HTC Legal

Seems like every time you turn around you'll see corporations using sneaky tricks to gain a competitive advantage over a different, yet equally sneaky corporation.  That's usually how money is made by the people who are best at making lots of it -- at the expense of others.  The cell phone industry is no different, even though we wish it were.  Yes, I'm talking about Carrier IQ, and it's my turn to bitch.

Carrier IQ sells a stock client for BlackBerry, Symbian, and Android.  There's strong evidence that  they also make client software for other smartphone platforms, and even semi-smartphone OS's like Bada or BREW.  But they're only making it easy to get the same type of data your carrier has been collecting about you since the minute you turned your cell phone on.  If they're collecting it in an insecure manner, which has happened, that's bad on them, and they need to fix it -- pronto. But they're not doing it on their own. They're doing it at the behest of the manufacturer and the carrier, who uses the data to determine how to make changes that get you to spend more money when they offer you the latest shiny.  If 72 percent of the people use a certain feature, you can bet your last dollar that more work goes into making that feature "better" so it's a stronger selling point.  Carrier IQ, as a company, could care less what you do with your smartphone, when you do it, or why.  All they do is make it easier for the people you give your money to each month to see why you like your phone.  I don't work for HTC or AT&T, but I'm sure easy data collection and aggregation makes for a compelling sales pitch.

CIQ isn't doing anything it's not supposed to be doing, unless there's a software bug in play.  The software was purposefully placed there in order to track what you're doing in real time.  Apparently, it works pretty well.  Some may argue that it's a rootkit, or a flaw of some sort, but to the people using the product -- again, the carrier and manufacturer -- it's a feature, one that they pay money to include.  Remember, you are not HTC's (or Samsung, or LG, or RIM, etc.) customer -- companies like Verizon and Sprint are, and all parties find the data that's collected pretty damn useful, so they aren't likely to stop collecting it.

It could be argued that you don't have a choice in the matter. You bought the phone. And while there might be (and usually is -- see the picture above from a CIQ enabled HTC phone) some vague reference to the phone collecting data about how you use it, you likely skipped over that section, and it's not all that up-front about what's being collected or how it's being done. But on the other hand, that's probably true about 90 percent of what your phone's doing at any given time.  It works exactly how it's supposed to work.  Getting mad about it after the fact isn't very productive, and isn't going to solve the problem any time soon.

Vote with your wallet.  You have the option to say no to this sort of data collection software, and that's done by not buying phones that use it.  Every major carrier in the world now carries one of those.

Yes, I think Carrier IQ is a bad thing, done by unscrupulous people so they have more pennies to count.  But all the hate towards the company that writes and sells the software is misguided.  They are only filling a need, and if they stop someone else will step up to replace them.  Enough words have been written about it, yet the solution for Android fans only needs three:

Buy a Nexus.

 

Reader comments

Editorial: Carrier IQ -- the 'evil' we agree to and hate that we did it

115 Comments

I can say it in "2" words

Custom Kernel... or.... Custom Rom

The fact it's a root kit, hidden so deep that almost nobody can find it, is scary at the least.

The fact they denied it didn't exist, is even more horrifying.

And the lies continue even tho the party responsible deny:

Yes, it records your keystrokes.
Yes, it records your sms word for word
Yes, it sends every password you have, including bank accounts, server passwords, you name it.
And yes, it records who you are based on your device ID

Anybody who wants to read up fully on what has happened, can go to xda-developers.

The short "legal" disclaimer is a lame excuse. What possible use could knowing my sms, or bank account passwords have, to contribute to future user experience????

But the Custom ROM shouldn't even be necessary.

This is what drives me insane about "shrink-wrap" legal agreements. Simply by opening or using the item you paid for means you agreed to it, often before you've even had the chance to read the legal junk. The fact that it's LEGAL just shows how much control we've given up to lawyers in our society.

You should ALWAYS have the option to opt-out WITHOUT sacrificing functionality OR service. Better yet, any and all tracking should be OPT-IN ONLY. Not agreeing to the legal mumbo-jumbo should not ever impinge upon the built-in functions of the phone, the OS or of the service offered by the carrier.

I'm normally a VERY "Laissez-faire" kind of guy. Very much a Capitalist at heart. However, even as a Conservative I see the need for some regulation. Shrink wrap type legal agreements, PARTICULARLY where consumer data is involved NEED to be eliminated.

In the meantime I'm just waiting for the Galaxy Nexus to come to Sprint.

Another Jerry/Phil apologist special...

First it was unlimited data..making excuses for Verizon. What was it? Verizon has a GREAT network? Ridiculous...

Now it's our fault, we asked for this? buy a Nexus?
When did ANYONE agree to this??

Are you even trying anymore guys?

Why does it seem with every concern and crisis, AC is telling its listerners and readers to calm down?

