CarrierIQ -- a Q&A

A little light reading for a fine fall Sunday. What is CarrierIQ, what's all the fuss about, and what can be done?

What is CarrierIQ?

CarrierIQ is a company based in San Jose, Calif., that provides a tool (that's probably a gross understatement at this point, but that's really what it is) for carriers to obtain analytics about how you use your smartphone.

No, really? That totally sounds mostly harmless.

Sure does. Because we completely oversimplified it without any dramatization.

OK. So what's the big deal?

The big deal, really is how this is all going down, and whether you've been properly made aware of it in the first place.

Fine. Then explain it for us.

Here's the skinny: CarrierIQ is an app -- more like a "service," actually that runs in the background on select phones on select carriers. It's not actually a part of Android, and it's not something you can download from the Android Market.  Some have called it a "rootkit", and in a way it is.  But it's purposely there from the folks who made your phone.

Rather, it's a tool for carriers to get analytics about how you use your phone. The explainer on CarrierIQ's website describes it as:

"... the leading provider of mobile service intelligent solutions to the wireless industry. As the only embedded analytics company to support millions of devices simultaneously, we give wireless carriers and handset manufacturers unprecedented insight into their customers' mobile experiences."

That actually sounds a little scary. Is it?

Yes and ... mostly yes. 

On one hand, you really shouldn't be surprised that a company that provides a service to you wants feedback into how you use that service. That makes sense, right? You get e-mail surveys, maybe even a phone call asking about your service. That's nothing new.

But in this case, it's twofold. You're buying hardware (the phone) and a service (data and voice) from a carrier such as Sprint, AT&T, T-Mobile or Verizon -- or any of the other regional carriers in the United States, or carriers abroad. That's two (or three) temptations for company you're buying from to be interesting in how you're using its services.

You said the big deal is how this is being done ...

Yep. And it's a pretty deep process, too. CarrierIQ appears to basically be a "Man in the middle" tool. It sits just above the Android operating system but below the user interface. It's not an application you can uninstall, but it's running in the background nonetheless. (Which is why we're referring to it as a "service.")

As we've all seen in Trevor Eckhart's video, CarrierIQ certainly appears to have access to most everything you do on your phone, in one form or another. So does Android, of course. And so does any application that properly declares that it has application to this data.

If you haven't seen it already, watch Eckhart's demo video. It's interesting, to say the least.

But I had never heard of CarrierIQ, and don't remember giving it permission.

Sounds about right. You probably never saw a box saying "Hi! I'm CarrierIQ, and I would like to know how you use your phone so that I can tell ... somebody ... how you use it!"

And this is really where things get sticky. On one hand, when you sign into your Android phone for the first time -- any Android phone -- you're likely to have skipped over any number of log-in screens that tell you exactly what's going on. We don't blame you. We do it, too. Some of them may be from Google, telling you that its services would like to know where you are and what you do. Or it may be from the manufacturer so that its services -- HTC Sense, Motorola's old "Blur" or Samung's TouchWiz -- can work properly.

And, mostly, we'll accept these at face value. If your phone tells you it would like your permissions to do something, you'll probably say yes.

But in the case of this CarrierIQ service, you never once saw a pop-up, a dialog, asking if it could have access to your data.

But that's where the outrage starts to come in. 

So is CarrierIQ spying on me or not?

Technically? Yeah. It is. Only, you're paying someone for that privilege. 

Say what? And how did it get on my phone?

It's called "CarrierIQ" for a reason. As we've said before, your carrier really is the one to blame here. It's the one that paid to put CarrierIQ into the ROM that's on your phone.

CarrierIQ didn't crawl into your house in the middle of the night and work its way into your phone. It didn't hop on board through some app you downloaded (never mind how much porn you've been browsing -- though you might think twice about that now).

Plain and simple, if it's on your phone, it's been there since you bought it.

How long has this been going on?

Remember the old HTC Hero on Sprint? It's on there.  Its earlier forms were much more simple, but it still tracked and logged data about you at the behest of your carrier.

Yikes. So what carriers should we be blaming?

At this point, Sprint, T-Mobile, and AT&T are definite, but there may be others.  There also may be similar software from another company doing the same sorts of things on other carriers -- we mentioned that carriers find this information pretty valuable.

Damn you, Android!

Oh, you've been reading those headlines, have you? This is not an Android problem. It's not Android's fault. Google is not to blame. Mostly. CarrierIQ is a service, tacked onto the operating system and hardware that you purchased.

Android is an open-source system. And while it has some control (exactly how much remains to be seen) over the end product, the carriers and manufacturers can still basically do whatever the hell they want to the phone -- including installing invasive and relatively hidden analytics services.  We wouldn't want it any other way, and sometimes you have to take a little of the bad to have all the good.  Had Android not been open-source, with debugging output there for everyone to read, we may have never found Carrier IQ.

That said, it does seem to be a bit of a cop-out for Google to wash its hands of this, which it's essentially done. In the end, it's Google's operating system, and its reputation, at stake. On the other hand, everybody's pointing the finger at everybody else here. It's a little ridiculous.

OK. So how can I tell if CarrierIQ is on my phone?

There are several ways, but the easiest it to visit this link to the Android Market and try one of the free apps that have been written to detect Carrier IQ. We're not going to endorse one over the others -- read the reviews and pick one of them. When you're done, you can uninstall it to free up space.

Crap! I have Carrier IQ on my phone. How do I get rid of it?

Here's the real meat of the issue, and for most of us the most difficult part to get a handle on.  You're not going to be able to get rid of Carrier IQ yourself, unless you root your phone.  It's buried deep into the OS, where things are read-only for normal users, and off-limits unless you're rooted.  Blog comments aren't the best place to find out more about that, but forums are.  Visit some.  Visit ours, visit others, visit them all and read what you can.  Ask all the questions you think of, and make sure you know the answers before you get started.  Most times, it sounds scarier than it is.  After you've done the deed, you can delete the files or just flash a custom build of the firmware to your device that has had Carrier IQ removed. 

Is having to root your phone, potentially voiding your warranty, in order to get rid of this fair?  Hell, no.  We don't want to start a virtual riot, but if people started making petitions or Facebook page campaigns, we wouldn't blame them.  Nor do we think having a Senator involved is a bad thing.  We all have a right to feel the way we feel about this whole fiasco.  Make a little noise if you think this warrants it.

And one or two last things ...

Don't let the carriers off the hook here. They could have very easily done this the right way by including a clear notification when you boot the phone for the first time asking if you want to help them out by providing analytics data in the background. Explain what's being collected, who it's being sent to and why, and an easy yes/no checkbox. It's that simple. 

There's plenty of blame to go around. And while this is a pretty big black eye for everyone involved, it's not the end of the world for Android. The carriers just way overstepped. And the manufacturers and Google let them.

Let's fix this, folks.

Phil Nickinson