Carrier IQ Issues Blown Out of Proportion?
As the furor over software company Carrier IQ continues with no sign of abating more level-headed analysts are starting to ask if the assertion that the company can monitor and collect data from the user's smartphone has been blown out of proportion.
Ever since a Connecticut-based systems analyst named Trevor Eckhart posted a video showing software from Carrier IQ can collect data such as frequently visited Web sites or what buttons users press on the device. Now other analysts are stepping forward and saying that Carrier IQ software isn't the big bad privacy monster people think. Dan Rosenberg a security consultant with Virtual Security Research posted his individual findings on a blog and clears up the misinformation about Carrier IQ software.
Rosenberg analyzed the Carrier IQ software and produced a detailed breakdown of the agent's metrics. Metrics are pieces of information that the Carrier IQ software receives from the phone. The software evaluates the metric based on the current profile installed on the device. Profiles will determine whether a metric is relevant for a phone service like reception or battery usage. These profiles are written by CarrierIQ at the request of cell phone carriers. CarrierIQ only relays relevant information at the request of the carrier.
According to Rosenberg, CIQ is incapable of recording SMS information or recording keystrokes. In some situations it can report GPS information and record URLs visited but "not the content of those pages or other HTTP data." Rosenberg pointed out that his findings are based on a Samsung code, other carriers can ask more information from CIQ.
The data is being used to diagnose and fix network, application and hardware failures. Of course the technology isn't nefarious in the way CIQ uses it now. Other groups could make use of the date for malicious purposes but that's the risk for every device nowadays.
The metrics in the software can actually improve the user experience. Carriers can use the knowledge of when and where calls are dropped to improve coverage. Handset manufacturers can use the knowledge of what applications consume the most battery life to improve the battery life. If the user really wants someone to blame they should take it up with their carriers who commissioned Carrier IQ to begin with.
The real issue here is that users should be allowed to choose whether or not they want their phones to be subjected to metrics. Users should also press for more stringent rules on how the data is used or even an independent oversight committee. The software itself isn't the big problem and any complaint should be taken to the source, the carriers and manufacturers.