I suppose we shoudn't be shocked. Just like Precentral was a webOS apologist site to the very end, so is AC jumping to the defense of carriers and manfuctuers to protect their bottom line. Sad.

Exactly! Even MacDailyNews, the biggest Apple fanboy site there is, will at least occasionally call bs on Apple. Here, genuine problems are always, always glossed over.

Telling people to buy a nexus? It'd be a far better way to handle objections if all new Nexus devices were available on all carriers.

In the meantime, keep up the damage control. Until all new Nexus devices are available on all carriers, there is no good solution for consumers.

Jerry/Phil: "You always have the choice to switch your carrier, even if you don't. You made your bed, now lay in it, you are clearly unequipped to understand the big picture issues involved here."

Condescended and belittled AndroidCentral reader and podcast listener: "Yes sir. It was I that was wrong. I defer my better judgment to you, it won't happen again."

Jerry/Phil: "I'm glad you understand your place. This editorial is brought to you by the Android Central Store http://store.androidcentral.com to assist in your re-education about how you should be expected to be treated as an end user. Remember: you aren't the customer...the carriers and our store are."

I suppose I'm naive, but I thought independent journalists are supposed to defend us and speak out against this sort of thing, instead of lamenting the 'reality' of these practices at the expense of the end-user. Defend us.

I think cabbie pretty much nailed it right on the head. None of the article's solutions are realistic, Jerry.

Nexus is not the answer. Not everyone can buy a Nexus for various reasons (cant switch carriers because of contract, no extra money to buy another phone, etc).

"Voting with your wallet" isn't going to work either. Only the tech-savy know about this, and we will not make a dent in their wallets. And as a techie, you must know it is up to us (and especially journalists) to keep the tech-makers in check because the average Joe doesn't know enough.

Blaming just the direct offender isn't going to work either. ALL of the companies involved need to feel the backlash. There's a reason all accomplices are arrested when a crime is committed, and not just the main offender. It's the only way to get rid of the problem.

And as many times as you want to warn about "overreacting," I can't follow that advice either. You know very well companies react to this kind of strong backlash. It may not always work, but it always grabs their attention as well as the general public's attention. If the companies are not going to listen, we at least have to make a big enough splash that the average Joe will listen up and become educated themselves. Does that sometimes cause things to be blown out of proportion? Sure. But it's better than being overcautious and quiet, and thus not finding out about things until it is too late.

You nailed it. I can't wait for this week's podcast. I swear if they keep up the apologies I won't be giving this site any more page views.

Apology?

Dude.  There is only one solution -- buy a device that doesn't have the software installed.  You keep giving carriers and OEM's your money by buying phones with this shit on it, they keep making it.  Take a bit of responsibility for what you agreed to.  I didn't force you to buy a phone with this shit installed.

Then start pointing the finger at the right people if you want it to ever change -- thats OEM's and carriers.  CIQ is just one company out of millions who can write this sort of crap, and an OEM can replace them in a minute.  Playing the fanboy and saying my OEM and my carrier are great, but CIQ is evil only makes matters worse.

 

Jerry,

I think your anger is misplaced. I agree with you one point, read my post below, my next phone will not be a phone with CIQ or a skin installed. But that alone isn't enough and that won't change anything. This goes beyond individual choice because most people are not informed.

My bigger issue, and I suspect many others, is the attitiude of tech journalist, AC in particular, who keep making apologies, excuses and rationalizations for multinational corporations.

Verizon kills unlimted data..Phil says deal with it

Logging software on HTC phones...sky isn't falling

CIQ logging EVERYTHING...buy Nexus..

Everything is ok and nothing is a big deal. And when it is, it's something we chose, opted into and therefore must remedy ourselves?

Well said. I'm usually for buyer beware; but I have to agree with the counterpoints in the comments here.

I have an issue with "Take a bit of responsibility for what you agreed to." It's evident, from the numerous articles and comments on various sites, that very few people were aware of what they were agreeing to or the level of detail of their carrier's data collection practices. The picture of the exceptionally vague "legal agreement" certainly does not come close to spelling out what people are giving their consent to.

I'm not saying that you aren't partially right, but to me, your article seems to suggest that we all should have known all along. I read everything I sign that costs me money and most things that don't, from beginning to end. Nothing in AT&T's contract gives any indication of this sort of monitoring.

A sticker that says, "This device includes software that captures every button press and keystroke!" would be nice.

Now that the nexus is on verizon there really is no excuse not to own one. If the nexus is on your carrier and you decide to go with a skinned phone your just adding to the problem. People will sit here and complain how bad skins are and how bloaterific the phone is yet when its time to upgrade you skip the nexus??? I am sorry but if there is a nexus on my carrier my choice is made up no need for skins for me. I do not support motorola, HTC and anyone else that feels the need to skin android and make it bad. I just hope these same people that buy a phone that is skinned will stop complaining about it being skinned or locked because with the nexus on verizon there is no excuse anymore. Most if not every carrier in the US will have the nexus no more excuses people!!!! Buy Pure Google or dont complain...

