Dec 05 AT 10:10 AM Anthony Domanico 80 Comments

Opinion: Carrier IQ might be a good service, but it still should require opting in

android-magazine-spread

Carrier IQ and the resulting media outcry was certainly the topic of the week in the tech community last week. Now that we’ve had the weekend to digest the information, a few news outlets (that I’ve noticed, anyway) are starting to promote the idea that Carrier IQ is a good service, collecting usage data so that carriers and cell phone manufacturers to improve their cellular service and phone quality so that users can have a better overall experience. Several of these stories go on to suggest that the hullabaloo created by the tech media have caused concerns that simply aren’t or shouldn’t be there.

One of the more puzzling articles I’ve read this morning comes from Matthew Miller at ZDNet, which basically states that since Carrier IQ is good for us, we should just sit back and let them do what they do. Mr Miller states that:

It today’s online world we give up a lot of privacy and it looks like the Carrier IQ issue is nothing to really be concerned aboutMatthew MillerZDNet

At its core, I agree with Mr. Miller’s argument. I believe that Carrier IQ can truly help companies such as Sprint and Samsung improve the services they provide to paying customers. Where I feel Mr. Miller completely misses the boat is his suggestion that because we as customers don’t notice that it’s on our devices, we should simply allow it to do its thing and track our information.

I completely disagree with this notion for two reasons. First, whether or not Carrier IQ actually records the content of your messages or sites you visit or whatever you do on your device, looking at the permission list as well as tests performed by a few security researchers show that it has the permissions and ability to track these things. One simple change on Carrier IQ’s end, either of their own volition or at the request of one of their customers, and they can start recording this information on their servers.

The second point of contention is the fact that Carrier IQ’s service is opt-in by default. When I install the popular CyanogenMod ROM on my phone, I get asked if I want to send usage statistics to better the service the CyanogenMod team providers. When I installed Google Chrome, Google asked if I wanted to send usage statistics to help Google improve the Chrome operating system. In both cases (and many more), I happily obliged because I knew what information they were using, and why they were using it. Furthermore, I believed in the causes enough to give up some privacy so that the services I know and like could continue to get better.

With Carrier IQ, the service runs in the background every time you start your phone, and you’re never told what they’re using your information for, let alone what information they’re actually using. Yes, we now know that the likes of Sprint and Samsung are using Carrier IQ’s software to improve the service they provide to their customers, but we wouldn’t have known this unless this situation was brought to our attention.

Carrier IQ and its customers never asked us if we wanted to help them improve their service, they forced us to help them. They don’t tell us what information they’re taking, and how that information is being used to better our experience. And even in a mobile world where our privacy is becoming less and less important, services that are opt-in by default are violations of privacy, and deserve to be brought to the attention of the public.

Source: ZDNet

Anthony loves all things technology, from hardware to apps and games. You can connect with him via Google+ or Twitter by clicking one of the fancy doo-dads above.

    Most Tweeted This Week

  • stenzor

    Good points. I still don’t see what it would need to track the message content for though. And the lack lack of transparency from this company is baffling.

    • http://www.anthonydomanico.com Anthony Domanico

      Yeah, I probably could have written another 800 words stating that Carrier IQ should only have permissions to those things that it needs to track (seriously, it doesn’t need read access to message content), but the article was getting too long as it is.

      Maybe I’ll develop that argument a bit later :)

      • stenzor

        Oh ok :P

        It also seems like Miller has the same laissez-faire view as Zuckerberg with Facebook. But the root of the issue is not what the organization is doing with its consumers’ info on the surface… it’s the potential to do harm that counts.

      • ags29

        I’m gonna have to disagree. I don’t believe they need ANY permissions at all. First of all, some carriers have stated they don’t use Carrier IQ, and it is also not present in some phones. In my interpretation, that means they don’t need it. They choose to need and use it in the phones they do so with. Let’s not forget how massive these carriers are and the vast amount of resources at their disposal for them to breedsomething like this to diagnose a problem or whatever. Whatever they’re claiming to need this for is a gross mishandling of their consumers’ privacy.

