"CarrierIQ exists for a legitimate purpose - to help carriers and OEMs isolate and diagnose specific classes of problems that affect mobile service," Bace says. "The developers have taken great pains to minimize the impact their diagnostic functions have on the constrained resources present on the mobile devices. Furthermore, they have also taken great pains to put control of their software in the hands of their carrier customers, who have strong privacy policies and regulatory measures in place. They [CIQ] don't access end user information; neither do they store such data. I'm mystified as to why anyone believes they should merit such abuse."
Nonetheless, Rosenberg is critical of the way the Carrier IQ application has been implemented in the carrier-manufacturer relationship. End-users should be able to opt out of any sort of data collection; carriers should be clearer and plainer about what data is being collected from the phone, and why; and "there needs to be third-party oversight on what data is collected to prevent abuse."
Finally, he says, the "legality of gathering full URLs with query parameters and other data of this nature should be examined."
Rosenberg says he has shared with Eckhart about his own findings, based on running the Carrier IQ application through a disassembler. But so far, Eckhart has not posted anything new on his blog.
And that points to another set of criticisms that can be levied.
"To fail to differentiate an after-market app from a system internal that is integral to the management of the network to which the device is connected is a major failing," Bace says of Eckhart's original analysis. "To propose, as he has in the meantime, that he can provide a means of removing the offending mechanism - without disrupting quality of service -to a general populace of non-technical users is simply beyond the pale."
John Cox covers wireless networking and mobile computing for Network World.
Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about wide area network in Network World's Wide Area Network section.