks, not unreasonably, whether anyone has checked whether it is also on another rather popular phone model.

      2. dave 93

        It isn't the phones

        This is software that the phone companies add to phones on their network. Probably in the phone software, but it might even live in the SIM card?

        The only customer testimonial on their website is from a 'Tier 1 Carrier' saying how much money they save with this monitoring software that 'can drill down to individual users' and provide detailed network traffic data. They use it to decide where and how to provide more capacity and quality of service where it is needed, apparently.

        1. Jaybus

          Re: It isn't the phones

          The issue is that, effectively, each carrier has a monopoly on phones that work on their network. I'm sure this would have come up before had we been forced to purchase laptops / PCs from our ISP. Since phones these days use software defined radios, my guess is that the difference between a iPhone 4 for one carrier and an iPhone 4 for another carrier is a simple reprogramming of an FPGA chip so that it speaks a particular carrier's transmission protocol. Really quite ridiculous that the carriers are allowed to control the cell phone market as they do.

      3. hubtree

        not so fast...

        bummer for you...

        1. Anonymous Coward
          Anonymous Coward

          Not so fast 2

          Not really a bummer, on iOS it works as it should: you can disable it via Diagnostics and Usage and it logs minimal information, not every keystroke you make...

    2. eldakka
      Thumb Up

      Ahh yes, the redoubtable IP over Avian Carrier (IPoAC, rfc1149). Although I'd probably opt for IP over Avian Carriers with Quality of Service (RFC2549).

      It's bandwidth is pretty impressive (how many 32GB micro-sd cards can you tape to the leg of a pigeon?) but it's latency is a bit high for a MMORPG let alone a FPS,

    3. PC1512

      Pretty typical fandroid response there - millions of Android phones potentially compromised and the first thing you can say is "ah, but the evil iPhone must be MUCH worse.."

      Of course it must. Google is your best pal after all, I'm sure this is all just some misunderstanding... Just thank god you don't have one of those AWFUL iPhones eh..

      1. Craigness

        Grow up, itards!

        I'd expect this to have been found a long time ago it if were present on iphones, but it's taken a while to come to the fore on android. However, since the article doesn't say this doesn't exist in iphones, it's legitimate to wonder if it's been found not to exist or if it's not been tested. The commenter even gives a reason that we should wonder about it - it's not out of hatred, envy or anything! Asking that question is not an attack on apple, and it's not a claim that apple is better or worse than anyone else. Just grow up!

      2. Anonymous Coward
        Anonymous Coward

        Not Google??

        I was under the impression this is not Google's software, rather a 3rd party package..

        I would think its more mobile carrier integration rather than HTC, Samsungs, etc but I could be wrong. Its not on my sim free Desire Z with stock firmware..

      3. Wombling_Free

        wasn't there an RFC for...

        Main Battle Tanks with big '0's and '1's painted on them?

        1. Anonymous Coward
          Anonymous Coward

          The proof there's not such thing like this installed on iPhones

          No one as yet called this RootkitGate.

          1. Anonymous Coward
            Anonymous Coward

            There's a good reason it's not called RootkitGate. Because suffixing anything with 'Gate' in the press is idiotic, and however brought it back should be taken outside and thoroughly shoed.

        2. Danny 14


          seems reasonable to ask if the iphone has similar software. I read from the article that it is the carrier not the core OS that has installed/configured this.

          1. Anonymous Coward
            Anonymous Coward

            a very quick google search returns a lot of results of "iphone packet sniffer" so i'd suggest that if it was possible for some developer or carrier to get some malicious software like this installed onto an iPhone, someone would have already found it and there would have been a lot more shouting and accusing going on by the Androiders.

            As I understand it, the only way to get this level of reporting on an iPhone is to either be Apple, or to have jailbroken your phone and then installed some dodgy piece of homebrew.

          2. ThomH

            @Danny 14, etc

            The poster appeared antagonistic because of his statement that he "wouldn't be surprised (sadly) after the 'consolidated.db' fuss."

            The consolidated.db was a file on iPhones that cached information for location services. It was synchronised to your computer via iTunes. Due to a bug in the first few iterations of iOS 4 it accumulated data indefinitely rather than merely caching recent data. As a result, if a malicious user had access to your computer then he could extract a history of your movements going back to whenever you started using iOS 4.

            That information wasn't collected for any purpose and it wasn't forwarded to anyone. In other words, it's completely unlike the application in this story, the offensive part of which is that it's deliberately collecting data and forwarding it.

            So to say "I wouldn't be surprised if Apple have taken a deliberate conscious decision to monitor how its customers use their phones because, you know, they made a coding error once" is so nonsensical that it could be construed as deliberate flame bait.

            Probably it's just that if you don't use an iPhone then you wouldn't pay that much attention to the specifics of any particular bug — the original author was correctly aware that the iPhone had previously made it possible for third parties to monitor users in some way and had incorrectly assumed malice.

        3. Chris 15

          ip over Main Battle Tank?

          >wasn't there an RFC for...

          >Main Battle Tanks with big '0's and '1's painted on them?

          Sod that, terrible bandwidth, awful latency, and a QOS rating of terrible (MBTs are easily immobilised if you know how. With not hard to obtain materials

        4. KjetilS
          Thumb Up

          Re: wasn't there an RFC for...

          That would probably be RFC 1217

      4. Anonymous Coward
        Anonymous Coward

        Actually, he said I'm going back to carrier pigeons so quite clearly he finds it pretty abhorrent, and merely wondered what Apple had snuck in. To be honest, I don't blame him for wondering.

        Either way, the referring to anyone as a Fandroid really doesn't come across as a very neutral ... if you were attempting to go for the moral high ground of course.

        Of course though, who fsking cares. It's a phone. I got bored of iPhone jabber from friends years ago, and now Android is growing quickly, now I have to endure endless shlong waggling about what is best. I tend to buy Android phones, though not exclusively... I buy what I like and fits my needs. I really don't care about anyone else.

        1. Anonymous Coward
          Anonymous Coward

          Fandroid is so passé, their new title should be Hemorrdroid by the discomfort they cause to everyone around them.

          1. MrT


            ...surely Haemorrdroids would have been soothed by Preparation H(oneycomb)??

            1. Anonymous Coward
              Anonymous Coward

              Preparation H(oneycomb)

              didn't seem to work well enough, probably it was already too irritated from all the Ginger(bread)

              If only manufacturers came out with Ice (Cream Sandwich) quickly enough.

          2. Ted Treen

            That's right...

            ...pile on the agony...

            Coat & taxi, please

          3. This post has been deleted by its author

      5. majcm

        project much, fanboy?

      6. Anonymous Coward


        Some serious egg on face from the Apple crowd here today.

        Their holier than thou approach has turned sour as it transpires every single iPhone ever made (with the possible exception of the original iPhone) has Carrier IQ build right in as standard regardless of which network you bought your phone from, or which country you live in:

        iOS 3: /usr/bin/IQAgent

        iOS 4 and 5: /usr/bin/awd_ice2 or /usr/bin/awd_ice3

        This is clearly much worse that the situation where SOME Android/Blackberry/Nokia/WebOS phones had it....

        That said however, the whole thing is yet another storm in a teacup... But it makes me laugh when iPhone "protectors" are made to look like total retards yet again.

        1. Shakje

          @Barry Shitpeas

          Good thing you waited for the story to play out before getting on your shiny bandwagon. Egg on face? From that article:

          "Update: chpwn notes that initial research indicated that Carrier IQ's software may only be active when the iPhone is in diagnostic mode. In a blog post, chpwn confirms that, based on his initial testing, Apple has added some form of Carrier IQ software to all versions of iOS, including iOS 5. However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default. Finally, the local logs on iOS seem to store much less information than what has been seen on Android, limited to some call activity and location (if enabled), but not any text from the web browser, SMS, or anywhere else. We'll let you know when more details arise."