Not everyone is on Verizon, and why on earth would you buy a Nexus S on the carrier you're on when you know the Galaxy Nexus is about a billion times better. (Coming from a Nexus S user). Also, HTC is the number 1 Android handset manufacturer in the United States when it comes to market share and sales last quarter. (source: http://androidandme.com/2011/11/news/nielsen-android-still-dominates-us-...). This is problem that affects millions of users that a, "should of bought a nexus" approach doesn't fix.

Not sure why people are saying a Nexus phone is not available on every carrier. They are. The Galaxy Nexus will be on Verizon first, but Sprint is getting it and a GSM for AT&T and T-mobile can be brought over seas with a US AT&T one coming later. The Nexus One and Nexus S are available in the same fashion. All the Nexus phones are available in CDMA and GSM version, so they will work on every carrier. Sure, your 3G/4G to carrier compatibility may vary, but the phone will work where you need it if not fully utilizing the data network you are on.

The GSM version has pentaband HSPA+
850,900,1700,1900,2100

So it should work at full speed on virtually any GSM carrier.

Yet, I've never seen "this phone is Carrier IQ-enabled" on one of your reviews? If it's a problem, I'd at least like to know about it.

Just root and go with Custom ROM/Kernal thats close to stock and you are all good. I have EVO 3D with the WORST HBOOT 1.5 ever and figured out how to do this pretty easily all while this being my first time. Its not that hard and not that scary. No where near as scary as these bastards giving it to you in the backside via the fine print.

So your suggestion is for the common Joe to try to root, break the warranty, and possibly brick his phone? I doubt the carriers are going to buy the excuse that he/she was just "trying to get rid of CIQ" when that person sends it in for repair/replacement.

Rooting is not for everybody! The carriers caused this, so let them fix it.

People can start by complaining. Complain to your phone manufacturer and complain to your carrier. Call your congressman/senator.

This type of tracking also gives you a reason to break your contract without fees (complain to the FTC and FCC and the carrier will reverse cancellation fees). Make a big enough stink and talk with your wallet and they will stop using it.

They HAVE to give you an option to opt-out otherwise customer backlash will lead them into government regulation. Take a look at Facebook.

Voting with your wallet is just not enough anymore, there have to be consequences for the Carriers when they pull off shannegans like this, Device Health Application, Device IQ, all these things are upsetting that they are there by Force.
Ultimately we need Strict Legislature as to what a Manufacturer or Carrier has to do with there customer who has legitamate complaints. Right now we are at their mercy.

Now, numerous references have been made with regards to Buy a Nexus... does that mean this stuff is not on their?

And just who do you think writes the legislation?

Politicians who are bought by the carriers and companies like carrieriq. Their (politician) job is to protect the profits of these companies, not protect the people who vote for the best marketing campaign.

"Politicians who are bought by the carriers and companies.."?? What country do you think this is? Oh, wait...yep, that's our system. Good luck overcoming the carrier lobbying force.

It can be done. It just takes people taking action. Policians may get a lot of money, but they still need us to vote for them. And the fear of not being re-elected is usually greater than a rich person getting richer. Sure its an uphill battle, but if you just give up and stop trying then you might as well just move to China.

As to those asking, most Nexus phones are stock Android and do not include carrier crapware. That is the agreement the manufacturers make with Google to get to make a Nexus phone which is considered a developer phone since it is normally used by people to develop for Android. Developers need full access to the phone for testing and building software.

Despite your attempt at Carrier IQ PR, I don't like anything about shadowy data collection. Sorry—never will.

Stop with the "buy a Nexus" crap! Unless Google releases Nexus phones with hardware keyboards in addition to those without one, a significant percent of the user base is getting screwed by schemes like CarrerIQ and are being kept away fron the supposed openness of Android.

Nexus is not a solution for everybody!

^ This. Hardware keyboard is the #1 reason why I won't buy any of the current Nexus phones. Micro SD card is #2. But I don't care that much about getting a Nexus as long as I can run CyanogenMod.

Verizon has let the camel's nose in the Nexus tent. If Google lets them get away with baking Backup Assistant and My Verizon into the Gnex's ROM, all bets are off.

Well based on the initial reports...this was confirmed to be isolated to HTC & Samsung phones...is that still accurate?

And what about CIQ's statement on 11/23 stating:

- Does not record your keystrokes.
- Does not provide tracking tools.
- Does not inspect or report on the content of your communications, such as
the content of emails and SMSs.
- Does not provide real-time data reporting to any customer.
- Finally, we do not sell Carrier IQ data to third parties

I realize I probably sound like I'm defending it...I'm not...I thought I made an educated purchase decision with my Moto Photon, and was clear of CIQ.

