Carrier IQ, a mobile data-tracking company that can best be described as woefully beleaguered, is now being scrutinized for its business practices by international officials as well as lawmakers inside the United States.
In an interview with VentureBeat, the company stated that the growing privacy concerns are overblown, and welcomed the scrutiny.
San Mateo, Calif.-based Carrier IQ tracks consumers’ cell phone activity, allegedly down to the keystroke, and renders the data usable by mobile carriers and manufacturers. This information is used, say the companies involved, to improve cell coverage, app reliability and battery life.
But others say the software and those who use it violate consumers’ privacy.
The most recent entity to join those aforementioned others is the Bavarian State Office for Data Protection, which just sent a letter to Apple regarding that company’s use of the Carrier IQ software.
These concerns around Carrier IQ’s software were also present in a recent statement from the UK Information Commissioner’s Office. The ICO also plans to make inquiries into mobile carriers’ use of Carrier IQ.
In a statement, an ICO official said, “Being open and up-front with customers about how their personal data is being used is fundamental to maintaining their trust. It is obviously also vital that mobile manufacturers and operators comply with the Data Protection Act.”
Stateside, Senator Al Franken has written letters to both Carrier IQ and several mobile carriers to express his concern over what data is being gathered and how it is being used.
We’ve reached out to Sen. Franken’s office and will keep you updated on the status of his inquiries.
The Carrier IQ brouhaha started when blogger/developer Trevor Eckhart showed a video of Carrier IQ software logging his keystrokes. Eckhart said the software was capable of collecting phone numbers, text messages, web searches, emails — just about any keystroke a user entered on the phone.
As of a year and a half ago, the low-level software was installed on at least 90 million mobile devices around the world.
However, in a recent email exchange with Carrier IQ, a company spokesperson told VentureBeat that Eckhart’s claims were overblown and incorrect, regardless of the video.
“These are diagnostic short codes available for users to dial which cause a mobile device to take specific actions such as upload diagnostics information or check into the servers for updates,” she wrote. “The [Carrier IQ] agent listens for these short codes only.”
The spokesperson also acknowledged that while Carrier IQ collects the data, it’s up to carriers and manufacturers to decide what data they need and what data to use.
“To our knowledge, the data gathered using Carrier IQ software is used only for diagnostics purposes,” she said.
“While there may be additional uses for this diagnostics data, operators well understand the privacy concerns that might come from doing so.”
As for the inquiries from Franken, Bavaria and the ICO, the rep said, “Of course we will comply with all domestic and foreign regulators. We truly have nothing to hide.”
Also, as of Friday, there are not one but two class-action lawsuits against Carrier IQ and the carriers and manufacturers that use it.
While we’re happy to say that Carrier IQ and other companies that perform the same functions can and should be questioned carefully about their respect for user privacy, we’re also noticing a rapid escalation of consumer and lawmaker response to the situation — a response that’s asking some of the right people some of the right questions but rarely waiting for answers.
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here