          Which do you think is worse now?

    4. Anonymous Coward
      Anonymous Coward

      oh dear

      How can you trust anything running android, it's broken by design. Woulnd't touch it with a barge! And runs like a slag too unless you have a 4 core.

      1. Anonymous Coward
        Anonymous Coward

        @AC 12:40

        Oh come on you can't blame Android for it's phones needing a four core processor to work properly.

        Obviously the problem is they have all this spyware working in the background, that's why people find they work a lot faster after being flashed with a custom ROM.

        Sucks if you don't custom ROM it though, but that's the users' own fault for being dumb.

        1. Anonymous Coward
          Anonymous Coward

          "Sucks if you don't custom ROM it though, but that's the users' own fault for being dumb."

          What a petty, arrogant little tech-snob you are? People want a phone, they would like it to work properly and they do not have time to take a 6 month course in Unix just to be able make a few phone calls, send a few SMS and sling a few birdies around the screen when killing time.

          Perhaps we should get some people in to laugh at you as you most likely cannot crochet an intricate lace doily, plan and cook a 6 course meal for 30 people or play Chopin to concert standard, 'because "it's your fault for being so dumb"!

          1. Anonymous Coward
            Anonymous Coward

            @AC 14:27

            But's thats what expected with Android isn't it? I don't really know, just read the comments around here.

            Reminds me a bit of that old joke:

            Linux Air

            Disgruntled employees of all the other OS airlines decide to start their own airline. They build the planes, ticket counters, and pave the runways themselves. They charge a small fee to cover the cost of printing the ticket, but you can also download and print the ticket yourself.

            When you board the plane, you are given a seat, four bolts, a wrench and a copy of the seat-HOWTO.html. Once settled, the fully adjustable seat is very comfortable, the plane leaves and arrives on time without a single problem, the in-flight meal is wonderful. You try to tell customers of the other airlines about the great trip, but all they can say is, “You had to do what with the seat?”

            Full list here:

            1. Anonymous Coward


              Nobody's buys into astroturfing posts by MS "technical evangelists" any more, since James Plamondon, your first boss, did his mea culpa.

              Your data joke about an open-source airline merely means that you haven't seen, run or used a Linux distro since 2000. I find it interesting that the KDE4 desktop is so powerful, beautiful and easy to use that Win7 copied it from installation screen to desktop design. Imitation, the sincerest form of flattery.

          2. Volker Hett

            Sorry to rain in your parade

            but he is right. Best thing what happened to my HTC Desire was the Oxygen V2 Custom ROM and it's pretty easy to install. Ok, I've got some 20 years experience in Unix and some 30 with computers, but I used a prepackaged kit on Windows to install it with a few mouse clicks. I use computers because I'm lazy :)

            Mines the one with the key to the room with the big shelf with system 7 manuals.

            1. pan2008

              @Volker Hett

              So how do you know that your custom ROM hasn't been "touched" to run some other nasty sniffer stuff in the background, and send 100 SMS to Angola while you are asleep? In fact there is no limit what it can do! I am sure most of the stuff is OK but there is a big IF.

              1. vincent himpe


                really paranoid people delve their own ore, smelt it , make resistors, capacitors and ic's out of it solder all of that together and then write the phone's firmware using two buttons that allow them to type 1's and 0's.

                then, and only then can you be sure...

              2. Volker Hett

                This is a problem!

                With Oxygen V2 I trust peer review and AdamG himself, but with apps and third party markets I'm paranoid.

        2. Wile E. Veteran

          It's not the user's stupidity

          If a custom ROM is not available for their particular phone model. I would love to add Cyanogen to my LG Optimus S but it is not available. There is a community-developed version but it appears to still be in Alpha and I am not willing to brick my phone because it is ALLEGED there is spyware installed by the carrier on it.

    5. Spud2go

      Sensitive bunch, aren't we?

      I am neither an iPhone or an Android fan - I have a cheap mobile phone for calling & texting clients and friends, & thats all I give a shit about for a phone. I was merely musing on the general culture of Data-harvesting these days, that it seems to be endemic & increasingly invasive and surreptitious, regardless of platform. Jeez, what a jumpy bunch! (I'm sure this post will invite a few shots as well, so for those who feel the urge rising, may I suggest counting to 10?)

    6. Euchrid


      "Has anyone had a play with the iPhone to see if St. Jobs has snuck something similar on his gadget? Wouldn't be surprised (sadly) after the fuss."

      Firstly, just to get it out the way, as others have mentioned this is to do with carriers. Secondly, this is a very different kettle of fish to 'consolidated.db' - not saying that incident was brilliant but I think most would realistically say that this one is a heck of a lot more serious.

      Anyhoo, in answer to your question, yes they have - see however, various people online have written up this research in a quite readable way. At the moment, it likes like very little information is being gathered on iOS - e.g. tower strength - and it looks look it ties in with Carrier IQ's statement. I know some will say, and it's a good point, that any information is an issue, but there's nothing like keylogging going on.

      Also, with iOS, it appears that you can make sure *nothing* is sent to Carrier IQ - users need to go to Settings → General → About → Diagnostics & Usage and make sure "Send Automatically” is switched to off (if switched on, the device will send diagnostics & usage to Apple).

      Incidentally, it's reported that the Google Nexus One, Nexus S, Galaxy Nexus, and the original Xoom don't have Carrier IQ installed -

      1. Spud2go

        @ Euchrid

        Thanks, already read up on the current discoveries - hard to avoid really! Interesting whats coming out after my first comment - also intrigued by the range of reactions to it!! If you read my second comment (about 4 above yours) I think you'll see that I don't care about device platform - a phone is a phone is a phone for me, a utilitarian thing that affords me a certain amount of convenience. That I thought out loud about the iPhone harbouring similar "features" was, in hindsight, always going to be bait to the faithful - nonetheless, it was a relevant musing that could relate to any communication device. The iconic iPhone was simply the first alternative that came to mind. Thanks for your efforts & the info - nice to see an enquiring, level-headed approach to the subject.

  2. Ian Michael Gumby


    It was a rogue programmer who done it!

    Shame on that bad programmer who accidently did this slightly illegal act...

    Oh did I say it was slightly illegal?

    That was sarcasm...

  3. Anonymous Coward
    Anonymous Coward


    Is this even legal in the UK (or EU)? Surely this qualifies as interception under RIPA for starters, and it is clearly not with informed consent of the user. Maybe about time the rules made quite clear what exactly you can and can't bury 622 paragraphs down in T+Cs and still take a punt at claiming you have consent. Being spied on for gain should never, ever be a permissible condition of taking a service.

    Perhaps the carriers would like to explain explicitly what uses they put the data to?

    1. MacroRodent

      Is it used in EU?

      This would be very clearly illegal in my country (Finland), and I am pretty sure in most other EU countries as well. This is after all a place where even web tracking cookies are illegal in principle. But I wonder if the software even appears in Europe? I got the impression from some articles that this is something some carriers put on phones they supply in contracts, and would not be in handsets not from carriers. If so, it is the carriers that would take the heat.

      1. Anonymous Coward
        Anonymous Coward


        so far I haven't found it on my phone: HTC Desire originally from O2 UK.

      2. n4blue

        Yes it's used in the EU

        Press release on the CarrierIQ website says that Vodafone Portugal is a customer, so there's at least one EU country where you'll find the software.

        1. Anonymous Coward
          Anonymous Coward

          Knowing people at Vodafone Portugal, that doesn't surprise me one bit.

