In order to not end up with ten different posts or endless updates to the previous one, I’m using this post to assemble all the official responses from both carriers and device makers alike concerning the CarrierIQ rootkit/spyware/whatever. Update: Added official statement from HP regarding webOS (see bottom).
ComputerWorld confirms both Sprint and AT&T use CarrierIQ. Sprint:
We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.
We’re really not going to offer more detail than what’s in the statement
Verizon in a statement to GigaOM:
Any report that Verizon Wireless uses Carrier IQ is patently false. […] We did recently notify customers about new privacy programs; we were transparent about how customer information will be used and gave clear choices to customers about whether they want to participate in these programs. Carrier IQ is not involved in these programs.
RIM is aware of a recent claim by a security researcher that an application called ‘CarrierIQ’ is installed on mobile devices from multiple vendors without the knowledge or consent of the device users. RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to CarrierIQ.
HTC stresses it is not a partner of CarrierIQ in a statement to All Things Digital:
Carrier IQ is required on devices by a number of US carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application.
CarrierIQ does not ship products for any Nokia devices.
Samsung told ComputerWorld that it only integrates CarrierIQ at the request of carriers. This explains why some US Samsung phones have it installed, while dutch Samsung phones (like my own) do not.
Google makes it clear it has zero involvement with CarrierIQ:
We [Google] do not have an affiliation with CarrierIQ. Android is an open source effort and we do not control how carriers or OEMs customize their devices.
And lastly, Apple, which does use some elements of CarrierIQ, but it’s all opt-in, and it doesn’t collect keystrokes and things like that. The company still gave out a statement to The Verge:
We [Apple] stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.
Carriers really seem to be the big bad wolves here, as was to be expected. You can use the comments to post any other statements – especially statements from local carriers in Europe would be interesting. So far, being a Dutchman myself, I can only state that no Dutch carrier installs CarrierIQ.
Just got a statement from an HP spokeperson:
HP does not install nor authorize its partners to embed Carrier IQ on its webOS devices.