Printed from http://www.electronista.com

Carrier IQ: any logging is the fault of HTC, other makers

updated 11:50 pm EST, Sat December 3, 2011

Carrier IQ puts attention back on phone firms

Carrier IQ followed up its technical discussion of how its system works with an implication that phone designers like HTC were compromising the security of its device tracking. In a chat with The Verge, marketing VP Andrew Coward was careful not to mention HTC by name but gave strong clues that a standard Android log file containing the normally unsaved information had to have been populated by HTC with the tracking data. HTC's software in this view was making copies of whatever the Carrier IQ programming interface saw.

The executive reiterated that the tracking only sits in RAM and is protected. It should only be viewable with Carrier IQ's own software. An app with strong permissions could read the standard log file, but this was an issue with Android, not Carrier IQ.

A worst-case exposure of the files would still leave data no more than a week old, Coward said. He had previously elaborated on this by mentioning that the tracking information was uploaded as sparingly once a week and included the last 24 hours of data up to that upload, making any week-old data itself just a small piece of the device's history.

HTC hasn't responded to the more direct accusation, but it has already said it was considering letting users opt out of tracking entirely. Other Android phone creators like Samsung have yet to fully take a stance. Apple, Nokia, and RIM have all said that they either stopped an already-limited use of Carrier IQ or never used it.

The core software is now generally thought to be benign and captures only anonymous carrier data, using any checks on keystrokes for short codes in voice or messaging. With carrier-badged Android phones not giving users a choice on whether they use Carrier IQ, however, it creates potentially very large security risks if the data escapes and hackers can assume that some phones are always vulnerable.



By Electronista Staff
toggle

Comments

  1. aussiearn

    Fresh-Faced Recruit

    Joined: Jan 2011

    +4

    LOL

    So the worst case is the https data, which is suppose to be secure end to end, which Carrier IQ shows in plain text is only vulnerable for one week. Well I don't know about any one else but I sure feel better knowing that!!! Yes I am being sarcastic for those who are part of the literal-net!

  1. SockRolid

    Forum Regular

    Joined: Jan 2010

    +11

    "Blame the carriers, not us!"

    Carrier IQ is evidently quite the bunch of chickensh!ts. "Hey, we just write the software. Don't blame us if anybody out there actually uses it to collect data. Bad carriers! Bad carriers!"

  1. kavok

    Fresh-Faced Recruit

    Joined: May 2010

    +9

    Yep

    Now the finger pointing begins. It was them not us! No it was the company, not the carriers. I hold them ALL responsible. It's the only way to find out what's really going on.

  1. The Vicar

    Junior Member

    Joined: Jul 2009

    +5

    Yeah, sure.

    "But, your honor, I only mixed up the nitroglycerine, put it into the case, designed and built the detonator, and gave it to someone else to deliver. How can you hold me responsible for the bombing?"

  1. climacs

    Forum Regular

    Joined: Sep 2001

    +1

    @The Vicar

    well, by the logic of the gun lobby... bombs don't kill people, people kill people.

    Carrier IQ is simply following the NRA's example. They wrote the code, it's not their responsibility as far as what people do with it.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News