Do we have an updated device list? And have folks confirmed that CIQ's statement of what they collect/don't collect is accurate?

Agreed. I thought this software is for collecting data on malfunctioning software/hardware, not on users personal data?

The software was first found on HTC phones, but many more (if not all locked phones) have it. It is not limited to Android either. Also, researchers have found that the information being collected in massive and not related to malfunctions. Information on location (GPS), App usage, Content on your emails and phone calls, etc. are being collected. Now "maybe" its not be sent to the carriers, but if its being collected then it is probably being shared or will be in the future.

Sorry Jerry that argument is kinda lame.

Of course big companies want to have easy access to all of your information whether you want them to or not. All of your personal information re where you shop, what you buy, what your interests are is the holy grail of business. "The better to sell you what you really need my dear," said the wolf.

There are very definite issues about the legality of what kind of software the carriers are putting on your phone. CarrierIQ and one or more of the cell companies are definitely going to end up in court and probably in front of a congressional committee.

Very vocal push back against CarrierIQ, Sprint and any other company with this crap on their phones is useful simply because it works. If you want privacy on a phone that you are paying serious bucks to own and operate you have to be willing to fight for it.

The fact that they seem to be so willing to lie about it means they know they have something to lose. It is also a stance that very likely will come back to bite them in the ass when this goes to court. Lying to your customer's about what your product does or doesnt do, tends not to go down to well in a court of law.

The infinite stupidity of supposedly tech savvy companies around this kind of issue no longer surprises me. I've come to expect that companies in these situations will time and again pick the absolute worst response to a situation and run with it.

"Climbs down off his soapbox muttering to himself, Damn phone companies, bunch of bloody pirates."

Just watch the recent CNBC show about supermarkets and the data they collect on everyone...it's no different. Banks, credit cards, car GPS/navi, the supposedly wonderful "pay with your cell phone" future...welcome to modern society.

At least the internet isn't tracked. Wait, what??! :)

How about some god damn transparency? A LARGE warning directly on all the marketing and promotional material and not just in a legal notice you have to approve if you want to be able to activate the phone your just purchased. Also how about this. Screw the Nexus and Google. Don't be evil my ass. Put your boot to the throat of these companies foisting this insidious software on consumers and tell them to choose: Either CIQ or Google. Have fun with Windows.

Maybe Jerry get's a kickback for CIQ PR? Or for promoting the Nexus?

As punishment for such a... ahem...lame statement, he should shave off that "fur" from his face. )))

Has anybody considered that these phones are using our capped data plans to send data about our phone use somewhere on the Internet? How can they possibly enforce caps when they are soaking up some of that bandwidth themselves? It's effectively stealing, as they are using your service to feather their own nest.

Maybe the carriers allow this data to ride for free. Unless you compare the total outgoing data to what the carrier states that you are being charged for, you will never know.

Not that I trust HTC anymore, but I use Traffic Monitor to see what apps use how much data. Mine shows HTC IQAgent sending a total of 160 bytes. That isn't enough to send all the data that we are being told they are sending.

With my tin foil hat on, I could see how they could be using APIs that are not tracked by tools like Traffic Monitor though.

Jerry's argument is pretty sound to me. Of course, you could just continue to throw money at the companies that shaft you. I'll be buying phones where I can a) trust the preloaded software and b) freely share/modify/replace that software at my discretion.

Not everyone can change networks and spend the money to shift phones every few months when the next big thing comes out. Money, coverage, and contracts prevent the majority of people without money to blow on switching carriers for phones from "just getting a Nexus."

Nobody is saying to change carriers or buy new phones every few months. Nexus phones come out once per year. Nothing in this article says you need to have the latest and greatest. If you're so preoccupied about this, or choose to buy a Nexus, then you can do so on any of the 4 major carriers (soon Verizon, I suppose) and be "safe".

And God forbid if I take the differing opinion and find out that vanilla Android is boring and want a skin. Then what? What if I'm on a regional carrier that doesn't carry a Nexus device even if I actually wanted a Nexus device? I didn't mean to convey the point of needing to hop around every few months as much as I meant to say that I don't agree with the false sense of free choice that is mentioned in the article which is supposedly solved by "getting a Nexus". Different strokes for different folks, and everybody's answer isn't available everywhere.

Nexus phones do not have physical keyboards. Google shows no interest in ever making a keyboarded Nexus phone, and they are actually going in the wrong direction by removing the dedicated menu/back/home/search/power/camera buttons. So Nexus phones DO NOT meet my needs, period. I would (almost) rather buy a blackberry than use a touchscreen-only phone. But I am quite happy with my rooted Samsung Epic.

People spent their hard earned money on these smartphones. I never understood why so many people backed up carriers/device manufacturers when clearly they're in the wrong.