          It's probably used in Vofone Germsny too then.

      3. big_D Silver badge

        Just checked...

        it isn't on my htc Sensation... But that is an unbranded version, so it could be either down to the carriers or it is a USA only thing.

        Also, the idiot in the video doesn't seem to understand the difference between a packet sniffer (pulling data packets out of the network (wi-fi or ethernet)) and a USB-Debugging tool! If the phone was in Airplane Mode, there IS NO WAY that he could have sniffed the data, because the phone couldn't have sent any data!

        Likewise the bozo complains about it giving the https address information from the browser, again, this is by design, it was in debug mode and gave out the URL to the debug stream, nothing sinister here... Now, if he had ACTUALLY sniffed the data packets and the data WAS being sent to Carrier IQ, that would be another matter entirely.

        He just proved, that it was running and that it output gathered information over the USB port, when in Debug mode, which is what you would expect, but alas doesn't prove anything.

        1. Vic

          > it was in debug mode and gave out the URL to the debug stream, nothing sinister here.

          It gave the URL - which should be protected in HTTPS - to the CarrierIQ app.

          That is *very* sinister.


    2. Anonymous Coward
      Anonymous Coward


      They will be the next ones after Intel contributing to the Euro salvation benevolent fund.

      Pity it will not be a similar amount of money.

    3. Graham Dawson Silver badge

      A quick google leads me to believe it's only installed on handsets (not just android handsets either) sold in the US. Lucky them...

    4. Stuart Castle Silver badge

      EU says yes, UK Gov says no..

      If this is anything like the Phorm case, you'll find that the EU says yes, this kind of interception is banned by the EU Directive on communication, but our government says that RIPA (which is partially based on the EU Directive on communication) doesn't apply, as it only applies to government organisations.

      Personally, I agree with the EU (my understanding is that where our law conflicts with EU law, EU law is the more powerful), but our government appears happy to side with anyone who bungs it a couple of billion for a comms licence.

      I also don't see why any software that is designed to monitor network quality needs to send anything back other than signal strength numbers, the time and duration of any significant spikes and drops in signal strength, number of calls dropped and the cell ID (not as a crafty way of tracking your location, more that if a Cell goes tit's up, they need to know about it).

    5. Dave 120

      RIPA protects you from 'the state' not private companies.

      1. Ted Treen
        Big Brother


        IMHO we have far more to fear from the state than from private companies.

        Private companies - even at their worst - are just after money.

        The State, however,.....

        1. Marshalltown


          There are entirely too many "private" companies that want to friggin' OWN the state.

          Mine's the one with the aluminum foil cap in the pocket.

      2. Anonymous Coward
        Anonymous Coward

        @Dave 120 - RIPA

        I disagree. It could be argued that RIPA doesn't protect us from the State, since it seems to legitimise far too many activities. But anyway, it also defines the offence of 'unlawful interception', and that offence is not specific to the State - it applies to all.

  4. Anonymous Coward
    Anonymous Coward

    An(drew) Coward ?

    Has he heard of the name change facility... if not for himself, for his children's sake ?

    AC, as per the title.

    1. Anonymous Coward
      Anonymous Coward


      ?? the fuck are you on about??

    2. Graham Dawson Silver badge

      The illustrious lineage of the Cowards deserves recognition, if only because of Nöel.

  5. Asgard

    If this is proven true, then its very serious, not least because of the scale of it. If that is the case, its time for a massive class action to utterly destroy their company and send a clear warning to others. A line has to be drawn against companies behaving like this, because their kind are not going to stop pushing for ever more detailed spying without people standing up to them and saying no more. A limit has to be created somewhere!?!

    1. Anonymous Coward
      Anonymous Coward


      Don't stop at this small fish company when dozens of others are or will be doing the same thing.

      It's the carriers and/or handset manufacturers who are buying this product that need to be slapped.

    2. NinjasFTW

      re: Asgard

      Why I agree with your post, remember that someone paid this company to develop this app. It is the phone companies that need to be targeted in any class action and frankly they're too big to be properly punished.

      It will be oops, our bad, some low level exec has been punished and everyone affected gets a free sms in compensation

  6. James 51
    Big Brother


    Given the list of companies that he sited who use it that could take down a fair bit of the phone industry. Still it would be worth it. Still, I am impressed that no one has mentioned big brother yet.

    1. Anonymous Coward
      Anonymous Coward

      'impressed that no one has mentioned big brother yet."

      Sadly we've been under BB for a long time now, it's almost pathetic how impotent we are about it these days.

      I recently went to sign up for a contract phone and I was handed a form to sign that simply had a box to tick and the words, "I hereby agree I have read the T&Cs.". I hadn't seen the T&C's not been offered them and I bet if I had asked the assistant would have commenced with lots of huffing and puffing while her potential sales commission targets wandered in and out of the shop, waiting for me to read the full T&C doc.

      Just a small example of how we all being treated like mindless sheeple and expected to simply follow along and "not worry our fluffy little heads" about the nasty things like legal agreements. Just sign your life away, you'll never have to worry about it. If you decided to start causing trouble with the agreements we'll make it so damn difficult and expensive that your grandchildren will still be paying for your impudence in attempting to question your betters!

  7. Busted

    HTC Desire Z doesn't show it.

    Just had a look through my running apps and it doesn't show this.

    Anyone else see this?

    1. Dave Murray

      Lol you don't understand what a rootkit is do you. Due to the rootkit features you will not find this program in your list of running apps because it hides itself from the operating system (and hence you). It even pretty much says that in the article.

      1. Anonymous Coward
        Anonymous Coward

        Apart from if you read the internet for like five minutes you can work out how to find it and remove it.

      2. Vic

        > you will not find this program in your list of running apps

        The video shows the program in the list of running apps...

        > It even pretty much says that in the article.

        It explicitly says the opposite in the video - and shows it, too.


        1. Robin Bradshaw

          No the video says it does not show up in the running app, but it is listed in the installed apps, hence it being deserving of being called a rootkit.

          Rewatch the video carefully

          1. Vic
            Thumb Down

            > No the video says it does not show up in the running app

            No, the video says it shows up as a running app. 5:08 to 5:45 or thereabouts.

            > but it is listed in the installed apps

            ...But is *not* listed in the installed apps. 4:11 to 4:23.

            > Rewatch the video carefully

            Errr... likewise?


    2. Steve Evans

      Checked my DZ too, running stock HTC Gingerbread, no sign of it.

      Maybe it's something HTC only dish out with Sense 3, or just to the US market?

  8. Anonymous Coward
    Anonymous Coward

    XDA-Devs explanation

    Having a look around at the wonderful XDA resource, I came across this which explains what it is, what it does and how to find if you have it. Search further and there are ways to remove it.

    I certainly would not want this on my phone...

    1. Ian Yates

      From that article: "Carrier IQ is a software package buried deep within Android by Samsung at the behest of Sprint"

      But the video shows HTC, so presumably they got the same "behest". Does this only apply to Sprint?

      My friend's HTC Sensation on T-Mobile (UK) doesn't appear to be running the service nor contain the IQ libraries listed.

      1. Eponymous Cowherd

        UK Vodafone sensation

        Not on the UK Vodafone branded Sensation according to Ekhart's tool.

    2. Anonymous Coward
      Anonymous Coward

      Just checked for the running service on Samsung Galaxy S2 on 02 in the UK, and no sign of it. Still can't help wondering if there is an equivalent lurking on it o.0

    3. The Fuzzy Wotnot

      Reading the XDA article, here's a scary sentence:

      "through comparative groups down to diagnostic data from individual devices"

      So any claim it's anonymous collection is utter ballcocks, that they can identity individual devices should put the Willy's up any self respecting privacy advocate!

