Dec 13 AT 9:50 AM Anthony Domanico 96 Comments

Carrier IQ releases guide that tells customers what they do/don’t track


Unless you’ve been living under a rock for the past few weeks, you’ve probably heard about Carrier IQ, the service installed deep in the guts of multiple devices that logs various aspects of your cellular experience. Companies such as Sprint, T-Mobile, AT&T, Samsung, HTC and others use this information to provide software updates that fix bugs with your device or improve upon their cellular network in your area.

A frenzy was created because nobody fully knew exactly what Carrier IQ had access to or what it actually was tracking on their end. Carrier IQ and their customers were called on by Al Franken and the US Senate to release details about how the service operates and what the service has access to on user devices.

The potentially bigger story on Carrier IQ came out in the last 24 hours. The FBI uses Carrier IQ, though they’re very much unwilling to tell us just how and what they use. In fact, reporter Michael Morisy of the Muckrock News sent a Freedom of Information Act (FOIA) request for manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ. The FBI refused to cooperate, stating that they were exempt under a provision of the FOIA that exempts materials that could potentially interfere with an ongoing investigation.

Carrier IQ is fulfilling its end of the bargain, however. In a 19-page document released yesterday, Carrier IQ has come clean on their service. You can read the full document for yourself by clicking the link in the previous sentence or the source link at the end of this post. Otherwise, what follows is the summary section of the Carrier IQ document (bold sentences are their emphasis):

  • The source of personal information in Android log files shown by Trevor Eckhart in his video is a result of debug settings remaining in production devices and should be classified as vulnerability. The IQ Agent software on the mobile device was not responsible for writing log messages containing personal information seen in the video.
  • Carrier IQ does not acquire or forward the content of multi-media messages (MMS), emails, photos, web pages, audio or video. A detailed list of what is actually gathered can be found in Exhibit A and Exhibit B in the document.
  • In some unique circumstances described in this document, an unintended bug in a diagnostic profile allowed collection of layer 3 radio messages in which SMS messages may have been embedded. While the layer 3 signaling data was provided to the Network Operators over whose networks the data was originally sent, they were not decoded or made available in human readable form to Carrier IQ, its customers or any third party. Upon discovering the bug, Carrier IQ and its customers took immediate steps to remedy the bug and Carrier IQ customers are no longer uploading such data.
  • A specific numeric key code can be entered by the user to cause the IQ Agent software to commence an upload and the IQ Agent software on the device receives numeric key presses so that it can identify when this key code is entered. Carrier IQ has never intentionally captured or transmitted keystrokes and is not aware of any circumstances where this has occurred. Carrier IQ is not a keylogger and no customer has asked Carrier IQ to capture key strokes.
  • Network Operators define through profiles which specific diagnostics are actually gathered from a device. Carrier IQ writes profiles for each Network Operator to gather the diagnostic information they require.

There you have it; a full response from Carrier IQ that hopes to clear the air and invoke consumer trust that they’re actually trying to do the right thing. What do you guys think? Does the report suffice? Or do you still have questions you’d like to ask Carrier IQ? (We’ll send your questions their way).

Source: Carrier IQ

Anthony loves all things technology, from hardware to apps and games. You can connect with him via Google+ or Twitter by clicking one of the fancy doo-dads above.

    Most Tweeted This Week

  • stenzor

    Finally… they should have done this a long long time ago

    • SCJaredJ

      Yep. Would have been way better to just address the issue head on when it first came out.

    • nsnsmj

      Yep. Now they’ve got such bad PR and all because they handled the situation so poorly at the beginning.

      • wyngo

        No, they’ve got bad PR mainly because consumers weren’t told about their software and didn’t have the opportunity to opt out. While the details of their practices certainly make them seem less like evil information-hoarders, they don’t change the lack of transparency and choice. To be fair, though, it’s not clear whether that was CarrierIQ’s decision or their customers’.

  • YellowDucati

    Its nothing personal. I promise! You can trust us.

    • Andy_jr

      I agree.

      I don’t trust any software, really. Even if what they are saying is true for now, nothing prevents them from changing their policies in the future without notice.

      The ability to disable it entirely is the only way to make me happy.

    • Futureboy

      Thanks Carrier IQ… now all you have to do is release that “opt out” button…

      • Jon Garrett

        or better, stop watching us.

    • Evokill1


  • Thomas Biard

    Why be secretive for so long and then almost unwillingly give up information like this. Not good for public reltaions. Now when hearing about Carrier IQ people are only going to think “sketchy”

    • lxgeorge

      Yeah I don’t understand why they kept themselves secret all of this time. Sure, there are some reasons, but they don’t outweigh the fact that if consumers were told about this from the beginning, there would be a very small chance of them seeing the service as malicious or “sketchy”. Public image matters for a company like this.

