Apple issued a statement on Carrier IQ on Thursday, revealing that the data logging software has not been a part of "most of its products" since the release of iOS 5 in October, though traces of the inactive software do remain and will be removed in a future update. But the Bavarian State Authority for Data Protection seeks more answers than Apple provided in its two-sentence statement.
"We read in the press about the privacy concerns the software may pose and decided to ask Apple about the details, " Thomas Kranig, head of the data protection authority, said in an interview with Bloomberg. "If Apple decided to cease the use, all the better."
While much of the attention surrounding Carrier IQ has been about U.S. carriers, the company does have offices for customers in the Europe and Asia Pacific regions. Its U.S. headquarters is in Mountain View, Calif.
Apple was not named in a letter sent to Carrier IQ on Thursday by U.S. Sen. Al Franken, D-Minn., requesting information on how the company's software works. Franken has shown concern that Carrier IQ has the ability to log and transmit "extraordinarily sensitive information," including specific keys pressed and numbers dialed on a smartphone.
"We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update," Apple's official statement on the matter reads. "With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so."
The Carrier IQ controversy took off this week when security researcher Trevor Eckhart uploaded a video demonstrating how the software secretly runs in the background on a stock Android-based handset from HTC, even when in airplane mode with cellular data disabled. Carrier IQ was tracked as having access to every action conducted with the Sprint phone, including key presses, numbers dialed, contents of text messages, websites visited, and even location of the phone itself.
Like Apple, Google has distanced itself from the Carrier IQ controversy, stating that it does not include the company's software in its own devices with the stock version of Android, such as Nexus phones and the original Xoom tablet. But because Android is open source, that has given U.S. carriers, and hardware makers, the ability to quietly add Carrier IQ software into their phones, and run it in a way that it doesn't even appear in the operating system's list of active tasks.
Defending itself, Carrier IQ has said its software counts and summarizes the performance of handsets in an effort to aid carriers. Its software is installed on more than 141 million handsets, and Carrier IQ claims its customers "have stringent policies and obligations on data collection and retention," while its software is "not recording keystrokes or providing tracking tools."
Speaking to John Paczkowski of All Things D, a spokesperson for Carrier IQ explained that while the company's software can "listen" to a smartphone keyboard, it doesn't log or understand keystrokes. This can be used for a technician to have a customer enter a certain code that Carrier IQ will understand.
"It's simply looking for numeric sequences that trigger a diagnostic cue within the software," Paczkowski wrote. "If it hears that cue, it transmits diagnostics to the carrier."
The company explained that it's actually the carriers who decide what is to be collected and how long it's stored. Carrier IQ said that data is typically kept for about 30 days, and the data is in control of the carriers the entire time.
Among U.S. carriers, Verizon has outright denied that it uses Carrier IQ in any of its handsets. In a statement to GigaOm, the company said claims that Verizon uses Carrier IQ are "patently false."
But the other three major U.S. carriers — AT&T, Sprint and T-Mobile — have admitted that they do in fact use Carrier IQ. In statements provided to Computerworld, the carriers said the software is used to improve wireless network performance. Handset makers HTC and Samsung said Carrier IQ was integrated into their handsets at the requests of those carriers.
20 Comments
Rule #1 in grabbing attention:
If you can find a way to invoke 'Apple' (no matter how peripherally) do so. Guarantees you headlines.
I've no problem with opting-in with Apple, but my issue is with Carrier IQ. Why doesn't Apple integrate their own software? Who the heck is this Carrier IQ? I don't want my info sent through their servers and databases.
This news is very disappointing!
I've no problem with opting-in with Apple, but my issue is with Carrier IQ. Why doesn't Apple integrate their own software? Who the heck is this Carrier IQ? I don't want my info sent through their servers and databases.
This news is very disappointing!
Opt out then (assuming you opted in) - I assume that this is not difficult, although I am not an iPhone user.
Did the German regulators ask anyone or just Apple?
I've no problem with opting-in with Apple, but my issue is with Carrier IQ. Why doesn't Apple integrate their own software? Who the heck is this Carrier IQ? I don't want my info sent through their servers and databases.
This news is very disappointing!
I'm certain that Apple is using their own analytics. I'm certain there are other analytic software on phones that is being used that wasn't disclosed this week. It's only a big deal if it's 1) not anonymous, 2) you are not able to opt-out, 3) if they aren't disclosing what is being recorded, 4) if it's recording personal info like URLs, and/or 5) it has unacceptable features like a keylogger.
Opt out then (assuming you opted in) - I assume that this is not difficult, although I am not an iPhone user.
I did, however, I've been using iDevices since '07, and consumers need to know this kind of crap, I didn't know the info was filtering through a third party whose software records keystrokes and submits unencrypted HTTPS data. Apple may not be collecting such data but CIQ might've been since the data goes to their servers before being analyzed and sent to Apple.