updated 12:50 pm EST, Thu December 22, 2011
EFF urging public to send in Carrier IQ profiles
The Electronic Frontier Foundation (EFF) has released a call to action this week that prompts users to check which Carrier IQ profile is preloaded onto their smartphones. It wants to collect all the different profiles of Carrier IQ in the field and is asking users who find it on their phones to send them a copy. Other than the copy, they need to know which phone and network it was from and where on the phone's file system it resided.
In some cases, however, smartphones need to be jailbroken or rooted in order to extract the file. The Profiles are a mix of binary data and legible code, written in Forth. The EFF has shared a program one of its volunteers reverse-engineered for parsing Carrier IQ Profiles. Called IQIQ, it transforms the WBXML profiles to XML that can be read.
Different profiles have specific instructions about what data to collect, how to aggregate it, and where to send it. The EFF is hoping to shed light on what information is actually leaving devices and possibly uncover any privacy issues about the tracking tool. Carrier IQ officially collects only anonymous signal and performance data, but concerns exist that the software might collect messages or more, even if unintended.
Carrier IQ has said that its software has a bug that sends SMS messages, but not in a format that could be read.