December 05, 2011, 8:08 AM — Organizations and regulators across Europe, including Germany, have started looking into the use of Carrier IQ's tracking software, to ensure that mobile phone vendors and operators are not violating users' privacy.
The Bavarian State Office for Data Protection has sent a letter to Apple questioning the company about its use of Carrier IQ's software.
The use of Carrier IQ's software caused a furor after security researcher Trevor Eckhart last month published a report accusing the company of installing malware on a number of different smartphones, where it apparently allowed operators and phone vendors to keep track of key presses, browsing history, SMS logs, and location data without the users knowledge.
Thomas Kranig, president of the Bavarian data protection office, said: "The most important thing to me is that users know how their data is used, and if that isn't the case there is a problem."
He wouldn't comment on the letter's contents, but expects an answer from Apple within about two weeks.
"Normally, Apple employees in Germany have to talk to the U.S. before they can say anything, so we have to wait," said Kranig.
His view of the importance of keeping users informed is echoed by the U.K. Information Commissioner's Office (ICO), an independent authority set up to uphold data privacy for individuals, and by BEUC, the European Consumers' Organisation.
"Being open and up-front with customers about how their personal data is being used is fundamental to maintaining their trust. It is obviously also vital that mobile manufacturers and operators comply with the Data Protection Act," ICO said in a statement.
ICO plans to contact mobile phone operators to see if Carrier IQ or similar software is on U.K. customers' handsets and, if so, what steps are being taken to ensure there are no privacy implications, it said.
As tools like Carrier IQ's are becoming more prevalent, clear rules on consent and mandatory privacy settings have to become the default, according to BEUC.
"Consumers are often shocked when they discover they are being so closely tracked, so more transparency is an urgent requirement," said Monique Goyens, Director General at BEUC, via email.
BEUC hopes that the upcoming update of E.U. laws on data protection will address these issues.
Apple included Carrier IQ in earlier version of iOS, the company has publicly stated, but dropped the software from iOS 5 and has not collected any personal information.
Samsung Electronics mobile phones sold in Europe don't use Carrier IQ's software, a spokesman for Samsung said via email.
European operators are giving Carrier IQ the cold shoulder, as well. Vodafone and Orange said that they don't use the software.
Vodafone in Portugal conducted a limited trial of Carrier IQ's software in 2009, but decided not to proceed with commercial deployment, according to the operator. However, a joint press release from 2009 says the opposite, and states that Vodafone Portugal was "moving [the software] into operation". That information is incorrect, a Vodafone spokesman said via email.
"The protection of our customers' privacy is paramount and we have strict guidelines governing the technologies we deploy," said the spokesman.
Carrier IQ last week said its software is only used to diagnose operational problems on networks and mobile devices, and does not record, store or transmit the contents of SMS messages, email, photographs, audio or video.
"For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen," the company said.
At noon, Central European Time a counter on Carrier IQ's website states that its software is used on about 141 million handsets.