I wish I could buy the Galaxy Nexus, but Verizon refuses to allow Google to have the same freedom as Apple.

"You have the option to say no to this sort of data collection software, and that's done by not buying phones that use it."

Pre-purchase, how does one determine if a phone does or does not use such data collection software? What makes you think that Nexus devices don't use it?

It is and invasion of privacy. It is non of there business how I choose to use my phone or it content. Having access to my sensitive account information is definitely invasion of privacy. I do not desire to see another LAW on the books, and I would not be surprised if the idiots in Washington and Homeland Security are not behind it in some form or another. Big brother is already listening.

One of the few sensible things I've heard all day.

Don't know about you people, but I'm not akin to having my sms, passwords, log-ins, contacts, emails and whatever have you, sent to... who knows exactly where, or to whom. And for what purpose?

Only thing I can think of, is a security service. And... I would guess, it isn't just happening in the states either.

Thank you custom Rom and Kernel Devs!!!!

All I want to know is who pays for the data and how many MB a month is being used by this app? Since most carriers seem to be limiting this it seems to be wrong that Carrier IQ and your Carrier are racking up points against your monthly limit. If this is the case, could not the carrier request more data from Carrier IQ driving up this tally for the month even more?

Whats yet, just how much battery drain is pulled by this app when it is collecting and transmitting?

Seems someone better be answering these questions soon.

I saw no mention here about battery drain. Over at XDA they mentioned that removing CIQ significantly increased battery life.

I also wanted to nitpick the sentence: "Carrier IQ, as a company, could care less what you do with your smartphone..."

I hope you meant "couldn't care less", because saying that "they could care less" means that they DO care.

I agree, they fill a need, they aren't evil they are just selling to their customers, your cell phone carrier, I don't think it's a rootkit, their is tons of software on your phone that has the purpose of monitoring functions , ensuring connectivity etc on your phone, does anyone really believe that they understand what all of the executables on your phone really does? no, no more than you understand what every program in windows does.

That said, I don't worry about privacy per se but I do worry about security, with it recording all of those keystrokes and passwords, I don't think the companies themselves will do anything nefarious with it, but data stores like this are prime targets for hacking and personal identity theft.
Before this CarrierIQ story blew up, I had switched to an AOSP custom rom, the perfect solution to this kind of logging, and after I heard about all this stuff, I changed the passwords on my secure banking and personal email sites just in the off chance that something happens.

Even if CarrierIQ isn't doing something nefarious with the data as a matter of corporate policy (and that's debatable), the fact that they are collecting it is by definition nefarious. Could you create an any more enticing potential target for hackers than the repositories that CarrierIQ will have? How about a more enticing target for divorce lawyers? Or any other lawyer? Once the lawyers figure out that the data is out there, you can bet your ass that they'll find someone way to subpoena it.

Then what about the CIQ client software installed on your phone? Could that be exploited by a security flaw or direct hack to send a second copy of that data stream off to a hacker somewhere?

According to this Nov. 30 post on The Register, Eckhart shows that Carrier IQ *does* actually record keystrokes, etc. even though they claim they aren't. That's blatant disregard of privacy issues and goes way beyond any sort of reasonable 'let's improve the product' data collection.

-M

What for...so a bunch of lawyers can make a pile of cash?

All a lawsuit will do is pass the cost onto us through higher prices of future devices.

Class action lawsuits are a joke these days. There was once a time when companies were actually held liable for their actions and actually had to pay damages, in cash. Nowdays they settle early, throw a few million at the plaintiff's lawyers, then give a couple hundred million in "credit" to the plaintiff class as settlement. By the time that get's divided up between all members of the class, each person gets $9 off of their bill next month (if they're willing to jump through the hoops to claim the credit), the lawyers have made millions, and the offending company has gotten off by paying pennies on the dollar in "credits" for a service that is already marked up 300% or more to begin with. Total scam.

So it's not ok to get angry at the company that write the program? Because they couldn't have said "no, that's wrong and we're not doing it" right?

Also, CIQ has lied to our face about what the software does. It can't read your texts? TrevE proved this incorrect by showing a log where it logged the SMS contents. The things CIQ has stated this program *can't* do are complete lies, which makes them just as bad as the carriers and manufacturers putting it on the phone.

We go to a company asking about software, what it does, and what it's used for. If they tell us, fine - we move on to the carriers and manufacturers with full force. However, if the company lies, well then we have every right to get pissed.

I agree. Carrier IQ just makes the software that the carriers choose to use, so they weren't really to blame -- the carriers were at fault. UNTIL Carrier IQ flagrantly lied about the capabilities of their software. That wasn't very smart. They didn't expect the person who discovered this software to also be able to figure out what it is doing in the background? Yeah, they brought this on themselves. Sue the carriers, sue Carrier IQ, burn them all at the stake. This whole situation reeks, and this toxic filth must be purged from all of our mobile devices.

