In order to not end up with ten different posts or endless updates to the previous one, I’m using this post to assemble all the official responses from both carriers and device makers alike concerning the CarrierIQ rootkit/spyware/whatever. Update: Added official statement from HP regarding webOS (see bottom).
ComputerWorld confirms both Sprint and AT&T use CarrierIQ. Sprint:
We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.
AT&T said its use of CarrierIQ was in line with the carrier’s privacy policy.
We’re really not going to offer more detail than what’s in the statement
Verizon in a statement to GigaOM:
Any report that Verizon Wireless uses Carrier IQ is patently false. […] We did recently notify customers about new privacy programs; we were transparent about how customer information will be used and gave clear choices to customers about whether they want to participate in these programs. Carrier IQ is not involved in these programs.
RIM is aware of a recent claim by a security researcher that an application called ‘CarrierIQ’ is installed on mobile devices from multiple vendors without the knowledge or consent of the device users. RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to CarrierIQ.
HTC stresses it is not a partner of CarrierIQ in a statement to All Things Digital:
Carrier IQ is required on devices by a number of US carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application.
Nokia denies any and all use of CarrierIQ:
CarrierIQ does not ship products for any Nokia devices.
Samsung told ComputerWorld that it only integrates CarrierIQ at the request of carriers. This explains why some US Samsung phones have it installed, while dutch Samsung phones (like my own) do not.
Google makes it clear it has zero involvement with CarrierIQ:
We [Google] do not have an affiliation with CarrierIQ. Android is an open source effort and we do not control how carriers or OEMs customize their devices.
And lastly, Apple, which does use some elements of CarrierIQ, but it’s all opt-in, and it doesn’t collect keystrokes and things like that. The company still gave out a statement to The Verge:
We [Apple] stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.
Carriers really seem to be the big bad wolves here, as was to be expected. You can use the comments to post any other statements – especially statements from local carriers in Europe would be interesting. So far, being a Dutchman myself, I can only state that no Dutch carrier installs CarrierIQ.
Updates
Just got a statement from an HP spokeperson:
HP does not install nor authorize its partners to embed Carrier IQ on its webOS devices.
Now that Nokia claims that there phones don’t have it. Next question what reporting features do nokia phones have if any.
Eh, surely the same could be said of any phone? I don’t see how this makes it look like Nokia have any more facilities for reporting usage data than any other manufacturer. For example, HP say they don’t allow CarrierIQ either – but they don’t say they don’t use something else… So why “Busted”?
Now, I’m sure, oiaohm, that you would categorically deny ever raping your significant other.
But then the real question would remain, who did you rape?
(yes, this is the style of argument you made; one quite popular with ~political TV “reporters” / propagandists in few places, BTW)
Checked on phones on almost all Finnish network operators and CarrierIQ isn’t available here. Checked on Iphone iOS5,Android (Samsung,HTC) and Nokia (Symbian 60, Symbian^3)
Can you log keystroke on an iphone ? (probably power button and volume key ).
Here’s a non-technical article that explains in plain English why this controversy is important and what’s at stake —
http://www.huffingtonpost.com/josh-levy/phone-spying-technology_b_1…
-1 Articles from HuffingtonPost are not known for their objectivity on any particular subject.
They are good for gauging other people’s reactions on subjects, like a messaging board. But if you take them more seriously than some guy’s random post on digg, you’re crazy.
Not to go conspiracy theory here, but both my Verizon Droid Classic and B&N Nook have OS software updates this morning. Interesting timing?
I won’t say this wouldn’t have happened if Dalvik were GPL, but my impression from watching the video the other day was that it either is hooking in through Dalvik or the kernel. In the latter case, shouldn’t this also constitute a GPL violation?
Edited 2011-12-02 13:45 UTC
The carriers just add a program to the OS before they flash it onto the phone and ship it. That doesn’t violate the license for the OS, GPL or not.
That wasn’t my impression, as android (or parts of it) are definitely linked to parts of Carrier IQ, which is why it is basically impossible to remove.
It’s news like this that make me glad my carrier (Wind Mobile in Canada) was very friendly to the use of externally purchased phones like my Nokia N900.
I find this comment interesting.
“We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool.”
Which seems to contradict what video poster claims.
Bounty,
It may be a genuine case of the tools collecting the information, but they don’t store it or look at it.
But even so the privacy concerns are still there. It’s like selling a computer having a key logger installed, but it’s ok because the vendor promises not to actually use it to spy on you.
I totally agree with the comment from Belgian ISP and carrier Telenet: software on handsets is more the responsibility of the phonemakers and android than the carrier.
The carrier provides a phone service and network, people should be able to use whatever (legal) phone they want, without tampering by the carrier. You don’t buy your computer from your ISP, do you? Imagine the spyware they would try to shove down your throat…
Darkness,
“…software on handsets is more the responsibility of the phonemakers and android than the carrier.”
Except it’s hardly the fault of the manufacturers if the carriers require the software to be loaded, or if the carriers install it themselves.
“The carrier provides a phone service and network, people should be able to use whatever (legal) phone they want, without tampering by the carrier.”
Ideally yes, but consumers should be able to buy phones from the carriers with the expectation that their privacy won’t be violated.
I don’t know who’s at fault in this case, but it could just as easily be the carriers. I’d trace back where the data is going (whoever they are) and hold them primarily accountable.
Asked about CarrierIQ to all three Latvian GSM carriers (LMT, Tele2, BITE), they answered, that they are not installing anything. But will need to verify that with real devices.
I could never understand why you guys always get a subsidized phone from a carrier? AFAIK , buying an unlocked phone in US is pretty much unheard of.
Carrier IQ is only one way in which carriers rape you in the a**. Actively disabling bluetooth is another, intrusive branding and preinstalled crapware and spyware is another. Wake up!
So you think that it’s unheard of because the option is available but we just choose not to exercise it? AFAIK, all the major carriers do not allow/do not support unlocked phones on their networks.
I think no contract plans are beginning to pick up some speed, though that’s not the same thing as allowing unlocked phones. I use Boost, a smaller carrier that runs off of Sprint’s network, which offers the cheapest unlimited plans on the market and only sells unsubsidized phones. However, I don’t think that they’re unlocked, and also I think that they only use CDMA and iDEN, so that rules out any third party GSM phones.
GSM networks support any GSM phone which will accept (which is unlocked) their SIM card (well, as long as sometimes-weird frequencies are accounted for; not much of a problem nowadays), that’s the thing about GSM standard… GSM is GSM. And yeah, verified by some of my buddies who took (far) their own phones during a stay in your general region, for use with local networks.
(as for the other type of your local standards – as far as one can tell, they were meant to lock you in)
So it seems, at least, that you might have at large inaccurate perceptions about what’s possible (aided by carrier PR, I bet), accept upgrade cycles and contracts as “inevitable”.
Requesting info for Motorola (Electrify)/US Cellular, when available.
Good update. Interesting to see what the vendors have to say about this all in one place.