  • zyphbear

    I really wonder if they were not inquired by the government, if they would have produced any kind of document like this. After all, until they did, they never said some of the stuff that was released here.

    Though I still notice there isn’t an option to disable or not opt-in to the software.

    • Patricio Acuña


      they should have explained the service long time ago and the carriers are the others to be blamed because they kept silent about this.

      and carrier iq should let people to opt in/out and what kind of info people want to send

    • Trevor Cameron

      I really hope they are eventually forced to add this option. I can’t imagine that we don’t have the legal right to choose what we share and who we share it with.

      Great job Senator Franken!

    • NasLAU

      And why is the FBI so secretive? I’m still dubious based on the actions of the past decade.

  • madtnotn

    We only use our power for good.

  • yankeesusa

    It doesn’t matter what they say now, the fact is that they kept a lot of things hidden and quiet. Now they decide to speak! Only way I trust them is for them to be checked directly by a third party company and that they make carrier iq optional or have an opt out feature. Only then will I ever trust them. I just hope that the evo3d gets rooted again soon. I want to install a custom rom that doesn’t have carrier IQ. In the meantime I may switch over to a sprint nexus and try out ICS when its officially released for it.

  • desean

    I doubt many will still believe them now. Regardless, the tracking should only be opted-in and not by default.

  • Kaote

    Not really concerned with what you track, rather than not having the option to not be tracked. Spin it anyway you like, its still a gross violation of privacy.

  • Steve Heinrich

    In the report is says “Carrier IQ’s software has access to no more data than any other application on a device”…

    Except that I didn’t give permission to this application. It is great to have this report and see what we are dealing with, but the main issue for me still is opting in or opting out of this service.

  • Mil

    May be too little, too late. If they had honourable intentions then why did they send out a C&D letter to the guy who found Carrier IQ? Why did they take so longer to give the full information? And why were they not open about this from the outside by giving users an option to opt-in (where the default option is to be opted out). It seems as though Carrier IQ are now just scrambling to minimise as much collateral damage to their company as possible.

  • Torrance Barber


    • Torrance Barber


      • Torrance Barber

        Believe them XD

  • Martjn2

    All this spyware and hidden things in our smartphones are a bit scary, especially when you just read 1984 :P

  • Shadowlore

    Once again, I take offense to reports making it sound like that Samsung and/or HTC were the ones to initialize and request this software to be installed on their phones. It was installed on these devices at the carrier’s request, and in some cases *BY* the carrier directly.

    Still, good to see they’re coming clean about this, even if the FBI are being obnoxious in not revealing the info they know it gathers.

  • securifirm

    One reason why I put Cyanogenmod on my EVO 4G…

  • David Hughes

    I am sure I signed away my rights somewhere along the way in that BIG I agree statement, but knowing what being tracked could have a play in the type of phone I was using, fortunately, I am running an ROM that does not have this installed. OPT IN/OUT would have been the way to go

  • Black Kristos

    I read the entire document and it makes sense. Honestly, I would be much more interested in hearing from the carriers regarding how THEY are actually using this data. That is where any possible breach of privacy would come from.

    • ajonrichards

      Doesn’t it seem like the carriers have been quiet about this the whole time? They’ve admitted using Carrier IQ, but haven’t come out and said “Carrier IQ helps us to improve our services, and here’s this data to quantify that statement”. If there was some proof that we as end users were actually benefitting from this potential invasion of privacy, it would go a long way toward cooling people’s heels.

  • agrabren

    The only concern is that there is no reason this documentation has to be honest. It’s a guide for customers, the same customers who keep catching them in deceitful statements. So while I doubt they’d ever want to capture keystrokes (which are meaningless without context), they can capture the intents of the keystrokes, as well as secured information. And if they have a security breach, can you imagine the damage that could be caused? It’s an end-point security failure.

  • ramenchef

    Why do I not believe this report of theirs is 100% exactly what they collect and what their software does?

  • Jason Toering

    The fact that the application is able to gather that level of information at all without my express permission is a major privacy concern in an of itself!

    It doesn’t matter that they claim to have never sent it out, the fact that it is even being collected without the approval and consent of the user is the issue.

    They seem to be glossing that over by trying to claim it’s an error with the debug part of the program, which to me sounds like a way for them to cover up the fact that they can gather that data if they want to. And if they can gather that data you can be damn sure they can transmit it as well.

    • Alex

      You misread it. The “debug part of the program” doesn’t exist. That isn’t their software at all. If you watched that video, you watched a debug log that was being created by a completely different application which tracked keystrokes as well as application processes like Carrier IQ. Carrier IQ itself had nothing to do with the keystroke capture.

  • crunchybutternut

    Too little, too late.
    So many people are already against them that this will most likely be ineffective overall.

