back to article Why are Android anti-virus firms so slow to react on Carrier IQ?

Some Android anti-virus firms have begun releasing Carrier IQ detection apps, but only after the controversial software became a talking point on Capitol Hill ... and a month after a security researcher first discovered it. BitDefender released Carrier IQ Finder, an app that identifies the presence of the controversial mobile …

COMMENTS

This topic is closed for new posts.
  1. NinjasFTW
    Thumb Down

    Fairness

    <quote>Carrier IQ's initial response to the discovery of its software by security researcher Trevor Eckhart in the middle of last month was to issue a cease and desist letter, though in fairness the firm has since tried to explain what it's about and how its technology operates in a way that has defused many (but not all) of the original concerns.</quote>

    Why is it in fairness? Its not like it was their intention. Carrier IQ tried the scumbag lawyer approach and then when that blew up in their face they tried to go the PR route.

    A very poor statement from el Reg I think.

  2. Anonymous Coward
    Anonymous Coward

    Don't be hasty

    We still don't have all the facts about Carrier IQ yet. It might be exactly what they claim it to be - purely diagnostic. Diagnostics are an essential component in complex systems - it might help engineers understand the specific events that lead to a failure.

    I'm not waving the flag for Carrier IQ because I don't have all the facts yet. But it's quite possible that it is all quite legitimate and, in fact, desirable (if it prevents catastrophic network failures). The time to decide is when we have all the facts - the real problem is that Carrier IQ have been lousy communicators up to this point.

    1. Wize

      So lets all take the risk...

      ...that it could be mallicous.

      Lets all have slower phones because of some diagnostic program we don't need as we aren't experiencing any problems.

      When there is a problem, put on diagnostic software and remove it when problem is solved, informing the user at both stages. Its not rocket science.

    2. Anonymous Coward
      Anonymous Coward

      It's a rootkit - regardless of whether its use is justified

      when I run a rootkit scanner on my machine, it detects ANY program/code that is trying to hide itself. the scanner does not make any judgement about whether the code has a legitimate purpose - that is for the user to decide (and some of the things it finds are legitimate).

      Not identifying the rootkit is a failure of the companies who profess to safeguard our systems, and sends a clear indication as to who would win in a 'corporate vs user' interests contest.

    3. Voland's right hand Silver badge
      Devil

      If it is not, why is it written this way?

      Well, if it is not "malware" why the hell does it use undocumented Android functionality which prevents removal?

      1. Dr. Vesselin Bontchev
        Boffin

        Ah, you are mistaken. It doesn't use any undocumented Android functionality. The reason why it cannot be removed (without rooting the device) is because it comes pre-installed by the carrier and resides in an area of the device's memory to which the user doesn't have write access on a non-rooted device. it is no more and no less difficult to remove than any of the other pre-installed apps.

    4. No. Really!?

      Hasty?

      Regardless of the software's ultimate intent - It is HIDING itself.

      I have a problem with that.

    5. Dr. Vesselin Bontchev
      Boffin

      We know it very well. It IS a purely diagnostic tool. Nobody is disputing this. The problems are two:

      First, in order to provide exhaustive and useful diagnostic information, it can collect vast amounts of privacy-sensitive data. (I wrote "can collect" as opposed to "collects", because what it actually collects can be configured by the carrier.) This is a HUGE breach of privacy.

      Second, it tries to hide while doing so and it cannot be easily turned off. This tends to annoy people. If it had an opt-in policy (as opposed to the current no-opt-out policy), if it clearly explained what exactly it collects, for what purpose, what it sends to the carrier and how that can help the user, nobody would have had any problems with it.

      Also, it is a bit unfair that CarrierIQ gets all the blame. After all, they are just a software company making a diagnostic tool. This tool does exactly what their customers - the carriers - want. People should direct their ire towards the carriers who have been shipping it pre-installed, instead. Why aren't they telling their customers what kind of information they are collecting on them and why there is no easy way to opt out?

    6. Anonymous Coward
      Anonymous Coward

      Diagnostic software

      i completely agree that in some cases having this software for tech support to use would be a huge help, however, that doesnt get around the fact that i should have the ability to turn it off, now, yes they could argue that until your contract is up you do not own the phone so they can do what they like with it, but thats a big gray area, but they have no right whatso ever to have the software on there if either A i own the device (paid full price for it) or B ive finished my contract, so rather than spending a fortune on having to deal with returns to remove it why dont they just leave an option to turn it off, (they probably dont do this as user ignorance is to their advantage) if its not on your device an tech support cant help you then perhaps they will just have to fix things the good ol way, the way we have been doing things for the last 30 odd years. experienced tech support and service centres

    7. austerusz
      Stop

      Don't think so ...