        I’m no privacy control freak either, but I think allowing a service like this to exist is only a foot in the door for what’s to come. Next thing you know they’re tracking those numbers they’ve collected from you and linking them to a profile under your name to create a map of your social interactions that they can sell to advertising companies “in order to provide you with a better spamming experience.”

        • BiGMERF

          I really love using an IQ finder on my Galaxy Nexus and seeing ” Carrier IQ not found”

        • ags29

          Swype misfire** I meant “need something” :)

          Btw, it’s also VERY important to remember what companies like Carrier IQ are all in this for.. Profit.

          • erikiksaz

            Which makes it that much more fun to see Carrier IQ backpedaling through all this to try to save their own ass.

          • kevin charliethesuperturtle

            Antivirus are shit and don’t work
            Haven’t you read the article posted here about it?

      • Droid Dewd

        the article was just right and on the money with the issue at hand. Another 800 words would have been fine with this kind of specific focus on the issues which Miller seems to set aside as not important. Good stuff!

    • AppleFUD

      agreed. . . no reason for these types of apps not to be opt-in and removable by the end user. Any app that may violate the end user’s privacy should have those two requirements–opt-in & removable.

  • Alexis Piraina

    Of course that require opting it. If not it’s violation.
    It’s maybe time to say stop to this endless violation of private life… What next seriously ?
    But it’s appears that some people don’t bother at all.

    • Alexis Piraina

      I want to add that the question is : will it be an “opt-in” or will it be an “opt-out”… because the lambda don’t give a damn about those kind of thing, look at the apple iAd, you can “opt-out” but no one does.

  • frpst9

    Agreed completely.

    I have no problem with diagnostic applications being installed/preinstalled on my device, as long as:

    a) You make me aware that they are there
    b) You allow me the opportunity to enable/disable them

    Its all about being forthright and honest.

    • http://midweststitch.com ajonrichards

      What bugs me about this debacle is that I’m paying for them to gather valuable data about me. I’ve paid for the phone, I’m paying a premium for smartphone service; aren’t they making enough money off me as it is?

      • Shadowlore

        Ahh.. but if you read most of the fine print, the carriers use these sort of things as a way to justify the offset in cost they’re absorbing with the device they’ve sold you. It doesn’t matter that they have you on the hook for 2 years at a contractual price (that more than makes up for the cost of the device they’re eating) they’re going to find any and all ways to make more money.

    • koorsr

      I agree, but think it should go one step further and let me know exactly what information Carrier IQ or whatever they are using is sending back to the server because as of right now I don’t think anyone has exactly stated this is what we track; it’s all been here is what we don’t track (please someone correct me if I’m wrong with this). I’m all for sending back errors because of dropped calls, unsent text messages, etc. However I don’t want them actually able to view the contents of the messages.

    • tengo

      I also agree 100%. Simply allowing users to know that this software is running and giving them the option to opt-out is all it takes to make users happy (well, me at least).

      I am still sifting through the information available, but I am leaning toward the carriers for being at fault here. The Carrier IQ product is used by carriers (and manufacturers), so it should be their responsibility to implement the software in a transparent way (and in compliance with any laws)

  • Conduitz

    Of course a service like this can be helpful. The service can also be harmful though, i.e. the ability to track stuff that has no relevance to improving my service, such as reading contents of messages. Alfred Nobel created the Nobel Peace Prize because the dynamite he invented to help miners ended up being used to blow bank vaults and such. Give evil (evil corporations!) a great tool, and they’ll do greatly bad things with it.

    Sure the service could/should be allowed to exist but not against our wills! You make the best point that we should be able to opt into it. I’d like to see someone attempt to justify the opposite. I love Millers “Pay no attention to the man behind the curtain” approach. Its entertaining, if you ask me ;)

  • dl22

    What baffles me from the quality assurance side of things is that this is on every phone, I haven’t read anything about it being a tool used on a sample of devices.

    Maybe someone should introduce them to statistics based QA….

