toggle

AAPL Stock: 112.76 ( -0.53 )

Printed from http://www.macnn.com

Carrier IQ: any logging is the fault of HTC, other makers

updated 11:50 pm EST, Sat December 3, 2011

Carrier IQ puts attention back on phone firms

Carrier IQ followed up its technical discussion of how its system works with an implication that phone designers like HTC were compromising the security of its device tracking. In a chat with The Verge, marketing VP Andrew Coward was careful not to mention HTC by name but gave strong clues that a standard Android log file containing the normally unsaved information had to have been populated by HTC with the tracking data. HTC's software in this view was making copies of whatever the Carrier IQ programming interface saw.

The executive reiterated that the tracking only sits in RAM and is protected. It should only be viewable with Carrier IQ's own software. An app with strong permissions could read the standard log file, but this was an issue with Android, not Carrier IQ.

A worst-case exposure of the files would still leave data no more than a week old, Coward said. He had previously elaborated on this by mentioning that the tracking information was uploaded as sparingly once a week and included the last 24 hours of data up to that upload, making any week-old data itself just a small piece of the device's history.

HTC hasn't responded to the more direct accusation, but it has already said it was considering letting users opt out of tracking entirely. Other Android phone creators like Samsung have yet to fully take a stance. Apple, Nokia, and RIM have all said that they either stopped an already-limited use of Carrier IQ or never used it.

The core software is now generally thought to be benign and captures only anonymous carrier data, using any checks on keystrokes for short codes in voice or messaging. With carrier-badged Android phones not giving users a choice on whether they use Carrier IQ, however, it creates potentially very large security risks if the data escapes and hackers can assume that some phones are always vulnerable.




by MacNN Staff

toggle

Comments

  1. aussiearn

    Joined: Dec 1969

    +4

    LOL

    So the worst case is the https data, which is suppose to be secure end to end, which Carrier IQ shows in plain text is only vulnerable for one week. Well I don't know about any one else but I sure feel better knowing that!!! Yes I am being sarcastic for those who are part of the literal-net!

  1. SockRolid

    Joined: Dec 1969

    +11

    "Blame the carriers, not us!"

    Carrier IQ is evidently quite the bunch of chickensh!ts. "Hey, we just write the software. Don't blame us if anybody out there actually uses it to collect data. Bad carriers! Bad carriers!"

  1. kavok

    Joined: Dec 1969

    +9

    Yep

    Now the finger pointing begins. It was them not us! No it was the company, not the carriers. I hold them ALL responsible. It's the only way to find out what's really going on.

  1. The Vicar

    Joined: Dec 1969

    +5

    Yeah, sure.

    "But, your honor, I only mixed up the nitroglycerine, put it into the case, designed and built the detonator, and gave it to someone else to deliver. How can you hold me responsible for the bombing?"

  1. climacs

    Joined: Dec 1969

    +1

    @The Vicar

    well, by the logic of the gun lobby... bombs don't kill people, people kill people.

    Carrier IQ is simply following the NRA's example. They wrote the code, it's not their responsibility as far as what people do with it.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

toggle

Most Commented