We, as a society, give too much of a pass to people acting unethically (note I didn't say illegally...there is a difference) in pursuit of profit. Who cares if they were filling a demand? So was the Farber corporation when it manufactured poison gas for the Nazis. We need to hold all parties responsible when they abuse the public.

"Buy a Nexus"............What makes you think that "Google" the biggest data collector, is not collecting info on the Nexus as well?

Do you honesty think Google doesn't collect information about its customers? Don't be so naive!

While I admit there are hints of reasonableness in this editorial, it generally smacks apologist at best, and sell-out at worst.

Regardless of who the customer is, CIQ is bad for Android users. The rest is semantics.

Why does AC seem afraid to say that? What is their motivation? To sell more phones on their store, their readers be damned?

The fact that the platform is so thoroughly and quietly co-opted like this, is one of the reasons I don't recommend it to people without the skills to root/ROM.

Honestly, AC has always been my go-to source but this position makes me wonder if we are on the same wavelength anymore.

What a lame-ass response! Telling people to "buy a Nexus" to avoid the CIQ data-mining is like telling people to stay indoors if they want to avoid being hit by a car - neither is a real solution! The basic solution that comes to mind is to force companies to get rid of CIQ on current phones and force them to stop installing it on future phones. Sure carriers and manufacturers don't really care about the end users, they care about making money but when you educate people about things like CIQ and the fact that they collect pretty much all your data without you knowing, people will be a little hesitant and cautious about buying certain phones. Maybe that's a bit naive but it is better than saying "buy a Nexus" and ignoring the fact that CIQ is installed on every other smartphone out there. It is collecting private data that people don't know about and don't want collected. I'm sure companies and carriers are not doing anything 'evil' with it like selling it to 3rd-party companies but that doesn't mean we should just let them keep all or most of our private info and data! If manufacturers and carriers are going to keep CIQ or equivalents and keep collecting your info they should either give you a clear explanation of how, why, where, for whom, and when your info/data are being collected or simply say that your private data such as keystrokes, messages, emails, passwords, etc will be collected "to provide you with a better user experience", not something as vague as "your information".

And why shouldn't Carrier IQ share some of the blame? They're the ones who actually made the "program". They knew what they were making and why. They knew that carriers and manufacturers would use it to collect private data. Lets say, just for the sake of argument, even if CIQ didn't know that those companies would be collecting private data, then when CIQ found out about it their first reaction should not have been a 'cease and desist' order for a person who discovered the app, that order should have been for the companies who were actually collecting the data! Carrier IQ's apology latter is just a bullshit way of saying "ok you caught us". Carrier IQ is responsible just as the carriers and manufacturers themselves!

I rooted my phone and installed Cyanogenmod 7.1 and Incredikernal Kernel. Is it safe to say that I don't need to worry about this being on my HTC Incredible?

It's possible a Nexus won't even help you... at least not a Galaxy Nexus.

It's already confirmed that Verizon is having MyVerizon and Backup Assistant pre-installed. I wouldn't be surprised if Carrier IQ wasn't in there, too.

The bigger issue now is not that their tracking anonymous data, but they are seemingly keylogging *everything* in plain text. Not sure if that ever leaves the phone, but this alone is terrible. Pretty sure I would have got a Nexus S had I realized this when the EVO3D launched. Unfortunately, CM7 isn't quite ready yet to switch over.

Buying a Nexus is a fine recommendation for those concerned with this, but it shouldn't be the ONLY recommendation Jerry. The issue is too widespread for that one line of models to be the only solution... If it's not CarrierIQ it'll be someone else, and before long it'll be on every last non-Nexus non-Apple phone.

You're part of the press, you have the power to influence the court of public opinion and mobilize them. You should be encouraging them to complain directly with their carrier, to complain with their elected representatives. What happened when two malls started tracking cell signals recently so they could pinpoint movement within the shopping mall?

Either enough people complained or the right people mentioned it to a senator and after he wrote a strongly worded letter the shopping malls backed off. Why aren't we putting up the same kind of resistance against carriers? Bending over as a consumer is the reason they have as much power over us as they do today.

Why is there more competition amongst European carriers? (and more of them) They're more closely regulated. We're allowing them to run amok in the US, and it's sad.

That would require real work, AC instead likes to tell us to "calm down", "it's not a big deal" and "the sky isn't falling?"

Re-read that, if you're capable.  "software you don't want"  Yes, your Verizon branded galaxy nexus will have that.  That's not my fault either.

Face it, you can't save this turd of an article. Just like Carrier IQ, you made your bed, now lie in it.

It's funny that your prescription is "buy a Nexus", then backtrack and admit that the Nexus can also be subject to carrier bloat and intrusive apps.

Jerry, I like your site and generally respect your posts but you are so far wrong on this one I don't even know where to begin.

If CIQ are recording, storing, and or transmitting banking credentials then these people along with the CEOs of the carriers and manufacturers that have installed this software on our phones should be spending a few years relaxing in a cell somewhere.

Software always, always, always has bugs and weaknesses. People and systems are always corruptible.

"Buy a Nexus" is a major cop out that may not even help... we have little or no way to tell.

Quis custodiet ipsos custodes?

This must not stand.

I am sure that that is their position but it fails my reasonable test and I am not the only one.

http://arstechnica.com/tech-policy/news/2011/12/sen-franken-demands-answ...

Here are three paragraph from an Ars article quoting Senator AL Franken and parts of a letter that he has submitted to CarrierIQ.

--------------------------------------------------------

Franken started out by asking for specifics on what types of information Carrier IQ collects, specifically whether it includes location, numbers dialed, the contents of text messages and e-mails, URLs of websites visited, search query histories, contact information from address books, and keystroke data. "What if any of this data is transmitted off of a users’ phone? When? In what form?" Franken asks. "Is that data transmitted to Carrier IQ? Is it transmitted to smartphone manufacturers, operating system providers, or carriers? Is it transmitted to any other third parties?"

Franken further wants to know if Carrier IQ has disclosed user data to federal or state law enforcement, whether Carrier IQ lets users opt out of logging and transmission of data, and what steps the company takes to protect this data against security threats. The senator strongly hints that he believes Carrier IQ has violated various federal laws.

"Does Carrier IQ believe that its actions comply with the Electronic Communications Privacy Act, including the federal wiretap statute (18 U.S.C. § 2511 et seq.), the pen register statute (18 USC § 3121 et seq.), and the Stored Communications Act (18 U.S.C. § 2701 et seq.)?" Franken's letter asks. "Does Carrier IQ believe that its actions comply with the Computer Fraud and Abuse Act (18 U.S.C. § 1030)? Why?"

I don't understand why Android Central keeps trying to downplay the biggest faults with the Android platform such as this mess and things like fragmentation by telling us to buy a Nexus. It is really annoying to hear that line over-and-over again.

We are not Apple fans, we are Android fans, and that means that we aren't pushovers when it comes to major flaws or suspicious activity within our operating systems. Please stop with the condescending "solution" to our problems with the "buy a nexus" line. Obviously if I wanted a phone that was above the fray in terms of CIQ and fragmentation, I would have cancelled my family plan on Verizon, payed the hefty early-termination, then bought 3 all new phones on Sprint. The problem with that is that I, and many others on here, can't afford to do all of that. Not all of us have the privilege of getting a new device every week to review.

So stop with that argument, please. It's the easy way out of actually starting a conversation about these faults—and I know Android Central isn't lazy.

Oh, how interesting this whole issue is becoming. How many times have you received "coincidental" advertising, whether via banner ads, emails, or other various advertising techniques? I've noticed the correlation for years. I don't agree with much of the authors content, but I think he was so blasé because it's not new news, just a confirmation of his suspicions. I think the same is true for many people regarding stories of this nature.

I skimmed a few posts hypothesizing about the possibility of governmental agencies being involved. I find that comical. The government truly is plugged in to everything that you say and do, but they are connected at the source, not via some shady third party marketing company. The government can at least be trusted with the information in that they cannot sell it, it requires very specific legal procedures for external agencies to gain access, and very thorough access controls with strict need-to-know for it's own internal personnel.

I only have one question about this whole issue. Why is it that carriers deny customers from accessing detailed usage information for phones under their own accounts unless they obtain a court order because they are SO concerned about customer privacy, yet they readily allow some third party company to access every last detail of that same information and then some? Go tell your carrier that you would like to monitor your child's text messages to ensure that they stay out of trouble. Ask for a list of the websites your child has been visiting on their phone. See if they just hand over that information on an account that you are paying for.

"Remember, you are not HTC's...customer--companies like Sprint and Verizon are..."

Good God, this is just asinine. It's like saying that you're not Pepsi-Cola's customer because you buy your soda at Wal-Mart instead of buying it directly from the bottler.

You do not buy pallets of 2 litre Pepsi bottles from a plant. You also do not order phones from HTC. You drive to Walmart and buy Pepsi and Walmart pays Pepsi a set amount of that purchase in exchange for carrying their product. You also drive to (insert carrier) and purchase a phone from them with a carrier logo on it and (insert carrier) pays HTC a set amount in exchange for allowing (insert carrier) to carry HTC products.

Marketing 101.

If I buy a Sony Blu-Ray player from Costco, I'm both Sony's and Costco's customer. Costco, as a courtesy, takes on some of the support of the product especially early on. However, ultimately the warranty is supported by Sony.

In the case of mobile phones, the carriers are like Costco. They bear some responsibility for the end product, but so does the manufacturer. It isn't either/or.

By the way, if the carrier reselling the OEM's product absolves the manufacturer, does that mean that if a phone is bought through an additional retail layer (e.g. Costco, Wal-Mart etc.) that the person up one rung on the ladder, the carrier, is then absolved of responsibility? Of course not. In that scenario, you are the customer of three entities, the retailer, the carrier, and the manufacturer. All have a shared customer; you.

How can you be sure that Verizon won't put Carrier IQ on the their Galaxy Nexus? Rumor has it that Verizon will put its usual crapware on their Nexus. People should assume that everthing they do with their phones are being monitored.

Jerry-

A list of why we are upset... and could give two shits about a Nexus in this matter.

1. The TOA we agreed to when activating our phones said "some information", not "text, emails, apps states, key-strokes, web pages (including HTTPs), contact info, locations... ect."

2.Issues like this have come to court before (State of N.Y. and Texas vs. Sony) and in the end it was ruled that just because a consumer agrees to a TOA or EULA it doesn't make it right. I couldn't agree more.

3. We come to you for reliable info about all things Android and then you say the fact that we unwittingly allowed our personal info to be shelled out like it's state welfare in front of crack heads. Some may be a bit put off if they are loyal to you and then you turn on them.

4. Buying a Nexus will fix this issue of privacy just as well as putting a Band-Aid on a tumor will cure cancer. Might I ask what you will do when Google see's that it's OK because we did nothing and lets CIQ on the Nexus? I mean they are first and foremost a company in need of info right?

5. We were wronged buy CIQ, manufactures, and the carriers. And then one of our community members was threatened for showing what was happening with OUR info on OUR phones. And after someone with pull finally stood for him he (and the rest of us) was given the shittiest of apologies and with lies via bullet point. FUCKING BULLET POINT LIES! We want justice. We payed hundreds for these devices, not to be completely spied on.

6. If we are not the customers of the manufacturers then take their retarded ad's down from the web site. They need to show them to Verizon and Sprint and the such, not us.

7. You may need to take another look at the definition of "Rootkit".

Where the hell is any response from the carriers? HTC has phones on every major carrier in the world. If this is limited to HTC I will eat my shorts. If a carrier that has HTC phones and it getting this gold mine of data -- you can bet your last dollar they would make other manufacturers do something similar.

About the only thing I agree with Jerry here is that we are the carrier's direct customer. If Sprint/VZW or whomever didn't want this to happen -- it wouldn't. I think the buck stops with them!

So what exactly do I have to do to get this crap off my Droid Charge? Once I root it what's next? Why haven't you gone into detailed information on getting rid of this trash, Jerry?

Tracking software will be on your phones one way or another. I'm pretty sure Nexus devices do send usage stats to Google, and even iOS would have it. The key here is transparency and security. What are these software developers, manufacturers and carriers collecting, what are they doing with the data and how do they keep that data safe? These are key questions/issues that need to be addressed properly. Mobile devices are becoming even more deeply entwined with our personal lives after all.

to the author of this article. obviously you did not watch the video that Trevor made about how this "ciq" operates. you should watch it. because the image you used in this article gives the idea that somehow carrier IQ was given the right to monitor your usage. that is patently false as shown in the video.
in the video Trevor records the whole process of starting up a fresh install of the system. and during that demonstration he unchecked the box that gave permission to collect and send info to HTC.

Great comments. Big time fan of your articles Jerry, but imho you need a mulligan on this one. The two opposing sides as I see it are 1) ciq crosses the line by a lot, or 2) we need more accurate information to agree or disagree with (1).

3) nothing to see here/buy a nexus
is not very satisfying, regardless if this falls under 'caveat emptor' or not.

Actually I think Jerry (probably unintentionally) nailed it with, "Carrier IQ, as a company, could care less what you do with your smartphone, when you do it, or why."

That's probably the most accurate statement in the whole article, because I'm sure Carrier IQ could care a LOT less about your data. The amount of their caring is probably equal to the amount of money they can - and do - make with your data.

http://incompetech.com/gallimaufry/care_less.html

I bet the Farber corporation in the 1940's didn't hate Jews either, but it still manufactured the gas the Nazis used to exterminate them.

By this twisted logic that Jerry and others are employing, drug dealers would be absolved of ethical wrongdoing because they are simply fulfilling an existing demand.

This attitude is bordering on the libertarian craziness that seems to be going around. The situation is also illustrative of why libertarianism doesn't work. It assumes all parties have perfect information in which to make a rational decision. It's always in the best interest of the corporation to obscure information that would impact their bottom line. They've done it here and they would do it even more if the referees were taken off the field, as the libertarians advocate.

Quoting Jerry H.

"CIQ has been around for over a year. Anyone who bought a phone with it installed in 2011 has only themselves to blame, agreed to it when they activated it, and now want someone to rescue them from their own bad decision. Sometimes, the truth is not popular."