So masses of concern have amassed since the recent discovery about what Carrier IQ's smartphone diagnostic software actually records, and the fact it's on more than 141m handsets worldwide. UK mobile networks have been forceful in completely denying use of the software on their devices.
Carrier IQ is, on the surface of it, a "mobile intelligence" solution that "eliminates guesswork by automatically providing accurate, real-time data direct from the source - your customers' handsets." The underlying privacy concerns, discovered and raised by developer Trevor Eckhart, show that every keystroke is logged, every transaction made to websites (even secure protocol sites (https)) are recorded, even text messages are acquired in plain text, meaning that personal data of millions of handsets is available in plain sight to the company, and whomever else uses the product (malicious software use?).
The company rebuttled, claiming that the software "does not record your keystrokes, does not provide tracking tools, does not inspect or report on the content of your communications, does not provide real-time data reporting to any customer and does not sell data to any third parties."
But, more contradictory to this image being put forward, they issued a cease-and-desist letter to Eckhart, demanding that he stopped discussing his findings in late November. However, the Electronic Frontier Foundation came to the rescue and argued his right to discuss the matter in a public space, making Carrier IQ part of this whole situation much more public.
UK mobile networks Vodafone, Orange and O2 have told the Guardian today that they don't install Carrier IQ on any of their products, and 'to the best of their knowledge' hasn't shipped any phones containing it in the past.
The software may be used to "better [identify] dropped calls and poor service; problelms that impede a phone's battery life;" but Eckhart, from the unmodded copy of Carrier IQ's software, has found that it can "query any metric from a device." Metric in this situation is rather broad: device type, memory and battery life, applications on the device, keystrokes, usage history, geographical location and general communications are recorded by it.
Smartphone makers have been quick to jump on the bandwagon of denying use of the software. From various statements:
Nokia is aware of inaccurate reports which state that software from Carrier IQ has been found on Nokia devices. Carrier IQ does not ship products for any Nokia devices, so these reports are wrong.
We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.
Even HTC, the device used in a couple of the demo videos of the software, has jumped in, claiming they don't receive any of the data.
It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application.
So regardless of all of these, we may be out of the storm with this; but without sounding like spin doctors, we can't help but grumble slightly at UK carriers saying they haven't shipped any phones containing the software 'to the best of their knowledge.' But we're tracked a good majority of the time by many other technologies, this is just a new discovery, after over a year of use.