      It may be malicious, it may not be, that's the whole point of flagging the software as potentially undesirable and not as a rootkit right away.

      It is certainly not legitimate since the user is never asked for his accord.

      - all mobile apps, even DRM ones, still ask for the user to approve their access

      - on Windows, the user is told that logs are being kept or that automatic updates take place and he can choose to enable them or not

      And Lookout si wrong: the analogy should be made with Sony. Sony comissioned a third party to do their rootkit. Here, the makers/carriers comission the software from Carrier IQ. It's not Windows update. The "windows update" on Android is the Android Market. And the user still has to opt-in to make updates automatic, not opt-out, while Carrier IQ doesn't offer any "opt"-ing.

      1. Wize

        "It may be malicious, it may not be..."

        And even if its not, some bit of software may hook into its calls and use it for nefarious purposes, without having to contain its own code to log your keypresses.

  3. Spearchucker Jones
    Go

    The cost...

    ...of the middleman(1) and openness(2).

    1). It's why I only every buy SIM-free phones.

    2). It's why I rate proprietary OS's over open ones.

    This works for me. I imagine the *nix world is about to fight itself to the downvote button.

    1. Jedit Silver badge
      FAIL

      "It's why I rate proprietary OS's over open ones."

      http://www.theregister.co.uk/2011/12/01/ios_has_carrier_iq_client/

      You were saying?

    2. Bumpy Cat
      Stop

      ... What?

      SIM-free I can agree with, but Carrier IQ was on iphone as well. How is a proprietary OS any better when it was clearly found on both Android and IOS?

      1. Spearchucker Jones

        If you were to analyse the risk involved in chosing a phone you might come up with something like this:

        Risk = something naughty on my phone,

        Impact = well serious, innit.

        Probability = variable*

        * Variable because it's different per platform.

        If you're a black hat you'd target something that yields the mostest (number of targets), for the leastest (you might only have time for hacking a single platform). That makes probability on Andoid high, iOS medium, and on Bada, WebOs or Windows Phone low.

        Of course we're just people, so we're all susceptible to seeking out only those facts that support our emotional (and, sadly, often irrational) attachment to a particular idea/product/mobile OS. If you disagree with that one, read Irrationality by Stuart Sutherland.

        Economics and psychology are huge factors in security. If you want to find out more about that, read Ross Anderson's Security Engineering.

      2. Anonymous Coward
        Go

        Opt in is always better

        Apple made the use an opt in. That makes it better.

    3. Loyal Commenter Silver badge
      FAIL

      Oh dear

      If you genuinely believe that security by obscurity works, I invite you to read pretty much anything written by Bruce Schneier on the matter. Bruce Schneier is a genuine security expert with many years of experience who is widely recognised by the community to be a foremost expert in his field. You are not.

      1. Spearchucker Jones

        Of course not.

        You're right. I know nothing about security and I'm such a clueless idiot. Thank you ever so much for setting me straight. I'll go buy an Android phone from Talk Talk right away.

        Actually no. You're an idiot.

        I made it clear that it works for me. I made no claim as to it's effectiveness as a policy. I also made no claim about my knowledge of security (but why not - read other posts I made on here, and work it out).

  4. Michael 36
    Black Helicopters

    ."...it doesn’t appear that Carrier IQ’s software is malware"

    It just records your usernames and passwords (and everything else) without you knowing and without means of stopping it. If this isn't malware then I don't know what is.

    It then uses your data allowance/talk time that you have paid for to send the data that they have captured. This is simply theft, which ought to be a matter for the police.

    1. Gordon 10
      FAIL

      You dont actually get the difference between monitoring and recording do you?

      From their own statements and the security demo CiQ monitors your activities, records what it needs to, and ignores the rest.

      No-one has proved otherwise. Until they do lets calm the hysteria.

      1. cloudgazer

        Actually they've already admitted to recording more than they need to

        They record URLs. They consider this ok because they don't record the web pages themselves, but URL tracking is itself a privacy invasion.

      2. Anonymous Coward
        Anonymous Coward

        I do know the difference.

        I just happen to think it's irrelevant in this context.

    2. Lord Elpuss Silver badge

      Wha?