  • http://www.healthytiger.com Healthy

    Like most things, transparency trumps all.

    i understand why companies want this sort of feedback loop in place and how that can benefit consumers, but the worlds roads are paved in good intentions. it just takes one government, or politician to realize that they can use this information for their own ends and guess what, the tool is already in place, and nobody needs to know what they are doing.

    there is a lot of push back on tons of things in governments these days (speaking for US because that is what i know) you just need to listen to some of the OWS grievances. I liken this Carrier IQ thing to campaign donations. they help the system. popular candidates benefit form support and that makes the system run. but if you believe for a second that someone/somegroup won’t take advantage of any lack of transparency they can find you are wrong.

    the reason i prefer Android is the transpancy built into app installs and the open nature of the developer/consumer interaction. I don’t need to get apps through google (market) or even carriers (sticking to the vanilla nexus line, naturally). if there is something i want, i can see what it accesses and make my own judgement. the fact that that choice is taken away is a huge issue. perhaps not for everyday consumers (like with anything the “masses” are clueless) but for many users on this site, this is a core reason why we choose this operating system.

    • http://pixelswim.com Steve Heinrich

      “the fact that that choice is taken away is a huge issue”

      This is the problem I have with all of this too. I love the Android atmosphere for its choices. You can choose what you want and how you want it. I have no problem helping these companies provide better service but it has to be a choice.

      Thank goodness for the Android community and their raising of awareness on this. CIQ needs to be a choice a consumer makes not a decision a company makes for them.

  • Adryan maldonado

    Mmmmm…. Excellent article. I appreciate the whole “i agree it can be good thing but it’s terrible the way they implemented it by forcing us to use it and not telling us what they are tracking.” I agree that companies earn more trust by simply asking and informing us.

    • http://www.anthonydomanico.com Anthony Domanico

      Thanks.

      Whether or not the service is good or bad hasn’t really been the key issue, in my opinion.

      • stenzor

        Another funny quote from that ZDNet article: “It sounds to me like the software is designed to BENEFIT consumers and is not being used to track and target you.”

        Oh yeah… It sounded to everybody like Enron was a great energy company designed to make its investors loads of cash! Always good to be a little bit skeptical.

        • http://www.anthonydomanico.com Anthony Domanico

          For such a short article, it had quite a few gems in there.

  • Dylan Friedman

    I kinda agree that it is a good service. Carriers need this data…it should be an option that you can opt out of though. And there should be certain things that it doesnt track.

  • http://whysoangrybirds.com mikeyDroid

    I personally don’t mind – but it’s simple – let us OPT in if we want it.

    • Futureboy

      Agreed and I’ll go one step further to say that all information gathering and sharing from every industry across the board should be opt-in by default.

      • GUI_Center

        Exactly, opt-in should be the industry standard.

        • Bryan Stoner

          For some reason I though it already was. Carrier IQ came by as quite a shock.

          • http://www.anthonydomanico.com Anthony Domanico

            I think Carrier IQ is a shock because opt-in by default has become the de facto standard.

  • YMS123

    Maybe its good, but going behind peoples backs installing software, and blackmailing developers isn’t very convincing…

  • Dlux

    Hear Hear!

  • tequilya

    “There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live–did live, from habit that became instinct–in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.”
    George Orwell, from his 1949 classic novel, “1984″

    • thebonvoyage

      I’m glad someone brought this into the mix. I’ve likened this to 1984 since I first heard about it. Excellent and relevant excerpt as well.

  • thekaz

    I think the problem with opt-in, instead of opt-out, is that many average users, who have nothing to fear, will see this request as something scary and therefore not opt-in. I think, for the average user, having CarrierIQ on your phone isn’t a big deal. For power users, or those “in the know”, it may be — but they are also likely to be the ones to know how to go in and opt-out.

    The problem with people not opting-in because of a scary message asking them to opt-in is that you will have a much smaller sample size this way, thus likely making it more difficult to analyze and find issues.

    I am not downplaying privacy issues, however.. I still think a careful eye needs to be watching these groups that collect data to make sure they are using it properly.

    • http://www.anthonydomanico.com Anthony Domanico

      Yes, many people would not opt-in for fear of privacy violations, or a scary opt-in message, but I think everyone should have the choice. Make it clear what you’re using and what you’re using it for, and people will choose to help you if they want to help you.