  9. them

    Still waiting for a FOSS smartphone

    These ongoing security scandals with iOS and Android are exactly why we need a free-open-source smartphone OS. Or if true FOSS is too ambitious, then at minimum, something like Ubuntu.

    I'd be quick to pick one up, once it's available. It's time!

    1. Gordon Henderson

      FOSS SmartPhone...

      The Nokia N900 is (was) a FOSS smartphone. Sadly hard to get now, almost impossible to repair, but it might be worth it now...

      1. TakeTheSkyRoad

        Not all that hard to get... picked up mine 2nd hand from ebay 4 months ago for 130 quid and it's still working a treat :) A little scratched true but still a bargain since it works just fine :)

      2. Anonymous Coward
        Anonymous Coward


        It's not really adhering to FOSS if it's got a untraceable hardware chip that logs keystrokes and sends them off bypassing the main OS.

        What you need is FOSH&S

      3. Dave Murray

        Read the article ffs! Nokia are using this software. Just because a device is FOSS doesn't prevent someone installing a rootkit or other malware.

        The technical knowledge of Reg readers is slipping badly.

        1. Anonymous Coward
          Anonymous Coward

          @Dave Murray

          Carrier IQ may sell a version for Nokia that some operators may install on the phones you get with a contract, but that is not the same as Nokia using it.

          When I worked for them Nokia had something similar, but it didn't hide itself. Company employees (non developers) who signed up for their internal 'True Test' program (beta testing new phones and software) were somtimes asked to install the monitoring suite and it was sometimes included in beta releases of Symbian, but it didn't do key logging and you could always open the app and check to see if it was active or when it last sent any results back, and you could easily uninstall it. It monitored Apps running v power consuption as well as some statistics for the radios. It was never on production releases of phones.

          I think it unlikely that they also had a sinister black helicopter version and actually mangaed to keep its secret. I'm fairly certain that if they tried they would have had loads of outraged devs on the internal message boards.

    2. Anonymous Coward
      Anonymous Coward

      Typical freetard, the security problems are with Android.

    3. Anonymous Coward
      Anonymous Coward


      If you're willing to spend a few years or decades? of your own time developing one without getting paid - ever - and detail all the hardware designs and implementations. Go ahead make one.

      I'll wait till someone stupid/benevolent enough to do this and grab one for free (as in beer). Still probably prefer the Jesus phone for it's aesthetic design unless you're able to find a designer who's also willing to spend a few years of their time doing nothing but that.

      Though be careful not to starve yourselves.

  10. goldcd

    I can see why this software exists

    but not why it's installed and turned on.

    If I've got an issue, then I'm happy for my phone to dump everything to a log to enable debugging - but I want a nice icon to indicate it's running, another one to turn it on and off, one to review what it wants to send and finally a 'send' button.

    Article doesn't touch on it, but looking at the path, is this something HTC have put on every phone?

    1. Vic

      > is this something HTC have put on every phone?

      Certainly not *every* phone; I've just checked my Desire, and it's not there.

      But HTC are to be condemned for putting it on *any* phone. This sort of thing is decidedly unethical, and illegal in many jurisdictions (and I really hope they get caught in one).


  11. Notas Badoff

    Allergic to both rootkits and video, so

    can you point me to where "conclusive proof that millions of smartphones" is shown (in text). Would that be the "stock EVO handset" bit, and then HTC or the wireless companies, or both, that will be going up the river? Just HTC phones or more than that?

    Cripes, Murdoch just caught a break...

  12. CanAmSteve

    And who is paying for these data transmissions?

    1. The Fuzzy Wotnot

      Any idea how much that info is worth to companies? Probably enough to buy yourself a small country somewhere south of the equator!

      The phone company takes the hit on that data, you don't have worry about it. The phone company and IQ then split the dirty money between them by selling you and your info down the Swanee!

  13. Anonymous Coward
    Anonymous Coward

    >“Why is my browser data being read, especially HTTPS on my Wi-Fi?”

    Because HTTPS is between the two endpoints.. HTTPS is for sending data over untrusted networks, not for protecting data while it is still on the source or once its delivered to the receiver.

    1. Sir Runcible Spoon


      I think he may have been asking why, not how it was possible.

      After all, not even Phorm tried to intercept https traffic at source afaik - something to do with it being obvious that it isn't to be read - a bit like 'private & confidential' stamped on an envelope.

    2. Anonymous Coward

      I love this

      Daniel, with the utmost respect, are you a software engineer perchance?

      The question was why are they snooping on sessions that are intended to be, and thought to be secure., Never mind the privacy concerns, this is a gaping hole in the security structure.

      It was not a question of how are they able to bypass HTTPS, for which you have provided a reasonable answer, in that they access it from the"safe"side, in the clear.

      1. Danny 14

        gaping hole?

        It isnt a gaping hole. I intercept SSL daily at work. Its called "man in the middle". All our employees are made aware and sign the AUP of the business. Our webfilter/firewall has truested CERTS and scans SSL before bridging back. This is fairly seamless to the end user and perfectly legal.

        this is doing the same:

        action -> carrier IQ -> SSL -> network.

        what isnt explained is how carrierIQ -> network (plain text?) with SSL traffic. I guess carrierIQ dont know/care if it is SSL - it logs everything....

        1. Anonymous Coward

          Erm, isn't it?

          We're onto a wider question now, and although you trust your servers, they still have access to all my bank logins, and the entire session, should i choose to check an account whilst at work - and on a "line" that i thought secure from my PC to the bank server.

          This gives you access to information that is beyond what I would consider reasonable for an employer. Many people use a work PC to check domestic things, well within the fair use requirements, and with an assumption of trust.

          Your firm's approach greatly increases the circle of trust, unnecessarily, which I would call a "hole".

          This makes your systems a richer target for criminal infiltration, knowing there are any number of instant man-in-the-middle attacks available. Or, alternatively, a configurable scrape of HTTPS sessions with passwords etc.

          Would it not be impossible to exempt HTTPS sessions to a certain whitelist of addresses? -and even if so, it wouldn't protect me from a corrupt instance of "you", would it?

          1. Volker Hett

            This is pretty normal for malware checking firewalls. If you have to check your banking account during working hours, why not use your smartphone?

            1. Graham O'Brien


              I think my smartphone has Carrier IQ on it.

          2. Darryl

            See, the problem there is in your perception.... Where you say "my PC". It's not your PC, it belongs to your employer, and if you're using it for unauthorized (ie personal) purposes, the company has no obligation to ensure your personal data is safe.

            1. Anonymous Coward

              This is pretty standard set-up for a proxy server

              After all, if HTTPS traffic were to be just allowed to pass untouched, that would be a pretty big hole in the purpose of a web proxy, would it not?

    3. pepper

      That explains the how, not the why. Which indeed is quite a interesting question.

  14. Kevin McMurtrie Silver badge
    Big Brother

    All ur data is privates now

    My Sprint Galaxy SII 4G pretends to let you kill the application but 'top' shows that it's still running. Nice trick. Maybe I'll have a chat with Sprint.

  15. Doogie1

    HTC really do want to steal your data don't they!

    No wonder my Desire kept over heating. It was all the bloody key loggers hard at work :-(

    1. Vic

      > HTC really do want to steal your data don't they!

      Actually it appears to be Sprint doing the data pilfering.

      HTC are "merely" an accomplice.


  16. br0die


    I wonder if my modded HTC has this rootkit on it.