      "It then uses your data allowance/talk time that you have paid for to send the data that they have captured"

      Reference please. It was my understanding that the Carrier IQ data dump was uploaded, but did not come out of any bundle. The carrier commissioned the data dump according to their configuration settings (1x/day, week, whatever) and this was performed separately from YOUR data. It was also my understanding (from the filings this week) that a data dump would take place even if you had no data contract - many company-issued cellphones do not have data enabled so this is a significant factor.

      To do it any other way is asking for a lawsuit from disgruntled punters. It's not rocket science for the carrier to split out CIQ traffic.

    3. Shakje

      Whoah steady on

      1) It's still not clear exactly what it keeps for sending. If it records things temporarily because it has to, then so be it. The reporting of it sounds varied, and I don't really know Android well enough to really get to the bottom of it, but it does sound like it just has a global hook on text entry, and then filters out the presses it gets back for the interesting ones. The fact that it stores those presses in RAM while it's processing them shouldn't shock anyone technical, or be cause for alarm.

      2) It's installed by the carriers, so they will clearly whitelist the URL that it uploads to. You may notice a bit of a reduction in your data connection while it uploads, but it won't cost you a penny. If we take their guy at his word then it only uploads when the carrier asks it to. This doesn't sound particularly malicious.

      All in all, it sounds like a poor design of some diagnostics software (probably so that it was easier to port), not an attempt to harvest data maliciously. Stop jumping the gun already.

    4. Ian Michael Gumby

      Because

      It sounds like its a dumb system that blindly records everything such that if there was an event, it could dump everything you were doing when the phone crashed or had a problem. It has no was to know what you were doing except at the time of the crash, you were typing in zxcv1234 into the phone while apllication foo was running.

      The scary part... Does this open a potential vector of attack? Not that I'm saying that CarrierIQ would be malware, but that malware couldn't figure out how to access this information?

    5. Steven Roper
      Devil

      @Michael 36

      Obviously you've failed to understand the correct meaning of the term "malware".

      Spying, tracking and monitoring software is only "malware" if it's not put there by a multi-billion-dollar corporation or one of their government puppets. Thus, if it had been you or I who rooted millions of people's phones to put the CarrierIQ software on them, THEN it would have been detected as "malware" within 24 hours of its release and we'd be looking at a few years in the blue light hotel. But because it was put on there by big telcos, it wasn't classed as "malware" until it became necessary for the PR machine to cover arse for its discovery.

  5. Dr. Vesselin Bontchev
    Boffin

    Some answers

    Some of the questions raised in the article are relatively easy to answer.

    1) Why are some AV companies reluctant to label Carrier IQ as malware and, most importantly, add detection of it in their main scanners and even if they do implement detection, they do it in a separate app? Well, dunno about Kaspersky, by Lookout comes pre-installed by several carriers on their phones. Most of these carriers also pre-install CarrierIQ. Imagine now if the pre-installed malware scanner starts reporting out-of-the-box that the phone contains malware. What will happen? The carriers will drop the AV product, of course - leading to financial losses for its producer. Ergo, the producer isn't going to do detect CarrirIQ as malware with its main product.

    2) Why don't they offer removal? CarrierIQ comes pre-installed by the carrier, which means that it resides in the firmware, among the other pre-installed apps. The only way to remove any of those is by rooting the phone. A security company can't afford to do this routinely on the phones it processes - or its own product would be classified as malware by some.

    3) Why weren't the AV products detecting CarrierIQ heuristically, using the fact that it requires many dodgy privileges? Unfortunately, Android's privileges are not granular enough to be usable as a base for good heuristics. By this I mean that you can't easily pick a set of privileges and say that if an app requires, then it is suspicious. There has been a rather deep study of this issue (an AV company comparing the privileges used in the known malicious and in the apps on the Android Market) and the conclusion was that it is not possible to determine the maliciousness of an application from the set of privileges it requires.

  6. Miek
    Linux

    It's not malicious but it is a massive vulnerability particularly if it is sending unencrypted forms of every keystroke entered onto the device (as claimed by Trevor Eckhart http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/)

    1. Anonymous Coward
      Anonymous Coward

      Without consent

      ... what you describe is a threat.

      Because it is covert, it is self evidently malicious unless you *want* that to happen.

  7. ABCD
    FAIL

    Nonsense

    What sense would it make to alert the user that there's CarrierIQ installed on their systems when it can't be removed by the anti-virus software? And how often should they alert the user? Every 5 minutes? Every day? At every reboot? It would be still annoying and worthless information.

    1. Anonymous Coward
      Anonymous Coward

      Nonsense?