      The other alternative is to grant permissions only to things that Carrier IQ needs to get it’s job done. If it doesn’t/won’t store content of texts, why does it need access to those things?

      • Bryan Stoner

        You bring up a good point. Taking that a little further; how about allowing users to select permissions for an app just like enabling/disabling a module. That would certainly help ease people’s minds about sharing information Carrier IQ tracks.

        • http://www.anthonydomanico.com Anthony Domanico

          Good idea, but probably difficult to implement. :(

      • thekaz

        I get what you’re saying.. but opting-out is still a choice… I definitely agree they went about it was wrong…

  • Futureboy

    If anyone is interested, Lookout Labs (the Mobile Security people) have created a free app to detect if your phone has Carrier IQ:

    https://market.android.com/details?id=com.lookout.carrieriqdetector&feature=search_result#?t=W251bGwsMSwyLDEsImNvbS5sb29rb3V0LmNhcnJpZXJpcWRldGVjdG9yIl0.

  • Perry Ahern

    It should definitely be opt-in only, and on top of this there’s another point related to accepting terms when getting a new phone that should be dealt with. I recently purchased a smartphone and it was set up by my carrier’s sales rep at the store, at which time the salesperson who set up the phone for me went ahead and accepted all the license agreements because I didn’t see a single one when I received the phone.

    All of the responses to the Carrier IQ situation that pointed out that by accepting the general usage terms of the phone I accepted Carrier IQ don’t take into account the fact that my carrier’s sales rep accepted them for me. I didn’t agree to anything myself regarding usage of this phone.

  • Wayne Winkler

    I agree with your article completely, but I think on top of this certain things shouldn’t be able to seen. For example, see if my SMS goes through or errors out…this is a statistic you care about but you DO NOT need to know the content of the SMS.

    You don’t need to monitor every phone number, everyone URL and if it’s https it’s https for a reason exclude these from your software for monitoring.

    So keep it up and good article, don’t just roll over and accept giving up your privacy with out knowing what your getting into and why your giving it up.

  • Legend

    I like to think of CarrierIQ thing as the circle of manufacturing. You buy the phone & software on it -> Carrier IQ records what you do -> Carriers/Manufactures buy the info to improve your phone experience. I’m glad we have this system but I’m not happy they try and hide their actions…

  • spintrex

    It just seems that technology has driven businesses to have tracking in almost anywhere to fuel marketing and more. At first I was against the whole invasion of my privacy as I felt it was a right but it seems like that right doesn’t exist at times when you don’t even know your privacy is being violated.

    I understand that Carrier IQ, Sprint, and Samsung probably have been getting accurate results by running on every device but MAN do I feel used. A simple ‘you could have asked’ would have been fine. So although Carrier IQ is a good service their invasion without permission leaves a sour taste.

  • Bryan Stoner

    I love the points you described in the article. Opt-in + a list of what it will track would be acceptable for a lot of people. But Carrier IQ just blew the sandbox security idea surrounding Android to smithereens. I wonder how Google feels about all this.

  • Shay D. Life

    It seems like the further we dig into these devices, the more stuff we find that we are not happy with. Phone companies/carriers always talk really big on how they believe in protecting your privacy, but they “never” throw their own names into the threat pool. Great article. Sad thing is that for the people that don’t follow android or read any articles, they are always at risk and never know it.

  • Danny Calderon

    The carriers should atleast have to tell you that they are using a tracking software

  • Lee Swanson

    The fact it was a hidden, root kit that you couldn’t uninstall or opt out is he biggest issue. If it’s a valuable software product, it shouldn’t be hidden.

  • Thomas Taylor

    Were the practices of Carrier IQ, if not the specific name of the app and methods, disclosed in carrier contracts and privacy statements? Certainly few people read those thoroughly, and it does seem like the app’s permissions go well beyond what it is purportedly doing – I wonder if the app’s permissions go beyond what subscribers agreed to in their agreements. There could have been more pro-active transparency, but I can’t believe the carriers wouldn’t have gotten at least thr pro-forma permission of signing a contract or privacy policy.