    • agrabren

      Sometimes, there’s no recovery from bad PR, no matter how ‘good’ you might be. And in this case, I don’t think we could find the good with shovels.

  • msgnyc

    Hows about they tell us how we can OPT OUT of this service that we supposedly have a choice to use or not yet we are automatically Opted INTO without our consent with no way of opting out…..

  • Darknight42020

    The government “piggy-backing” the software has me concerned the most. Will we all really know what it is that is gathered on us? Doubt it. Our goverment is becoming more of a dictatorship each and every day… The only personal freedom I see for us is the freedom to take it in the arse without being granted lubricants. This all hightlights the underlying issue of “how free are we really? “

  • ranwanimator

    So I would assume that Carrier IQ is stripped out of Cyanogen and other custom ROMs?

  • Jimmy13

    Custom ROMs to the rescue!

  • Mike Hanel

    this is turning into IQ-gate……

  • Ilyse Rose

    This really should have been something they had out from the beginning. It’s too little too late by now.

  • phssthpok

    Anyone else wonder how hard it is to force the phones into the debug mode that captures the personal info? If that’s not locked down pretty tight, that’s a whole other issue.

  • Kevin Amundson

    First, we should be notified that Carrier IQ is installed on our device.
    Second, participation with Carrier IQ should be optional.
    Third, the government shouldn’t have access to this information so easily.
    Fourth, Carrier IQ should quickly provide the ability to opt out, and/or uninstall their service.

  • kusine

    Did they know about the “bugs”, yet still let the program be used without fixing them?

  • GeauxLSU

    For all the negative around Verizon for the way they are handeling the Galaxy Nexus release, at least they aren’t messed up with the Carrier IQ stuff.

  • tagon

    The service should have been Opt in from the beginning with details on what it did and why. Honestly I would have most likely said yes had I known and it was on my device. Nexus for the win

  • donger

    don’t have this on my Nexus One. woot woot

  • hokiewv

    I’m hoping that their statements about keylogging are true but there is still sufficient reason to be concerned about the software. The various statements by the carriers in the last couple of weeks only muddled the situation. Most users never agreed to have a 3rd party track their phone calls and network activity and it isn’t clear how the privacy policy by most carriers cover this.

    Also, more significantly, they admit shipping software has significant bugs and there is no way to opt out.

  • themanwithsauce

    I have a question – if this service does so much good for carriers you’d think there would be a way to put it on all phones via an app in the market. Isn’t it a bit of a sign that Verizon didn’t want it? And that we were never really made of it’s existence?

    And what do they expect to do now that no one has any faith in them? Most carriers are probably not going to use their software due to this bad PR. Those that continue to sneak on this junk will swiftly lose their business as even non tech people get wrong of this.

    • Lee Swanson

      Also, does it mean that the FBI can’t get information from Verizon phones or does Verizon have another way of getting that information to the FBI. Makes me want to root my phone more and more everyday.

    • alee

      I’d guess that it’s hard, if not impossible to make the network performance measurements that Carrier IQ is supposed to do in a regular app, as opposed to embedding it into the operating system itself. Even if you could put it in a regular app, it would probably require root access.

    • alee

      It could just be that Verizon didn’t want to pay whatever Carrier IQ wanted to charge them. For all we know, Verizon could have written their own software, or paid some other company that gave them a better deal.

  • frmorrison

    Carrier IQ needs a better PR group and the need a way to Opt Out.

  • eliander mendoza

    To tell you the truth i will not waste my time reading 19 pages from carrier IQ, i don’t care what they are using it for, what i really want is an option to erase this from my phone or at the very least turn it off? i don’t want something using my data without my authorization.

  • eliander mendoza

    To tell you the truth i will not waste my time reading 19 pages from carrier IQ, i don’t care what they are using it for, what i really want is an option to erase this from my phone or at the very least turn it off? i don’t want something using my data without my authorization. this is just some excuse they had the time to think about by writing 19 pages…

  • cabrone

    all they should have done is let us opt out… about time they released what they were mining.

  • cb2000a

    This won’t stop the class action lawsuits being brought down on them by super law firms. Nice try though…

  • Adryan maldonado

    Even though theyve released this list it makes you wonder why they had to hide this in the first place like it has been mentioned in the comments. And even now they still could be lying. i wouldnt trust them. custom roms here i come. Oh wait… im already on one so no worries

  • Louis A

    What the need next is a list of what they will do to address the problem!

  • Stacey Harris

    One of the many reasons I love CyanogenMod! This is a non-issue for anyone running CM.

    I do want to agree with a lot of you, this should have been released long before now.

  • jimtravis

    Nice that finally some light is shed on this situation. All carriers / vendors should be totally upfront about what is / is not collected, and the user / owner of the phone should have the ability / right to turn off all data collection that is not absolutely required to make a call, or access the data connection.