      Not at all. Whether or not the AV software can remove a threat, it makes complete sense to alert the user to something that is at least suspicious. Reducing alerts is usually taken care of by providing a means to 'whitelist' the software after the first detection. Easily done, and not an excuse for doing nothing. And nor is it an excuse that the suspicious software is pre-installed - they should be judging solely on the nature of the software, regardless of its origin.

  8. Tim Brown 1
    Pint

    It's been known about for a lot longer than a month

    The article of the XDA forum that one of the commentators on your original story linked to was dated MARCH 2011,

    http://forum.xda-developers.com/showpost.php?p=11763089

    The android development community has known about it for quite a while. Perhaps the reason no one has been particularly bothered is that the 'security researcher' who 'discovered' it recently is spreading FUD.

    Now that's not to say that it's something I'd want on my phone, but all these hysterics are out of proportion.

  9. Gogugogu
    Flame

    Potential uses of Carrier IQ

    An application that has access to all data, but does not actually "use" this access. Looks for me like the dream of enforcement agencies - functionality is already there "just in case". When they say "jump" CarrierIQ just asks "how high?".

    Is CarrierIQ functionality remotely trigger-able ? Can new functionality be added remotely to it ?

    Would, in a "police state", an application like CarrierIQ be mandated by law in order to ensure access to encrypted user communications is available on request ?

    If the above is true, would that slow anti-virus firm reactions ? ;)

    1. Dr. Vesselin Bontchev
      Boffin

      Not CarrierIQ. The carrier. It is the carrier who instructs CarrierIQ what data to collect and send. Yes, it is remotely triggerable (configurable, more exactly). Adding new functionality - no, but there is plenty of existing one.

      The fascist government doesn't need to mandate the use of CarrierIQ. First of all, they can go directly to the carrier (with a secret court order or just with a big gun, depending on how fascist the government is) and require access to all the phone-related traffic of the victim, CarrierIQ or not. Second, the GSM phones use the A5 encryption algorithm, which isn't that difficult to crack in real-time. I've seen offers from security companies that have devices doing it within 0.3 seconds.

  10. TeeCee Gold badge
    Unhappy

    "Carrier IQ.......was more akin to Microsoft Software Update."

    Oh dear. There's enough food there to keep the local trolls fat for some time....

  11. Anonymous Coward
    Anonymous Coward

    iPhone 4

    It's main use seems to be on the iPhone 4.

    Of course no one may ever find that the to the nature of IOS.

    This is why IOS malware used by criminals and government services whilst less likely to go on will be harder to detect.

    Apple used the words 'stopped supporting Carrier IQ' sp it is no doubt still in there in use by whoever.

    1. Dr. Vesselin Bontchev
      Boffin

      I guess you've missed the message that the iPhone was found to record your whereabouts and keep a week worth of information of this kind on the phone (accessible to anyone with physical access and a bit of knowledge) and send it to Apple too.

  12. Ged T
    WTF?

    Wrong Question!

    Why is it (as well as when did it) become necessary to have antivirus software for *any* (smart)phone?

    Have the smartphone platform designers learned nothing from the M$ approach to security?

    Are we really going to have to accept that the AV vendor's products, adding bloat, risk vectors of their own, sucking performance and battery longevity are the norm?

    1. Dr. Vesselin Bontchev
      Boffin

      Well, it's a matter of choice, really.

      You can have a completely closed system, be allowed to run only what the system producer thinks is good for you, be relatively save from malware and be left without recourse if something bad happens (like, the producer screws up big time).

      Or you can have an open system, vulnerable to malware (because it is just as opened to the bad guys too), which leaves the responsibility for your protection mostly on your own shoulders, and have freedom to run on it whatever you want (including malware) and get quick help from more knowledgeable enthusiasts whenever a need arises.

      I realize that each of these two alternatives appeals to different kinds of people. Me, I'd take malevolent freedom over benevolent dictatorship any time - but not everybody might feel the same.

      1. Graham Dawson Silver badge
        Thumb Up

        I've said the same elsewhere. Apparently some people don't like the idea of freedom if it requires them to consider the consequences of their actions.

  13. dotdavid
    Holmes

    Follow the money

    Some of these anti-malware apps are undoubtably looking to get deals with the operators. I suspect the near future will be full of operators bundling cra... er, "apps we might find useful" on their handsets with some kind of financial arrangement in place. No-one wants to destroy their relationships with the operators, and potential for future wonga, if the operators are the ones installing CarrierIQ and getting all sniffy if you brand it malware...