    1. dotdavid


      No it doesn't. And you can check the source to confirm ;-)

      1. br0die

        Thank you, yes I did my own research as well, and confirm that Cyanogenmod'ed phones are not affected

  17. xargle


    Come on reg, this is not proof and the guy is clearly lacking some chops here. Yes it's doing some analysis but at no point is he confirming what/what isn't sent back. He's just blathering on and on about syslog output which means very little - someone's stuck debug call in a keypress handler, that says nothing about the metrics they gather.

    The siri hack was how this sort of thing should be done (knobble it via proxy and dump content), this proves nothing but is just a load of half baked arm waving. There isn't even a tcpdump in case the stats submission is unencrypted...

    He also refers to this as a rootkit which it categorically isn't.

    1. Anonymous Coward
      Anonymous Coward


      No idea why someone has downvoted you as I completely agree with your comments. At no point in the video does he show the data being transmitted anywhere off the phone. Some posted above asked who is paying for the data transmission - the answer being, until proved otherwise, no-one because no data is being transmitted.

      And as to his ludicrous question as to how come it's recording "data over HTTPS", he obviously has absolutely no clue as to what HTTPS is and what it encrypts (hint: this is logging keystrokes, not data transmissions).

      There are significant concerns about this app, the fact that it's installed, running, hidden, and hard to disable, but those concerns really ought to be raised by someone more qualified than this guy.

      1. thesykes
        Thumb Down

        read the article...

        "Some posted above asked who is paying for the data transmission - the answer being, until proved otherwise, no-one because no data is being transmitted."

        Err... read the quote from Mr Coward:

        “Our technology is not real time,” he said at the time. "It's not constantly reporting back. It's gathering information up and is usually transmitted in small doses.”

        I'd say that means data IS being transmitted. Small doses, but, definitely transmitted.

      2. Vic

        > hint: this is logging keystrokes, not data transmissions

        No, you missed a bit.

        Whilst it *is* logging keystrokes, it's *also* logging net activity - it captures the entire URL from his browser GET, despite that being a HTTPS GET (very naughty).

        Then, if I understood correctly[1], it proceeds to make a cleartext transmission to the CarrierIQ server including the whole URL from above (which could very easily contain data that is supposed to be encrypted).


        [1] I might have this slightly wrong; I was making the tea at the time. I'll go have another look in a bit - once I can summon up the courage to face another 17 mins of that drawl...

        1. Vic

          > it proceeds to make a cleartext transmission to the CarrierIQ server

          This bit isn't clear, actually.

          It occurs approx 15:40 into the video. We see the URL being sent to the CarrierIQ application. We don't actually see it being transmitted to CarrierIQ servers.

          The voice-over is a little misleading at that point, which might explain why I read into it a little more than is there.

          So what we're left with is a spyware app which logs all URLs (including HTTPS) and might or might not do anything with that data...


      3. This post has been deleted by its author

    2. Britt Johnston

      its more a root&branchkit

      see title

  18. Stephen 2


    I'd like to see the data being sent off. Right now we're only seeing local logging, I didn't spot any of the data actually being sent off to anyone.

    1. Anonymous Coward
      Anonymous Coward

      Read the article again

      Carrier IQ says it gets transmitted. Why would they admit it if it wasn't?

  19. Anonymous Coward

    Rooted at birth

    This broke a couple of weeks ago, seems it's installed on a number of devices from varying manufacturers

    1. Shades


      I was about to post the same link. Seems El Reg has been a bit slow on the up-take with this one (it all started around Nov 14)

      1. Anonymous Coward
        Anonymous Coward

        El Reg has been a bit slow on the up-take with this one

        True, but It's Apple's fault really.

        If Apple was involved El Reg would have jumped to an article the moment a post about it appeared on some message board somewhere.

        1. Steve Evans


          You can't have it both ways you know... El Reg goes into iphone rumour meltdown for a month before every new phone launch, gets rather tiresome to be honest. Multiple iphone stories a day isn't uncommon.

          If you feed the rumour mill for free product promotion, you can't complain if the wheels keep spinning when your product does something daft.

  20. n4blue

    from their own marketing materials...'s what CarrierIQ says about what their software does:

    - "Zero-delay" data capture.

    - View application and device feature usage, such as camera, music, messaging, browser and TV

    - "Task" phones dynamically over the air

    Also, from screenshots in these materials, you can see that this data is available to their customers on a per-device level (IMEI displayed in software) and includes details such as date, time and duration of voice calls, IP sessions and SMS messages.

    All without the user knowing a thing about it, and having no opt-out.


  21. Anonymous Coward
    Anonymous Coward

    Is my HTC infected ?

    I've got a HTC device on Vodafone's network. I'm thinking of moving to O2 anyway as the Vodafone network seems to have no coverage compared to my work phone on O2's network.

    Anyway, I've now got to pick a new phone - is the iPhone safe from this virus? Is O2's network safe?

    I certainly don't want a HTC anymore. Someone said Samsung have the same virus - Is this true?

    Thank you.

    1. dotdavid


      Your post pretty much highlights the problem with this sort of reporting.

      Many people will be a bit confused, and probably will go out and do pretty meaningless things like go and buy an iPhone "because android phones have a virus!!!".

      So several answers;

      1) It appears to be US-only. US carriers paid CarrierIT so they could include CarrierIT's spyware software in their phone ROM builds, supposedly to help debug customer problems.

      1a) Therefore no UK networks, including O2 and Vodafone, are currently suspected.

      2) It isn't in standard Android ROM builds, nor in standard manufacturer ROM builds by HTC, Samsung, LG or whoever.

      3) The iPhone runs iOS which is jealously guarded by Apple (i.e. no operator variants are allowed) so it's very unlikely to have CarrierIT's spyware.

      4) Blackberries and some other phones may have it though.

      5) Generally I wouldn't worry too much. CarrierIT is toast, and I suspect that any plans to do anything similar now will be similarly scuppered. Buy what phone you like.

      1. Anonymous Coward
        Anonymous Coward

        UK no suspected? Really?

        "Carrier IQ is headquartered in Mountain View, California with additional offices in Chicago, Boston, London (UK) and Kuala Lumpur (Malaysia)."

        What is their London office doing then? Twiddling their thumbs?

      2. multipharious

        Confirmed your assertion on HTC Desire (Germany)

        This phone was purchased in Germany, and I went through it. It seems clear so it looks very much like what you are saying: this is a carrier provided custom build. Which would make sense as the vector.

        I will look up CarrierIT.

    2. Shades

      Not sure...

      ...if trolling, or just stupid

  22. Eddy Ito


    Now how do we get rid of the bank account data pilfering bug fucker?

    One more thing. The VP of Marketing is a Coward? No matter, he's got a gob I'd like to smack.

  23. Anonymous Coward
    Anonymous Coward

    Careful now!

    Dear Reporter, Be very careful to understand before you publish.

    What you are looking at here is NOT a "log" or a record of transmissions but actually a debug print of hooks, that COULD but are NOT (yet) proven to be logged or transmitted. What this does show is that the information is being fed into the CIQ software but not that it is being used in any way shape or form. this means the app has unfettered access to snoop whether or not it is snooping is another question.

    It's all very phorm like, I'm sure we will see more on this.

    1. SiempreTuna

      Err ..

      .. Mr Coward confirmed in his statement that this *IS* transferring all these data: he merely denied that this was done in 'real time' but is done in 'small doses' - i.e. batches. I'm guessing because it can't guarantee a data connection all the time.

      At least they have all those bank account details so they can fund their legal defence ..

      BTW - how can you tell whether your phone is running this, given that it "[bypasses] typical operating-system functions"?

    2. Anonymous Coward
      Anonymous Coward

      In denial much?