  • ffff00

    I have no doubt that Carrier IQ is helping carriers do what they do. It’s just a little unnerving that it was such a secret until this explosion of news recently. I agree with the argument of opting in completely, I wouldn’t mind helping the carriers out, I’d just like a little heads up about it, you know?

  • fnoodle

    To your list of grievances I would also add data security.
    By that I mean the appearance of plain-text user data in the logs to be intercepted (or harvested at a later point) by any number of software.

    If I were to discover that my opting into Chrome’s usage statistics sharing exposes my searches or other personal data to world’s prying eyes, I would revoke it lickety-split and fire off an angry bug report.

  • Shadowlore

    The biggest issue I have with this is the fact that so many ‘innocent’ (in this case anyhow) companies are going to be dragged through the mud in this. If you look at this morning’s new list of companies being class actioned over this, some of them are bystanders.

    The companies at fault, more than even CIQ, imho.. are the carriers that have willingly asked for this software, and installed it on new devices. I wonder how many devices we’d have that operated better without this additional bloat being installed.

    I’m hoping that companies like Samsung, HTC, and even the carriers that don’t utilize it come out and openly state: ‘We didn’t want this crap installed in the first place.. AT&T/Sprint/T-Mobile/etc install whatever they see fit, since they’re subsidizing the cost of the handsets in the first place.’

    Which brings me to my next point.. if you’re buying this device, retail, out of contract.. under WHAT law do these companies seem to think they have the right to install this software? It’d be like buying a new car, installing a bunch of aftermarket mods that decrease the performance, MPG, emissions, and it reports on your location, what you’re buying, who you’re with, etc….. and then selling it as a brand new car…

  • Charles Duke

    I concure with this article!

  • http://keridel.blogspot.com james bricknell

    My big worry is that with just a little tinkering a 3rd party app could intercept all this information and give it to someone else.

    The permissions iq have are not needed for qhat the carriers want. So dont use them.

    Transparancy is also important. I generally dont mind whatbthe app does as long as i know its there and i have let it.

  • dunneldeen

    I think you hit it perfectly this time and couldn’t agree more with your assessment.

  • Clint Haynes

    Besides all the good responses above, I wondered about this:

    If CIQ is sending as much information as it has been shown to be able to collect, wouldn’t that make network problems WORSE on networks that are already struggling with bandwidth (say at&t)?

  • olen

    they can read and see EVERYTHING you do on your phone, even keystrokes (=passwords). even if they say they dont want to know it, they could. and they didnt tell anyone. thats just spying.

    everyone should be concerned about this. and everyone talking about post-privacy should think about others who truely need privacy.

    the main problem is, if you say “they didnt do anything with it, why shouldnt they collect all that data” everyone will start their own data collection. and not for technical purposes. data mining is a big issue today and we need to stop big companys spying on us in every corner of our lives.

  • breinhar

    I think the way it is used at apple is the best way. Although they are removing it. 1) you can opt out. 2) it only tracks location and other meaningful data. I think it should also maybe track signal strength. That way you can generate an anonymous map of when your network strengths and weaknesses are.

  • Andy_jr

    Minor wording quibble…

    “Opt-In” = disabled by default; must take action to “opt in”
    “Opt-Out” = enabled by default; must take action to “opt out”

    What Carrier IQ is doing is neither one. They are enabled by default with no way to disable it.

    I completely agree with your point. If Carrier IQ was “opt-in”, it would be acceptable.

  • f3rdamt

    I have a hard time understanding people who dont mind some company harvesting information about you. It´s all about information today, dosn´t mather for what purpouse they want it. First of, why should i give them information that they can sell or use for whatever they want. Did they ask me? Do i get any profit from it? Think about the total amount of data that they collect, do they pay for the data fee, no, we do!

    So stop collecting our data or start paying us for giving you information! Of course after you asked for permission to collect it!

  • jsweetser2

    All i really have to say on this matter anymore is this: Google has more data on everyone in the world, than everyone in the world has. They have almost ALWAYS stated they are doing so, given the opportunity to say ‘yes or no’ to it, and kept safety a top priority on all the info. Gmail comes to mind, scanning email content to generate relavent ads. There was an outcry, Google said, “It’s safe, if you don’t want the ads, use another email. Trust us, or don’t. it’s up to you.”