  14. Barry Tabrah

    Liability

    If the Carrier IQ software is compromised and the vendor fails to address the vulnerability, will the vendor be liable for any data loss or fraud? After all, this is software loaded by the vendor that is not necessary for the operation of the phone.

  15. Inachu
    Devil

    Zonealarm for cell phones?

    It seems about time that we need a firewall app for our phones now.

    After using a program I do not want to be asked if I want to rate the app!

    After using a program I do not want to bebothered if I want to check if there is an update!

    When doing nothing I do not want an app to think for itself to phone home!

    I do not want an app that demands to use wifi 24/7 - sorry to use this app you must have wifi enabled. WTF!!!! Kinda like games that demand to be connected just to post high score. I DONT CARE!

    -------------------------------Please makers of Zone Alarm we need you to make an app for our cell phones now!

    1. Ilgaz

      It exists and free

      Droid wall does what you need although it needs root access since it uses function of underlying Linux core. Root enabling can be the ultimate security risk if you aren't careful by the way.

    2. Anonymous Coward
      Anonymous Coward

      Already exists, requires root

      Use DroidWall or similar if you want a gui.

  16. Paul 135
    Headmaster

    I've never understood this mindset of antivirus companies

    This mindset has always existed with Antivirus companies, even on the desktop

    For example, you can buy legal key-logging software to install on your PC, your spouse's or your child's PC etc. Some of them are rather intelligent Trojans that can even email keystrokes to you and then delete themselves automatically. However, most antivirus software will not flag this as a warning!!!

  17. Robert Carnegie Silver badge

    In the licence for the latest Samsung Kies update...

    (that's the PC software to manage a Samsung Android device)

    I seem to have consented to Samsung monitoring all my data and activities on the device except specifically those that it's illegal to monitor, for whatever reason they choose, but, in particular, in case I may be using the device outside its permitted licence conditions.

    This is a few days ago, maybe just after the Carrier IQ story (re?)-broke.

    Oh, well. I guess I'd just better not take it with me on any protest marches, or read political web sites.

    I suppose that by "illegal" they mean "like actually tapping phone calls except when the government secretly asks them to".

  18. Anonymous Coward
    Anonymous Coward

    Seriously?

    Worthless information? Just being told one would be a start, and then you could decide if you wanted to ditch the carrier (or moan to get it removed).

    By the same argument, I expect you don't see the point of doctors telling patients they have an incurable desease either, as it's 'worthless information'.

  19. No. Really!?

    App running, but hiding itself...

    If your anti-virus isn't giving a informational warning about this (at the very least), then what use is it?

    1. Dr. Vesselin Bontchev

      Define "hiding". Do you know how many processes are running on your average PC, which aren't immediately obvious? Should AV programs "warn" about each one of them too?

      Not defending CarrierIQ (or the carriers pre-installing it) here - I personally think that it is a huge privacy violation - but AV programs have to be more particular than reporting anything you don't immediately see.

  20. Gordon Fecyk
    Facepalm

    "Why are anti-virus firms so slow to react?"

    Fixed the article title for you.

    Doesn't anyone read Vmyths anymore? Like this is any different compared to PC anti-virus firms.

  21. John G Imrie

    Didn't we have a similer time lag

    over the Sony Rootkit Fiasco?

  22. Anonymous Coward
    Anonymous Coward

    Clueless users as per usual.

    It's been known for a while that most mobile phones can be turned, remotely, into listening devices and that your location can and is, observed and recorded and you're all in a hooha over Carrier IQ.

  23. William Old
    FAIL

    Anti-virus software for Android???

    You mean, like phlogiston meters and left-handed screwdrivers?

    It demonstrates the average user's (non-)understanding of what a virus is, if they are queuing up to buy such crap. (1) When did the Carrier IQ firmware become self-replicating? (2) At what rate is it spreading from Android device to Android device by itself?

    Answers: (1) It didn't; (2) Zero. So it isn't a virus. Sigh. Anyone want to buy Tower Bridge? I'm the owner...

    1. Anonymous Coward
      Anonymous Coward

      Lighten up

      Us clueless users know what a virus is. We just don't give a shit for pettifogging losers.

  24. Wile E. Veteran
    FAIL

    Ever take a gander at the permissions Lookout wants?

    Although Lookout came pre-installed on my phone, I deleted it because I did not know what it did. After reading about the CarrierIQ issue, I decided having some sort of ant-virus might be a good idea so I went to the Android Market intending to download Lookout.