      Even Carrier IQ admits the information gets transmitted back:

      “Our technology is not real time,” he said at the time. "It's not constantly reporting back. It's gathering information up and is usually transmitted in small doses.”

      1. Steve Gill


        The quote doesn't confirm it sends back all the data it has gathered. We need precise info, not media bytes.

  24. Gunda

    Do not worry. I am sure some software maker will install the same stuff as 'System Service' soon to ensure it goes unnoticed. Carrier IQ was just being upfront about the name of the software. And look what they got ;)


    Ought to be top story?

    IF this is true, almost no other story on the Register matters.

    It would mean huge number of the mobile devices in the US have been utterly hopelessly compromised by malware (if they weren't already).

    If so... Quibbling over SSL certificate forgery is pointless. And worrying about password security doesn't matter any more. Mobile device security (which was already questionable) has been comprehensively subverted, that's how bad it is.

    It deserves to be top story. And yet, I suspect it will get no MSM coverage at all.

  26. Destroy All Monsters Silver badge

    Sounds like someone discovered debugging code

    Oh noes, my computer has SNMP instrumention, THEY ARE SPIYAN - PANIC ATTACK (but don't forget to bump this Flatter button first!)

    Seriously though, how about some data? If this were "active" in more ways than calling the tracing and debugging functionality, ceaslessly dumping stuff over the airnet (unencrypted? what?) I imagine _someone_ would have noticed.

  27. Dr Christian
    Black Helicopters

    Exactly why I tossed out my android phone and went back to an old blackberry. Blackberrys may be out of flavour, but to me they're the most trustworthy smart phone available.

    1. M Gale

      You... do know this software is on Blackberries too?

      And likely a few other types of phone.

  28. alain williams Silver badge

    Transmission not shown

    Thank you - I was going to say just that.

    I can see the value of a debugging application that had a copy of all keystrokes before they were given to the foreground application. The real question is what happens with that data ?

    * Everything uploaded to somewhere occasionally. That would be very bad. Get all my ''secret data'' eg: passwords, bank account info, etc.

    * If an application crashes and I am asked if I want to submit debug data. Kind of OK if 'no' really means NO except that it would also send secret data and most people would not think of saying no if they have entered secret data into the crashed app. Also: will it send just keystrokes for the failed app or everything that it has ?

    * Data thrown away when an app terminates, the phone restarted, ...

    * Who gets to see this uploaded data ? Developers, marketeers, google, CIA ?

    * Where does this data go ? I would expect a lot of even non secret data to contain personal information (ref: data protection act). Exporting it out of the EU could be illegal.

    We need much more information.

    1. Danny 14


      it doesnt take a stroke of genius to figure what the following key do

      w w w . m y b a n k . c o . u k

      r a n d y r a b b i t

      1 2 3 4 5 6 7 8 q

  29. Tim #3

    As well as the class action approaches to resolving this, it would be good if someone could create an app that would send a load of nonsense data back to this rootkit’s servers. A bit of misinformation can come in handy sometimes in focussing minds.

  30. Big_Boomer Silver badge

    Get a life people

    Who cares if it's an iDroid, Symdows or PalmRIM.

    It's a ****ing smartphone.

    You don't have to defend it like your daughters virginity!

    Did you buy the phone to join that particular "Gang"?

    Then you really REALLY need a life.

    I bought mine to make calls, listen to music and surf the web.

    My last phone was Symbian, current phone is Android, next may well be Apple or Windows.

    Just because you bought a particular "brand" doesn't mean you have to defend it against all comers, doesn't make you a "superior being", and definately has no effect on the size of your Member or your attractiveness to the opposite sex.


    1. Anonymous Coward
      Anonymous Coward

      Fail to see your relevance here

      It does not matter what OS my phone is running on, if it's logging keystrokes and URLs and sending them back without my knowledge and express, specific permission, then I'm going to be mighty annoyed.

      I'm also going to blame the carrier, and not the OS or phone model - it's the carrier who chooses which phones to sell and what 'custom' rubbish to put on them. (Vodafone Live drove me potty because I couldn't kill it. I don't have a Vodafone anymore.)

      People do important, secret stuff on their smartphones, and employees with corporate smartphones often have company secrets on them.

      Even a simple 'call list' is spying - one of the things the News Of The World was accused of is using call logs to infer scandals.

  31. Anonymous Coward
    Anonymous Coward

    Maybe the Analdroids were right all along and there is no battery problem on their phones. it's just all the spyware working in the background.

    1. Steve Evans

      Best someone checks out ios 5.0 then ;-)

  32. Citizen Kaned

    blackberry too?

    isnt blackberry supposed to be super secure? or do the US gov agencies get the version without intercept s/w on.

    has anyone thought it might be added via the demand of the USA gov? they do like to intercept stuff in the 'Land of the Free' dont they?

    1. Steve Evans

      Indeed. Land of the free and home of the brave... These days it's land of the spied upon and home of the scared shitless by endless terrorism hype.

  33. Gordon Barret

    USB debugging

    My god, I can't believe I actually watched the whole 17 minutes, listening to the most boring, monotonous voice imaginable!

    Perhaps I could just point out a couple of things:

    1 - when he showed the app properties it said data storage was zero - it can hardly be saving any keypresses, location details, text messages etc in zero bytes?

    2 - absolutely NOTHING he is moaning about actually happened UNTIL he turned on 'USB debugging' - this guy has obviously never written any computer program, or tried to determine why some embedded hardware doesn't work as expected, to attempt to fix it you would turn on debugging, log keypresses, log what routines of what programs are run etc etc.

    I do not see an problem here, except in the guys head.

    1. Anonymous Coward
      Anonymous Coward

      2 -

      2 - Find out what ADB Logcat is and what it does.

    2. Markl2011

      1 - It depends where the app is storing it's data. I believe the memory usage in the settings screen shown just indicates memory used by the application in it's "authorised" storage area. It could look to see if an SD card is available and store it there in which case it wouldn't show up on that screen.

  34. Jop

    How long before

    An app gets written that doesn't keylog or monitor anything at all so passes as a totally legit app, except it reads the CIQ log files and gets the same info anyway.

  35. alien anthropologist

    Galaxy S2

    Had a look (using a terminal app) on my S2 (running a factory Gingerbread) and not iq libs of any sort in /system/lib.


  36. Anonymous Coward
    Anonymous Coward

    I see a huge class-action suit brewing..

    The rootkit is only on some markets. It's put there by the telco's request in the US. No info on EU though.

    I would welcome the telco's paying gargantuan fines for installing this software though.

  37. Anonymous Coward

    What's the big deal?

    It's key logging - locally, not transmitting - the key logging is needed for the app to do what it's designed to do. Blame the carriers, not the device makers nor Google.

    1. Anonymous Coward
      Anonymous Coward

      So what does it do with that keylog?

      Eventually it must either send it to dev/null or it transmit it off the device.

      Somebody has paid good money to put this application on some phones.

      So if it doesn't transmit (at least some of) the keylog eventually (in bursts, as they have already admitted), then why would anyone buy the application?

  38. heystoopid
    Big Brother

    Oh well

    Oh well, shouldn't be too hard to track down where the spy cripplecrapware is hiding, since Android is officially open source copy left software!

    Thus, one should by rights, get the complete source code listing from the phone makers and easily recompile, minus the spy crippleware back door code and turning off the update on the fly cycle too!!!!!!

    As for Pwn2Own in Vancouver, in 2012, this could make for a possible backdoor open hack, to get oneself a nice brand new Smartphone?

    As it stands, Smartphones are truly dumb!