  • mcopeman23

    So I have a samung phone (NEXUS S) this stuff is on it? or no because it is a pure google phone? I have it for sprint.

  • jamal

    Better late than never.

  • HoLfElDeR

    Theri is app lookout that show you if you have carier Iq, my phone doensnt have :D

  • itzxdjx

    I hada feeling people where over reacting! I’m actually glad those shows that carries somewhat care about giving better service.

  • GMC

    “A specific numeric key code can be entered by the user to cause the IQ Agent software to commence an upload and the IQ Agent software on the device receives numeric key presses so that it can identify when this key code is entered. Carrier IQ has never intentionally captured or transmitted keystrokes and is not aware of any circumstances where this has occurred. Carrier IQ is not a keylogger and no customer has asked Carrier IQ to capture key strokes.”

    Until very recently no users knew they had this on their phones. How and why then, would this code be used?
    If it tracks keystrokes entered and I was not aware and my attention was not appropriately drawn to this, then it is a keylogger. And it is not lawful or compliant with UK law. Plain and simple users should be able to remove this malware. Excuses like the above that do no more than argue semantics are offensive and insulting…

  • T.C.

    So let me get this straight, a mysterious company did things that no one knew about, and got exposed. Now they have released a manual telling us what exactly they are collecting. And I am suppose to buy that what they are telling us is the whole truth and nothing but the truth?

    Call me skeptical.

  • Samar

    FInally..some Gud news.

    • Samar

      But tracking in any Way..a Big NO NO

  • vasras

    Just one question:

    When do you release the source code so that we can verify what you are claiming?

    After all, why on earth do you think we should believe you in the first place?

  • Peter Dowling

    Do I believe anything they say? No! They denied this very thing and even threatened to sue the guy who uncovered it.

  • aranea

    Too late.

    By the way has anyone else scared about FBI’s involvement? This is the big case of big brother watching!

  • skugern

    My questions are: “When will you provide an opt-out option? Will the carriers enable it? Why is this something that’s hidden from the user?”

  • Emmanuel Rodriguez

    They know when you are sleeping, they know when you’re awake?

  • Fabio R

    This is a list where the DOs overshadow the DONTs

  • dnar56

    So the FBI uses debugging software to solve investigations?

  • Marc’us H.

    It’s almost too little too late. So many people worried (and still worry) about this issue especially w/ all the information that could be out there for anyone to access. They really should have nipped this in the bud when it was first announced.

  • Hall Lo

    They should have done this on the very day 1! If they were not doing anything bad to us, why hide the details of the kinds of data they are collecting?

  • electricgamer

    As long as the company who provided the software is providing us with an explanation I find it hard to believe.

    “Carrier IQ has never intentionally captured or transmitted keystrokes and is not aware of any circumstances where this has occurred.” Please! That’s a phrase from a lawyer it’s like his client saying “I did not intentionally hit that guy, I was drunk”

    As for the FBIs dealing I find it hard to trust the government to hand this situation. There was a reason why customers was not informed the software was installed on their device. It’s up to them to tell us why

  • sylar

    not really sure i believe them.

  • megatec45

    Be afraid, be very afraid!
    NSA should have their own cell service. Charge less than all the other carriers, then everyone will flock to them without fear.

  • Danny Calderon

    It’s a Nvidia Christmas, android and me, droidlife, and hot hardware are giving away android tablets

  • humidity

    It’s nice to see an explanation!

  • Ton Habraken

    I don’t have to know what they were tracking. As long as I get an Opt-out button!!!

  • Voliam

    If this SW is used as intended, why do we not see any improvement in service? ATT must have gigabytes of info from my phone alone! With this data, and the numerous calls to CS, they should know exactly what is causing my reception problems!

  • awesomellamas57

    still looks dodgy 2 me :$

  • ToonPanda

    Interesting… Now I’d like to know if it all true what they write. Also, in texts like this, all companies like to use vague sentences to describe everything. I don’t like that!

    Then again, I’m runnning a custom ROM! :D

  • Awesome Alpha

    So someone at the FBI figured out that CarrierIQ collects the equivalent of call detail records with its diagnostic data. Then a National Security Letter to CarrierIQ lets them examine call detail records without having to bother the carrier. Now the carrier has plausible deniability, and (due to the nature of National Security Letters) CarrierIQ can’t say anything. Everybody’s happy.

  • zippyioa

    So they don’t capture info from MMS, email data, photos etc but they might have accidentally taken info from SMS, but not in a usable form, and they have stopped that now…. mmm, ok, so why is everyone worried? :)

  • Michelle

    Maybe this was all a learning curb and when all the different software starts to take over and communicate all at once… it causes communication and breakdown issues.

  • gherea

    Why be secretive for so long?