    Take a close look at the permissions Lookout wants (as do most of the AV products at the Android Market). Pretty much everything CarrierIQ does. Does not mention keystroke logging but that does not mean it does not have it.

    Lookout and other AV products are just as big a security risk as CarrierIQ, maybe more so as there is nothing to prevent a black-hat form gaining access to the data the AV products use, even if THAT data is "temporarily" stored in RAM..

  25. zen1

    meh

    While I use utilities like that work, they are NEVER run without giving the user adaquate notice. Even though the company is legally within their bounds to run diagnostics on equipment they own, we are courtious to the end user.

    I own my phone; I paid for it and if I want to dance around it naked, while I throw it on a bon fire, it's my perrogative. My carrier did NOT bother to inform me that there was software capable of collecting any kind of information, preinstalled on my phone. Had I known that ahead of time I would have selected either a different phone or a different carrier.

    Point #2: Who pays for the bandwidth when it sends said collected metrics back home? Sure as hell better not be me, as I didn't ask for it, I didn't download it and I sure as hell didn't authorize it to capture anything about me, my location, how I use the phone or not.

    Point #3: Security - Now that the entire world knows of CIQ and the level of detail its products collects, who's to say that: A: CIQ won't get hacked and all that data winds up being used against some or most of us?; b) Someone writes malware to exploit the carrier IQ product? Talk about identity and privacy fraud on a scale that the world has never seen.

    The spooks are probably drooling at the prospects of all this.. Besides, just because you can, doesn't mean you always should. epic fail on the carriers and ciq for not fully disclosing this ahead of time

  26. Anonymous Coward
    Anonymous Coward

    IPhone

    I thought that on the iPhone Carrier IQ was by default set to not report and you had to turn it on (I think you are asked when activating the phone). If this is the case it seems to be the best way if it is necessary to have the damn thing. Can they not just ask first? I would have no problem then as I can just say no...

  27. Pascal Monett Silver badge

    Seems that the fallout is spreading nicely on this issue. It's becoming the hot potato everyone involved tries to throw to someone else, and more and more companies are being sucked in.

    Round and round the CIQ infection goes . . .

  28. heystoopid
    Holmes

    De Ja Vue, 2005 all over again! Or, how soon we forget!

    Sounds all too familiar, sounds like like the Sony-BMG rootkit affair of 2005!

    This is where for the price of a legitimate legal purchase of an audio CD from Sony-BMG in 2005, your M$ Windoze XP computer was deliberately infected with a rootkit virus, without user intervention!

    The story that emerged that year, was when F-Secure found the source and sent a legitimate inquiry to Sony Music New York HQ, to confirm or deny that the pressing plant was either infected with a virus, or it was a deliberate attempt to hijack end user computers! The reply they receive from Sony Music legal, was a DMC bugger-off take down threat on the lines of "Go public, we will sue you into the bankruptcy court!". The AV company F-Secure was forced to back off under pain of legal blackmail threats and told also not to tell no one outside the company at the same time!!!!!!!!!!!!!!

    One man wrote it up in his blog, exposing the evil rootkit for what it was, and the rest is now history, of how the outraged Internet blogosphere took down a then unassailable music giant and kicked them out of their ivory castle tower!

    Sony by losing a class action US law suit, paid a few pennies in compensation to infected US users, ignored the rest of the world and allegedly withdrew the then unsold infected audio discs or so we were told!

    So, whilst Carrier IQ, was fully aware of the abuse of it's software, the kept themselves in full denial of the evil and just took the money and went with the flow!

    If, the so called Carrier IQ battery sucking/virus/rootkit/spyware, is as benign a research network tool as the company claims, why is there no 'off switch', user opt in/out clause, enduser EULA or removal tool provided since it went live from day one!

    Who benefits?

  29. Anonymous Coward
    Anonymous Coward

    CarrierIQ vs OMA

    Maybe I missed it but I haven't seen any discussion on alternatives to CarrierIQ - especially standards-based solutions like those from the Open Mobile Alliance. Protocols like OMA-DM provide plenty of diagnostic information which can be used by carriers to improve subscriber experience, and there are plenty of commercially-deployed solutions based on this.

    To be fair to CIQ they started out several years ago before OMA-DM (and related standards) had been ratified, or even drafted. I looked at their products some years ago (on CDMA networks) but wasn't too happy about the need for a deeply-embedded client and the implications for the handset owner - especially the potential for degrading battery life. Nonetheless, just because your phone may not contain CIQ software, don't assume that diagnostic data is not being captured OTA using other means...

This topic is closed for new posts.

Other stories you might like