    According to a conspiracy youtube video, Carrier IQ spy crippleware has been deployed to well in excess of 140 million smart phones. Now Gartner said by April 2011, world wide sales of smart phones was 468 million units, a 57% increase on 2010 sales figures, so I would say 140 million claimed on youtube video is a very conservative number, lol!

    But then again, how soon we forget, how easy it was, for the mainland Chinese Central Spy Agency hackers, to break into and compromise Gmail accounts of many US Government Agencies, by the very same back door crafted by the foolish fools at NSA, when it went viral, on June 1st, 2011!

    1. Vic

      > Android is officially open source copy left software!

      No it isn't.

      Most of Android is under the Apache licence, which is *not* copyleft.

      Thus you have no rights whatsoever to get the source code to it.


  39. David Ramsden

    Mr. Finch

    I think Mr Finch from Person of Interest had something to do with it.

  40. Anonymous Coward
    Anonymous Coward

    Change the law

    It should be made into law that any back channel communications should be unencrypted and plain text or SSL with the public key made public (So they can be afforded some degree of authentication but not privacy on their spying).

  41. Anonymous Coward
    Anonymous Coward

    It's required by AT&T

    Don't ask how I know. That's confidential

    1. Richard 120

      Don't tell me what to do.

      How do you know?

  42. Zippy the Pinhead

    Is it truly the Carriers or Homeland Security

    My question.. is it the Carriers or Homeland Security (through the carriers of course) who have asked for this rootkit to be installed? Seems like they would be the primary benefactor even more so than the carriers... capturing of all data including the content of text messages and the details of whats inside an SSL connection.

    1. Anomalous Cowturd
      Thumb Up


      Exactly what I was thinking...

      Other Opinions Are Available... (TM)

  43. Stewart Knight

    I smell

    Ken Mulcair's hand in this.....

    Has anyone checked if the company is owned by News International?

  44. jestersbro
    Big Brother

    Carrier IQ Press Release

    Just found this press release from the offending (offensive?) company in question. Take from it what you will when presented with the evidence from the video in the Reg article. I make no opinion either way.

  45. oldredlion

    Once "secure boot" is in place within mb BIOS we can all breath easily...

    1. M Gale


      ..because CarrierIQ or equivalent spyware will then be embedded so deeply that you can't remove it without failing the "secure" authentication. That's if you're even allowed to run anything except Microsoft Bloatware version 9 (with future versions requiring a new motherboard).

      Who me, cynical?

  46. IGnatius T Foobar
    Big Brother

    Congratulations to Apple

    Congratulations to Apple for doing a much better job at concealing their spyware than the folks who integrated CarrierIQ into these other phones. Apple has not yet been caught!

    1. Anonymous Coward
      Anonymous Coward

      Proof or STFU

      as title

      1. Anonymous Coward

        Choke on it, Metavisor

        1. Anonymous Coward
          Anonymous Coward

          Why? It's hardly concealed is it? The logs are fully visible, no keylogging or any of those shenanigans and YOU CAN TURN IT OFF (sorry caps lock got stuck)

          Beat that for freedom of choice, Android.

  47. tommydokc

    seems to me

    after reading all the posts, that it's just on the Sprint network devices. my ATT Captivate does not contain it, as of yet. has anyone been bothered enough to notice this variable and confirm or deny?

  48. R.Moore

    Look for... and in /system/lib

    Not on my UK purchased Nexus S

  49. Jamie Kitson


    The article doesn't seem to say whether this is something that a) comes with Android b) is added by the manufacturer or c) the carrier.

    1. Anonymous Coward
      Anonymous Coward

      Seems to be added by b to a by the order of c.

  50. Anonymous Coward
    Anonymous Coward

    I can't believe this hasn't even made to the top story list.

    Is El Reg trying to bury this like Carrier IQ did?

    1. diodesign (Written by Reg staff) Silver badge


      No. How exactly do you bury a story that everyone is reading? (See the 'most read' box on the front page's top right)

      1. Anonymous Coward


        Well you put it on page 2 just like it did now.

        This issue affects mostly US customers and the story is already gone from sight at 8am. Great!

        But I'm sure it's nothing intentional of course, just one of those things.

        Doesn't El Reg have a "Don't do evil" policy?

        1. Richard 12 Silver badge

          El Reg has a "Be evil if it's funny" policy.

          Didn't you read the tagline yet?

          1. Anomalous Cowturd

            Re: El Reg has a "Be evil if it's funny" policy.

            I nearly sprayed my beer at that.


  51. Bradley Hardleigh-Hadderchance
    Big Brother

    They're all at it, Jamie


    Carrier IQ solutions combine device-resident software and server-side business analytics applications to provide actionable intelligence on end-user customer experience, performance and service quality. The embedded device agents are currently shipped on more than 75 million devices across numerous device manufacturers and models. The solutions can be deployed across multiple wireless technologies such as CDMA2000, GSM, UMTS/WCDMA, WiFi, and device types such as feature phones, smart phones, PDAs, data cards.


    They are also looking for someone with:

    "Experience with PPP/serial logging and sniffing tools like Wireshark"

    Sounds innocent enough.........

  52. NumptyScrub

    It's a multi-platform product

    so it will be spread across multiple platforms.

    It lets carriers data-mine the behaviour of every device it is running on.

    If Sprint have decided to deploy it, you can bet they will be deploying it across all handsets that they sell to the consumer. If CarrierIQ have a set of iPhone libraries for it, then Sprint will also have deployed it on their iPhones. I have yet to find a list of supported platforms on their site yet, though (not that I've actually looked that hard).

    It is not a virus, or malware, it is a commercial product, and the decision to deploy is done by the carrier.

    This is why I buy my phones direct rather than get a subsidised handset; you cannot know what the carrier has or has not installed on your handset for their own purposes. Subsidised handsets are so much of a false economy it is not even funny any more :'(

    1. Anonymous Coward
      Anonymous Coward

      Not so fast...

      Carriers don't touch iPhones, and the firmware comes straight from Apple.

    2. M Gale

      If it spies on my usage..

      If it was installed without my knowledge or consent...

      If it cripples, damages, downgrades or otherwise affects anything I do with the machine...

      ...then it is malware, commercial or not. Just like the Sony rootkit and to some extent, various game DRM mechanisms.

  53. Peter Simpson 1

    In all fairness...

    If the carriers want to be able to plan for and provide appropriate amounts of bandwidth, now and in the future, they need to understand how users use their phones to create a model of current usage.

    Yes, I realize the CIQ app goes much further than this by actually recording content, but perhaps it's merely a case of their thinking that "more info is better"?

    That doesn't excuse the sneaky way the app is installed, or the lack of information from the carriers, and especially not CIQ's hamfisted tactics against the guy who shone the light on their handy little tool, but there's just a slight possibility that we're not dealing with malice here, but only a stunning level of organizational incompetence and/or misunderstanding of how users feel about their personal communications.

    1. AceBitbucket

      Agreed. Never ascribe to malevolence that which is equally well explained by stupidity. I would still like to perform violent acts on the entire company starting with the CEO and working my way down to the poor droid who will be blamed.

    2. Anonymous Coward
      Anonymous Coward


      Given their tactics, why bother cutting them any slack? Someone says something about their work that they don't like the flavour of, and the response is 'go corporate' and deploy the brass knuckles. And the carriers are suspiciously (guiltily?) quiet. If the world ends up short of one data 'gathering' company because they can't work out that deploying controversial software in a febrile environment is a bad idea, who cares? If they're that dumb, I don't think it's a big loss.

      One thing that's become very clear in the commercial assault on privacy is that trusting businesses and handing them the benefit of the doubt rarely leads to an open and satisfactory explanation. It's far more likely to encourage them to continue stonewalling - and in the UK of course, like as not they'd get government support in doing so.

