Update: Two new updates worth mentioning before the new week. Just a day after the Senate launched an investigation, Carrier IQ and some involved parties including Samsung and HTC are now facing a a class action lawsuit.
From the other side of the fence, Carrier IQ have started to defend themselves with a number of security experts siding with them. Dan Rosenberg, a security consultant who has discovered more than 100 vulnerabilities in the Linux kernel, FreeBSD, and GNU utilities, reverse engineered Carrier IQ's code and analyzed the tracking data collected by the company.
His conclusion in brief: "The application does not record and transmit keystroke data back to carriers... there is no code in Carrier IQ that actually records keystrokes for data collection purposes." Meaning there should be fewer privacy concerns than originally imagined. Read more here.
--- The original story is below ---
On Wednesday, news broke about a hidden application installed on most popular smartphone handsets that logs nearly everything the user does. Accompanying the news article was a 17-minute long video of developer Trevor Eckhart demonstrating how his HTC Evo 3D was tracking his key presses and even the content of his text messages.
The controversial claims resulted in the producer of the software, Carrier IQ, sending Eckhart a cease and desist letter. Digital rights group EFF jumped to his defence resulting in the company retracting its letter and issuing a formal apology.
Handset manufacturers and carriers were extremely quick to address the mounting criticism and anger from customers at the logging software, with a flurry of press statements clarifying their stance -- here is what is known so far:
Apple does use the logging software, though in an official statement to AllThingsD the company said it "stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update." They also reiterated that users must actively opt-in to share any information, and should they do so, it would be sent anonymously, encrypted and would not include any personal information. "We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so." More information on how Carrier IQ works on iOS is available in a blog post by iPhone jailbreaker Grant Paul.
Blackberry manufacturer Research in Motion said it "does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution." The Canadian firm added that they do not develop, or comission the development or distribution of the app, but promised to investigate reports and speculation related to Carrier IQ.
HTC outright pointed the blame in the direction of phone carriers: "Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier." The company also said that they were investigating the possibility of adding the option for users to opt-out of data collection by the software.
In the same vein, Samsung released a statement saying carriers were responsible for the installation of CIQ software and it had nothing to do with them. When speaking to Engadget, they further pointed out that "Samsung does not receive any consumer user information from the phones that are equipped with Carrier IQ."
Microsoft's Windows Phone 7 platform is seemingly clear of any known traces of the software. Joe Belfiore, who oversees Windows Phone Program Management, confirmed as much in a Twitter message on Thursday. It's flagship handset partner Nokia also stepped up to the hot plate, releasing a statement denying the company has shipped any products with Carrier IQ's software installed.
Google also made it perfectly clear to everyone that it had nothing to do with Carrier IQ, and insisted its new Google Nexus phones were free of the tracking software, according to a reliable source as quoted by the Verge. Questions have been raised about how Carrier IQ's software was able to make its way on Android devices given the various compatibility tests required in order to use Google's Android OS, though.
U.S. network carriers Sprint and AT&T have come clean, admitting they use the software in devices they sell. The official word from Sprint is that it helps "analyze network performance and identify where we should be improving service," claiming it is an integral part of the Sprint service. Similarly, AT&T's offical line is, "we solely use CIQ software data to improve wireless network and service performance," according to the Huffington Post.
T-Mobile also confirmed it uses the Carrier IQ "diagnostic tool" to troubleshoot device and network performance with the goal of enhancing network reliability. Meanwhile, Verizon, the largest U.S. carrier clarified they don't use Carrier IQ's software, and according to an email addressed to Gigaom from Verizon spokesperson Jeffrey Nelson, any statement saying otherwise is false.
Users in Canada, as well as Europe and elsewhere across the world so far appear to be unaffected.