What's really going on with Carrier IQ on your phone

By , Network World |  Security, Carrier IQ, privacy

For example, Russell Holly, at Geek.com, was contacted by Eckhart during the latter's work on the CIQ application. After Eckhart posted his video, Holly wrote about it in a lengthy post on Nov. 29. He included this screen capture from the Eckhart video, which shows debugging output, apparently via the Android LogCat utility for "collecting and viewing system debug output." ("LogCat just prints out whatever is in the debugging logs on the device, and these are part of the Android OS," notes Rosenberg).

The photo shows, at the top, activity by the "ciqagent" involving a SMS text message. Roughly two-thirds of the way down, you can read the text of the message Eckhart sent himself: "Hello world!"

Holly comments: "When you receive a text, the video demonstrates that the CarrierIQ software is aware of the text message and its contents before the phone notifies you that you have a message. CarrierIQ and Sprint both were adamant that the body of an SMS was not recorded, and yet we can clearly see in the video that the text contents are read and transmitted via the CarrierIQ applications."

Holly took the time and effort to contact Carrier IQ, requesting additional information to clarify this apparent contradiction. The company declined.

So is this photograph "proof" that Carrier IQ, and therefore the handset maker and the carrier, can read your SMS text message?

No, says Rosenberg.

"What you're seeing in Trevor's video is actually two distinct events," he says. And these have not been clearly distinguished in much of the uncritically accepting commentary about the video.

What you first see, Rosenberg says, are a "few debug messages, related to CarrierIQ, [which are] being printed out when an SMS is received."

"These messages do not contain any sensitive data, and simply indicate that CIQ is doing *something* with SMS data," he says. "My research has shown that what CIQ records are things such as the status of the SMS message (success or failure), the source, and the length, but not the contents. My research also showed that CarrierIQ does not even support the capability to record SMS [text] bodies even if a carrier wanted to, since none of CIQ's metrics have a field dedicated to SMS bodies."

Yet Eckhart's video of the output does indeed show the body of the text message. What gives?


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness