If you don’t know what Carrier IQ is by now, you might be interested in knowing carriers have been installing the software capable of tracking user input on some of our devices. The situation has become so heated that Senator Al Franken is now demanding the company answer a list of questions that mirror the concerns of mostly everyone, and government regulators abroad want to question smartphone vendors like Apple. The good news? There is now an easy method to detect Carrier IQ on your device using a free Android app called Voodoo Carrier IQ Detector.
As of right now, removing the software requires installing Cyanogen Mod, but an easier solution and/or carrier or manufacturer intervention is likely coming soon. However, first you’ll want to find out if your device is even running the software, as not all are. Developer supercurio put together the tool, which he admits still needs some work and might not be 100% accurate, but he’s open sourced the code here for all to improve and promises updates.
A few more details have emerged today (via Los Angeles Times) shooting down concerns that Carrier IQ transmits sensitive user data to carriers. In a statement released Thursday, the company had this to say:
“While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video.”
Senior consultant at Virtual Security Research, Dan Rosenberg, also claims the idea Carrier IQ transmits or records personal user data to carriers is simply “not true”. He reverse engineered the software and had this to say about his findings:
“I’ve reverse engineered the software myself at a fairly good level of detail,” Rosenberg said. “They’re not recording keystroke information, they’re using keystroke events as part of the application.”
Another researcher, Jon Oberheide of Duo Security, backs up Rosenberg’s claims:
“It’s just spitting debug messages to the internal Android log service… It appears that Carrier IQ is indeed collecting some metrics, but I have not seen any evidence that keystrokes, SMS messages or Web browsing session content are being transferred off the device.”