Mobile carriers to blame for use of secret logging software?

The recent revelation that most Android, BlackBerry and Nokia phones are installed with the Carrier IQ software that logs practically all actions made by the mobile phone users and reports/sends it to remote servers has, understandably, created quite a stir.

While Nokia was quick to claim that no phone of theirs has ever been shipped with Carrier IQ onboard and the blame for the presence of the software on the devices was pretty fast passed onto the carriers, mobile telephone companies around the world were quick to deny any involvement with the scheme.

According to The Register, Australian Telstra, Optus and Vodafone have denied using the software, and were followed by New Zealand’s Telecom, Vodafone and Telstra Clear.

Thom Holwerda says that smartphones in The Netherlands also seem not to carry the software and speculates that its use might be limited to the US – even though Verizon has also piped up to say that their devices do not include Carrier IQ.

Additional investigation by an iPhone developer that goes by the name of “Chpwn” revealed that even users of iOS-run devices are not safe from the spying software. He says that since iOS 3 and up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone.

He also says that this version of the software does not have access to the same amount of information as those found on other devices. “I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely,” he writes.

In addition to all this, the software seems to work only when the device is in diagnostic mode – which is not by default.

Nilay Patel also reports that Google Nexus One, Nexus S, Galaxy Nexus, and the Xoom tablet do not contain the offending software.

“Each of those devices was launched in direct partnership with Google as the flagship for a new version of Android, so it seems that the addition of Carrier IQ comes from OEMs and carriers after Google open-sources Android’s code,” he points out. “Carriers requiring manufacturers to include Carrier IQ would also explain why references to the software have been found in iOS — Apple works much more closely with carriers since it builds both the hardware and software of the iPhone.”


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss