Update: Sprint says it's no longer using Carrier IQ

Sprint, in its reponse to U.S. Sen. Al Franken over its use of the Carrier IQ software, goes into great detail about how and why it needs and uses such analytic data, reiterating that "The Carrier IQ diagnostic tool can help Sprint engineers understand the functionality (or not) of handset appliations when connecting with the network and steps that Sprint might take to improve services ..."

Sprint also told Franken that it has Carrier IQ installed on some 26 million devices, but that the Carrier IQ software doesn't actually collect any data until Sprint itself tells it to. In fact, says Sprint, only 1.3 million devices -- that's 5 percent of the 26 million total -- may be "tasked" to collect data at a given time. And, Sprint says, that number often is much lower -- 30,000 -- when responding to specific research requests.

Sprint didn't spell out exactly which of its devices use Carrier IQ -- which has been in service of the carrier since 2006 -- but we've already seen answers from HTC and Samsung. (Motorola's are forthcoming.) The phones listed thus far include:

  • Samsung: Moment, Epic 4G, Intercept, Transform, Galaxy Tab (original 7-inch), Galaxy Prevail, Replenish, Conquer 4G, Transform Ultra (Boost Mobile), Epic 4G Touch
  • HTC: Snap (Windows Mobile), Touch Pro 2 (Windows Mobile), Hero, EVO 4G, EVO Shift 4G, EVO 3D, EVO Design 4G

Sprint also told Franken that it does not share any of the data it receives with third parties, that it "is used internally for Sprint's own use, for analysis by Sprint employees and contractors to assist wtih device certification and functionality on its own network, for network maintenance and improvement." But, Sprint added, "In the course of certifying device funcationality, prior to selling phones to customers, Sprint does share and receive certain testing results with handset manufacturers." The emphasis there is ours. Anything it shares with the manufacturer comes before it's in your pocket. Sprint also indicated that it does nto share any Carrier IQ data with law enforcement.

Sprint also explained how long Carrier IQ data is stored. Carrier IQ itself stores some of the data on its services for "approximately 30-45 days." Sprint keeps some data on its own servers for 6 months or so, and stores aggregated reports from Carrier IQ for 12 months (varies depending on the analysis being conducted, Sprint says). 

Probably our favorite part of Sprint's repsonse, though, comes from a footnote in its introductary statement, wherein Sprint reminds us all that it already knows the cell site you're using, the people your calling and texting, and the websites you're visiting. It has to to be a carrier, and you're paying it to do so. Here's the full passage:

"Similarly, we know the cell site on which a phone is registering its location, which is necessary for the delivery of voice and data services. We also know the telephone numbers to which our customers initiated a call or sent a text. Such data is necessary to deliver communications services. In many cases the data collection is required by law and regulations."

More: Sprint's response (pdf)


Reader comments

Sprint: 26 million devices with Carrier IQ, but we only ping a fraction at one time


I have no coverage issues with sprint, in fact my coverage is just as good as verizon and the speed used to be faster before iphone came to sprint but with all the network upgrades speed is going back up plus lte is coming next year. So for saving not just a little money but a lot I'll stick with sprint and my rooted evo which has a custom rom with no carrier iq. Don't think the extra $ is worth it unless their lte doesn't come through which will happen as planned.

Not worried about Carrier IQ. Who cares, if they are using the information for the better of the network, and not selling your information.. I could care less.

They might not be selling your information but they are using it to gain more marketing edge and more partners to make money, so in the end they are making money of the information the get from ciq. Either way the best thing to do if you really are annoyed at this is buy a phone that can be rooted and has custom roms. Most custom roms have ciq removed.

What concerns me is what kind of performance impact this software has on infected devices. It's constantly running, logging everything you do, and that's costing you resources and battery life. And who knows if it counts against your bandwidth cap when it transmits its data.

This is going to be much ado about nothing...hopefully these companies will learn to be more forthcoming about what's on our phones in the future!

Anybody remember when we all found out that printers secretly encode information about the printer model and IP address to aid law enforcement? That's ancient history now...and nobody seems to care about that anymore.

Being a Sprint customer, at first I was pretty pissed about all of this CIQ stuff. But then I talked to my wife that has an EVO 4G and she was a little concerned at first, but said if it's working to make my service better I guess I don't mind. Then I talked to a co-worker that has an Epic, and his response was about the same. So then I looked at myself and perhaps all of this is just blogosphere buzz. I feel like this is just turning into a Hollywood story for Tech blogs. There is other things in life that do similar things as CIQ and are just as invasive to your privacy. Look at OnStar in GM cars. They have the ability to track GPS, MPH, and as far as whether or not your seatbelt is on. The average consumer probably doesn't know that, but it has been exposed through media. Sure the consumer knows they have OnStar, but I am sure they don't know the full capability of the service is and "IF" in the wrong hands it could do. Everyone is so freaked out about the "WHAT IF' aspect of this CIQ.

Anyone remember this?

A lawsuit seeking to ban Kraft Foods from selling Oreos to children because the chocolate-cream cookies are allegedly unhealthy will be dropped, the San Francisco lawyer who filed the suit said Wednesday.

Of course it's unhealthy...it's chocolate and sugar.

That's what all this seems to me.

You miss the point completely; yes, we know Oreo's are unhealthy, we know what Onstar does, we have the choice to eat/use them at our own discretion. We didn't know CIQ was there, and we have no way to get rid of it, short of rooting the phones. Your examples make no sense.

First of all. The OREO story matches exactly. Because it was discovered that they were putting Trans Fat in the filling and the public didn't know about it. However, it was proven that you would have to eat an incredible amount of Oreo's to even have any sort of effect from the trans fat. And unless you can make OREOS in your kitchen Scott, you can't remove it.

Thank you for stating the obvious, "We have the choice to eat/use them at our own discretion." It's the same for carriers as well. If you have the same passion in real life as you do in your computer chair, then do as mentioned a couple posts below, buy an unlocked phone. You know you have a choice if you are on this site. And meanwhile, educate those around you on why you made the decision you did and why they should do it too so that they can make an educated decision as well.

The point I was making is that is about what they "could" do with all that information.

There is a flaw in your logic and analogy here. As a consumer there are couple of things a consumer can do:

1) If the consumer didn't know initially "Trans Fat in the filling", they can always go back and return the stuff for the full money back in most of the grocery stores. Whereas you can't replace a cellphone. By not eating OREOS, I do have a choice to select different cookies but guess what I don't have to pay 3/4 times the price. Whereas buying an unlock phone you pay as much high as 4 times of the cost of the phone. And secondly cellphones are not same as cookies. You can live by not eating a cookie but if cellphone is your only choice of communication then you are stucked.

2) There is a difference between buying an unlock phone and buying a rooted phone. Sprint doesn't sell unlock phones unlike GSM carrier phones. And even if you buy an unlock phone, you can't remove the carrier IQ app unless you use root access.

3) When you buy a cookie, you kind of know it has sugar and chocolate because it is on the BOX. Any common sense can tell you more is harmful. These two ingredient are enough to trigger further analysis to find out whether does these ingredient has anything more harmful. But in case of cellphone, there is no mention of this app running in the specs. That's where the major difference is. Without knowing what's out there, there is no way to know any suspicious activity thereby the reason for the lawsuit.

Here you go: your analogy doesn't make any sense at all.

Until someone proves that Verizon does use Carrier IQ (so far they are still in the clear), Sprint is the carrier that deserves the most backlash for this Carrier IQ fiasco. At least with AT&T and T-Mobile you can import a carrier-unbranded device free of Carrier IQ crap and use it on your current service. With Sprint, you are stuck with the CarrierIQ-infected devices they sell. Yes, Sprint knows what numbers I call to and receive calls from. They know what sites I visit and what messages I sent -- they are a carrier after all. But as another poster mentioned in one of these CarrierIQ posts, Sprint doesn't need to know how many times I press the Home button, how many times I open the Messages app or each and every volume and ringtone change I make.

Seriously, not disclosing this Carrier IQ spyware and not giving users a way to opt out should be enough reason for customers to be let out of our contracts without an ETF. Ideally this should apply to all carriers, but especially more so to Sprint and any other CDMA carrier for which we do not have the alternative of using CarrierIQ-free devices.

And inb4 the "get a Nexus" replies: Until there is a Nexus phone with a hardware keyboard and that is available to all customers regardless of CDMA or GSM carrier, the "get a Nexus" option is not an alternative for everybody.

And how many people who don't follow tech like yourself know about imported unbranded phones, and what frequencies work and what bands you need for 3G and 4G speeds? Hell, people don't even know why some phones require a SIM and why some don't. Which to us seems trivial, but to them, they don't care but just comment about it. Hell, I had to explain to my wife the other night how Google syncs her contacts and the wires that used to be used isn't required anymore. You need to step outside the .com square and understand you are an insider to this information.

Carrier IQ must not be working to improve their network...4G is not functioning on my phone.

Hello Everyone,
I worked in Sprint's product development and device team department which is headed by Farid Adib. I can tell you for a fact that Sprint telling the excuse "The Carrier IQ diagnostic tool can help Sprint engineers understand the functionality (or not) of handset appliations when connecting with the network and steps that Sprint might take to improve services ..." is a TOTAL B.S. They collect every move of your phone, what app you opened and what time, what app you closed and what time, what's your demographic group, your behaviour pattern, your age group and all other information. The primary reason they want to collect every detailed data is they gather that in their internal application call "BMW". Based on the data they are making bloatware app like SprintZone and Sprint ID to load your devices with suggestions. If they are telling you that they are using for diagnostic purpose then they are strictly lieing. I can attest that information because I worked inside with marketing people and product development.

I don't have to prove to the forum. Plus I can not just expose Sprint's data as that is their proprietary information.

Then...you should contact Senator Franken's office and go on record. I'm not calling you out, but if you know Sprint's lying...Senator Franken needs to know they're lying.

I am not working for Sprint now. I don't want to show any data files because that's Sprint's proprietary information.

But I have been inside enough to tell you the Sprint Zone app which is going to be a brand new integrated with Sprint ID will promote Customers like Disney, NBA, etc to load apps related to user based profile. There is an another web app in progress for representatives of Disney, NBA, etc to promote information for Sprint Zone and Sprint ID to take into effect. Sprint's Sprint Zone app takes that information and based on user profile and "BMW" data (which basically stores user activities on the device) to show you appropriate promotions through their bloatware app. Without capturing user activity there is no way to differentiate users based on the profile. Profiles could be 24, male & gamers, women who are pregnant, young kids, etc. Sprint will make money from the Customers like Disney, NBA, etc to load apps related to user based profile.

If I am not lieing then guess what, in few months, Sprint is coming up with Chrysler to provide daily, weekly passes to access internet right from the car. This thing will be built in to the car dashboard. Currently project with Chrysler is going on. So let's say if you are driving on a vacation on Interstate 35, your kids can watch movies on their tablet by using a daily pass and your car acts like modem.

Sprint and others can use the bitching to customer support to determine when their network isn't working. Or they can compensate volunteers to have it on their phone.

They don't need it from everyone, and based on my experience they aren't using all that data anyway.

A few comments.
1. While Verizon may not use CIQ we do not no for sure that they do not use a similar product. I want them to come out with the statement that they do not use any products that do what CIQ has done

2. How do we know that CIQ is secure? Can malware potential access that data? Have you ever accessed your bank online, CIQ has your password, how about your work e-mail CIQ has your password or perhaps a stalker could access your gps location? I am a teacher and I access my e-mail on my phone, I know for a fact CIQ potentially breaks legal confidentiality laws I must uphold about my students.
3. Can the government obtain the information collected by CIQ, either though legal channels, or on somewhat more questionable Patriot Act methods? They can already issue warrants for your e-mail records so I would assume they could do the same for CIQ.

And the argument that I do not do anything wrong, is bogus. As I said in #2, CIQ still potentially has access to sensitive information about my work and financial information.