    SOOOOOO here’s the problem. Carrier who? Without knowledge of the company, the program, the info gathered, how it’s being stored, OR the option to use it or not – this entire thing isn’t so much about data gathering, it’s about WTF just happened? It was under handed, shady, and continues to be so with CarrierIQ.

    The stigma of secrecy and lack of choice is the large issue here, along with no one knowing the security practices of those gathering the info in the first place.

  • oddball

    What I don’t understand is that if this is tracking personal information aren’t they required to notify you? The fact that they are being looked at for illegal wiretapping says a lot about the permissions this software has. The fact that they are trying to avoid taking responsibility says to me that they know they were wrong and that they don’t want the punishment that comes with it. A basic can we collect this data would have made this issue disappear but instead the companies involved hid what they were doing until someone called them on it.

  • Dan Jones

    Ideally, I think what it needs is to ask me to allow, point-by-point, what it wants to track.

    The fact that it can track almost anything it wants is deeply disturbing. I should have to approve everything it wants to track, individually.

    Of course, tracking this information *could* be used to improve my phone/cell service, but I want to know exactly what it wants to track, and if I say no, it shouldn’t do it.

  • mugurelu

    I dont really know whats this all about, but yeah, they shouldve asked me if i want it installed and offer a way to uninstall it.
    Maybe it’s a good thing but I dont like being treaten like a morron, it’s my device, i want to own him, control him and whatever i want with it!

  • Nathan Diaz

    Is there a phone to old to have this like g1

  • kevin charliethesuperturtle

    Hi sprint user
    Will you let carriar IQ steal you creditcard number, social security, etc to help sprint make a better network.
    My response: fuck no!

  • sylar

    There are some good points. But still they get your credit card numbers and all kinds of other things that they really have no business knowing.

  • Adam Jones

    Its just plain bad business ethics. They can say its for good or bad. Either way you shouldn’t do it secretly.

  • Michael C.

    I’m very very glad I got a “pure Google” phone (Nexus S), not just because I’m Carrier IQ-free, but for many other reasons as well.

    …I’ll let y’all know how cool ICS is fairly soon, I’m sure. :)

  • http://sean-the-electrofreak.blogspot.com/ Sean the Electrofreak

    A guy I know at work today was bashing Android for CarrierIQ… until I pointed out to him that Apple has been using it as well. He didn’t want to believe it until I showed him with a quick Google search.

    • http://ilysespieces.tumblr.com Ilyse Rose

      Yeah, it’s not like it’s unique to this specific platform, people who make assumptions like that and bash the platform rather than the program itself drive me up a wall.

  • cheeseasaurus

    I agree that it’s a carrier nessecity to have something like CIQ, but it simply needs to have access only to data carriers need and as stated needs to be something you have to opt in to. The major bad publicity is the opportunity for another company to step in. However, I think it’s safe to bet CIQ is locked into contracts with carriers.

  • minimage

    If Carrier IQ can’t help the providers achieve their goals of improving service by any other way than hiding, deceiving and gathering far more information than they actually need, they do not deserve to exist.

    @Electrofreak, I had to let at least one of my co-workers know that he was only safe from CIQ after he installed iOS5. Never heard another thing!

  • http://ilysespieces.tumblr.com Ilyse Rose

    Absolutely, something like this shouldn’t be a default.

  • gherea

    Carrier IQ is just simply wrong for not informing us what they are doing

  • Silver

    Yes yes what Carrier IQ did was terrible. However we must still remember that the one mainly at fault here is the carriers as they are the one who installed those apps into our phones without our knowledge. Carrier IQ only makes the tool. The carriers are the one using it.

    Anyways I too also believe Carrier IQ can a very good service that helps improve our experience. However it really needs to be transparent with what it do and allows us to disable it. What interests me is why do they need to look at the content of our text messages?

    Also I thinking opting-in should be the default while allowing us to opt-out. Normal users will normally be scared of anything like this even if it could benefit them and choose not to opt-in. What could be better done is instead change the permissions to only use what it needs because right now the permissions it required is just ridiculous. You need to have that MANY? It’s totally fishy!