      When they play fair, maybe we will.

  54. Duffaboy

    Is my Nokia 6310i safe then ?

    Go on hack it if you can.. I dare you..

  55. Goober

    REALLY!! ok I see hackers getting the info. But who in their right minds think that the GoVERNMENT

    will not abuse spying on citizens whether by court warrent or just to keep track on anyone who may disagree with them . It has been proven time and time again to be the case and even as far as to spray pathogend to see how modern life...the trains. subways ect can spread pbiological or chemical substances. we have a fundamental right to privacy..And those gready corporations and the DMV who spy on us and sell our private information should be stopped from doing so and fined and the company executives put in jail for 10 years without parole and forced to pay restitution to the coustomers which they made their millions off of .Hackers publish their names, addresses, family members names and locnes numbers and everything they do. Let them see how they like everyone knowing their bussiness...

  56. MisterDan

    Details on CarrierIQ -- a great writeup


    This writeup is terrific:


  57. LordButt©
    Thumb Up

    Check your phone!

    I downloaded Logging Checker By TrevE@XDA and installed it on my DroidX from Verizon. CIQ is NOT installed on my phone, but I found that Google and Dropbox are logging usage stats.

  58. Jean-Luc

    2 things...

    #1 my iPhone occasionally complains about the cellular data not being available - I am cheap and did not sign up for a data plan, WIFI suffices, thank you very much.

    Wondering... could it be that something similar is going here, with call-home snooperware trying to connect?

    See.... I consider it quite possible that my shiny has this problem too.


    #2 far as this article states, _this_ here is not an iPhone issue. Now, from the fanbois on both sides, I can understand "mature" behavior like

    "hah! an Android bug. iPhones are so much better".


    "heh, heh, silly iTards have problems, Android rocks"

    But, it is surely stretching the stupidity level quite a bit to say something like

    "hah! a problem on Android means iPhones suck".

    Or the reverse

    "iPhone bug => Androids suck".

    Get a f'ing life, folks. a phone is a phone is a phone. This is a programmer forum, can't do any better than "my shiny is better than your shiny"?

    Sorry if I offended any 'tards by the above. It was fully intentional.

    1. strongy

      this is actually your iPhone checking for email etc but because wifi goes to sleep it uses 3G hence the message.

      source: the o2 website.

      solution: turn off 3G when your not using it or disable push email.

      1. Jean-Luc

        Hmmm... I don't think so

        My phone is configured to fetch mail every 15 minutes and this "cellular data not available" message doesn't appear with any regularity. Certainly not every 15 minutes. It also tends to appear as I am using the phone, not when it is idle.

        And, yes, I have turned 3G off in settings - this message annoys me, so I tried my best to get rid of it. I could try to turn off push email for a while, see if that makes a difference.

  59. DMGregory


    While Mr. Eckhart's investigation is an important beginning to the conversation, it does not prove quite what it might seem to from this article.

    The Register's article claims that Eckhart was using a "packet sniffer" to read what Carrier IQ's software was logging/sending, but that's not true.

    He was using a USB debugger to view the EVENTS that Carrier IQ's software was receiving/processing from the OS.

    What's been shown thus far is only that Carrier IQ's software has ACCESS to this personal information. It has NOT been shown that:

    + personal information is stored

    + personal information is transmitted to an outside party

    + personal information is used in any way

    So far, Carrier IQ's statements about their software *may* still be true, if they are appropriately censoring personal data provided to their application through these events. Until we see what the application actually stores/sends, we won't know for sure.

    That being said, I'm relieved that it's not on my phone, and I look forward to further investigation.

  60. The Alpha Klutz

    this is why I don't have a smartphone.

    Once you know the truth, that smartphones are designed to sap and impurify your precious bodily fluids, you just can't submit to having one. It's the secret policeman in your pocket. It only takes a room temperature IQ to figure out that they're using it to spy on you, I mean, duh. How obvious does it have to get?

  61. Saoir

    Thank GOODNESS for Apple's so called 'walled garden' !!!!!!! Thank you Apple !!

  62. Mike VandeVelde

    Is it... legal?


  63. All names Taken

    Ah well, ... looks like I am stuck with the iPhone?

  64. Anonymous Coward
    Anonymous Coward

    Only one thing left to say


  65. Mr_Pitiful

    I doubt this effects....

    my nokia 3110. so I won't worry about it

    Is it time to dust off my 486dx2-66 running windows 3.11 & nuke the site from orbit?

    It's the only way to be sure!

  66. Anonymous Coward
    Anonymous Coward

    Carrier IQ needs to go now.

  67. Wile E. Veteran

    Where is the independent confirmation?

    Everyone on this thread is in a panic because of ONE video. Where is the independent confirmation by unrelated researchers? If someone has an ax to grind, they can easily produce a video and watch all the sheep go off on a tilt based on it. It does not matter if it is factual or not, as long as it is plausible and looks good on video, huge numbers of people will believe it.

    It may well be correct, but until I see multiple instances of totally independent confirmation, I will remain skeptical of the conclusion Carrier IQ is actually logging all my keystrokes and net activity.

    If it IS independently confirmed, I will happily join a class action suit aimed at putting everyone involved in this monster invasion of privacy out of business and behind bars.

  68. Anonymous Coward
    Black Helicopters

    Broadband usage

    Who pays for the transmission of data? Could this be classed as theft for using your broadband without your permission?

  69. Alex Gollner

    Seemingly more limited version found built into iOS by Apple

    Seems like mobile phone OS designers like elements of Carrier IQ - even Apple have included it:

  70. premiso

    Not new...found back in August

    VirusROM found this back in August and anyone using VirusROM on their phones have this blocked. From what I read it is also a Sense only issue, so ASOP etc do not have the CIQ Logger on.

    Go VirusROM!

  71. Neiljohnuk
    Black Helicopters

    Only carrier installed?

    Hummm, not convinced, I've had non-droid phone's tracked as well as my Nokia sending real time location updates, until I reconfigured it, because someone in the Police has a grudge against my brother, whom I've not seen in years. The 'security-services' love having the ability to track people without any oversight, and with the ongoing mission creep I'm not surprised...

    1. Anonymous Coward
      Anonymous Coward

      They don't need an app to track your phone, they can do it based on the network cell you are using. In cities the cells are smaller and thus the location is more precise. With a little bit of additional kit in the network they can have a good go at triangulating your position in the cell as well. This is totally independent of the phone manufacturer.

      As for the Nokia sending real time location updates, you probably signed up for it through one of the many apps that do that now. Not very black helicopter if you can turn it off easily. The main users of this tech are not the government, its the advertisers.

  72. Reg T.

    Apple sued

    for Iphone tracking - 8/17/2011

    Screwed - but paying more for the pleasure!

    Buy Apple!

  73. foo_bar_baz

    The phone OS and phone manufacturer are irrelevant

    If you don't want a phone with operator installed crap on it, don't buy/rent your phone from an operator.

  74. pickonme

    Smells like a class action Lawsuit

    I feel so strongly about this invasion! How is this different from someone breaking into my house and snooping through my draws? I think we should all get together and hire a lawyer and play the corporate game of busted now you pay up. I think jail time is also due here. Why is it that white collar crime is not treated the same as a burglar, etc?

  75. pickonme

    This smells of a class action lawsuit

    I feel so strongly about this invasion! How is this different from someone breaking into my house and snooping through my draws? I think we should all get together and hire a lawyer and play the corporate game of busted now you pay up. I think jail time is also due here. Why is it that white collar crime is not treated the same as a burglar, etc?

This topic is closed for new posts.

Other stories you might like