CarrierIQ -- a Q&A

A little light reading for a fine fall Sunday. What is CarrierIQ, what's all the fuss about, and what can be done?

What is CarrierIQ?

CarrierIQ is a company based in San Jose, Calif., that provides a tool (that's probably a gross understatement at this point, but that's really what it is) for carriers to obtain analytics about how you use your smartphone.

No, really? That totally sounds mostly harmless.

Sure does. Because we completely oversimplified it without any dramatization.

OK. So what's the big deal?

The big deal, really is how this is all going down, and whether you've been properly made aware of it in the first place.

Fine. Then explain it for us.

Here's the skinny: CarrierIQ is an app -- more like a "service," actually that runs in the background on select phones on select carriers. It's not actually a part of Android, and it's not something you can download from the Android Market.  Some have called it a "rootkit", and in a way it is.  But it's purposely there from the folks who made your phone.

Rather, it's a tool for carriers to get analytics about how you use your phone. The explainer on CarrierIQ's website describes it as:

"... the leading provider of mobile service intelligent solutions to the wireless industry. As the only embedded analytics company to support millions of devices simultaneously, we give wireless carriers and handset manufacturers unprecedented insight into their customers' mobile experiences."

That actually sounds a little scary. Is it?

Yes and ... mostly yes. 

On one hand, you really shouldn't be surprised that a company that provides a service to you wants feedback into how you use that service. That makes sense, right? You get e-mail surveys, maybe even a phone call asking about your service. That's nothing new.

But in this case, it's twofold. You're buying hardware (the phone) and a service (data and voice) from a carrier such as Sprint, AT&T, T-Mobile or Verizon -- or any of the other regional carriers in the United States, or carriers abroad. That's two (or three) temptations for company you're buying from to be interesting in how you're using its services.

You said the big deal is how this is being done ...

Yep. And it's a pretty deep process, too. CarrierIQ appears to basically be a "Man in the middle" tool. It sits just above the Android operating system but below the user interface. It's not an application you can uninstall, but it's running in the background nonetheless. (Which is why we're referring to it as a "service.")

As we've all seen in Trevor Eckhart's video, CarrierIQ certainly appears to have access to most everything you do on your phone, in one form or another. So does Android, of course. And so does any application that properly declares that it has application to this data.

If you haven't seen it already, watch Eckhart's demo video. It's interesting, to say the least.

But I had never heard of CarrierIQ, and don't remember giving it permission.

Sounds about right. You probably never saw a box saying "Hi! I'm CarrierIQ, and I would like to know how you use your phone so that I can tell ... somebody ... how you use it!"

And this is really where things get sticky. On one hand, when you sign into your Android phone for the first time -- any Android phone -- you're likely to have skipped over any number of log-in screens that tell you exactly what's going on. We don't blame you. We do it, too. Some of them may be from Google, telling you that its services would like to know where you are and what you do. Or it may be from the manufacturer so that its services -- HTC Sense, Motorola's old "Blur" or Samung's TouchWiz -- can work properly.

And, mostly, we'll accept these at face value. If your phone tells you it would like your permissions to do something, you'll probably say yes.

But in the case of this CarrierIQ service, you never once saw a pop-up, a dialog, asking if it could have access to your data.

But that's where the outrage starts to come in. 

So is CarrierIQ spying on me or not?

Technically? Yeah. It is. Only, you're paying someone for that privilege. 

Say what? And how did it get on my phone?

It's called "CarrierIQ" for a reason. As we've said before, your carrier really is the one to blame here. It's the one that paid to put CarrierIQ into the ROM that's on your phone.

CarrierIQ didn't crawl into your house in the middle of the night and work its way into your phone. It didn't hop on board through some app you downloaded (never mind how much porn you've been browsing -- though you might think twice about that now).

Plain and simple, if it's on your phone, it's been there since you bought it.

How long has this been going on?

Remember the old HTC Hero on Sprint? It's on there.  Its earlier forms were much more simple, but it still tracked and logged data about you at the behest of your carrier.

Yikes. So what carriers should we be blaming?

At this point, Sprint, T-Mobile, and AT&T are definite, but there may be others.  There also may be similar software from another company doing the same sorts of things on other carriers -- we mentioned that carriers find this information pretty valuable.

Damn you, Android!

Oh, you've been reading those headlines, have you? This is not an Android problem. It's not Android's fault. Google is not to blame. Mostly. CarrierIQ is a service, tacked onto the operating system and hardware that you purchased.

Android is an open-source system. And while it has some control (exactly how much remains to be seen) over the end product, the carriers and manufacturers can still basically do whatever the hell they want to the phone -- including installing invasive and relatively hidden analytics services.  We wouldn't want it any other way, and sometimes you have to take a little of the bad to have all the good.  Had Android not been open-source, with debugging output there for everyone to read, we may have never found Carrier IQ.

That said, it does seem to be a bit of a cop-out for Google to wash its hands of this, which it's essentially done. In the end, it's Google's operating system, and its reputation, at stake. On the other hand, everybody's pointing the finger at everybody else here. It's a little ridiculous.

OK. So how can I tell if CarrierIQ is on my phone?

There are several ways, but the easiest it to visit this link to the Android Market and try one of the free apps that have been written to detect Carrier IQ. We're not going to endorse one over the others -- read the reviews and pick one of them. When you're done, you can uninstall it to free up space.

Crap! I have Carrier IQ on my phone. How do I get rid of it?

Here's the real meat of the issue, and for most of us the most difficult part to get a handle on.  You're not going to be able to get rid of Carrier IQ yourself, unless you root your phone.  It's buried deep into the OS, where things are read-only for normal users, and off-limits unless you're rooted.  Blog comments aren't the best place to find out more about that, but forums are.  Visit some.  Visit ours, visit others, visit them all and read what you can.  Ask all the questions you think of, and make sure you know the answers before you get started.  Most times, it sounds scarier than it is.  After you've done the deed, you can delete the files or just flash a custom build of the firmware to your device that has had Carrier IQ removed. 

Is having to root your phone, potentially voiding your warranty, in order to get rid of this fair?  Hell, no.  We don't want to start a virtual riot, but if people started making petitions or Facebook page campaigns, we wouldn't blame them.  Nor do we think having a Senator involved is a bad thing.  We all have a right to feel the way we feel about this whole fiasco.  Make a little noise if you think this warrants it.

And one or two last things ...

Don't let the carriers off the hook here. They could have very easily done this the right way by including a clear notification when you boot the phone for the first time asking if you want to help them out by providing analytics data in the background. Explain what's being collected, who it's being sent to and why, and an easy yes/no checkbox. It's that simple. 

There's plenty of blame to go around. And while this is a pretty big black eye for everyone involved, it's not the end of the world for Android. The carriers just way overstepped. And the manufacturers and Google let them.

Let's fix this, folks.

  • Thanks for the info.... again. It's on all the major news networks. So, it's old news. And what are people in the US supposed to do? Have a revolution? Let's show those dirty characters a lesson. NO MORE PHONES... Don't buy anything. Turn off the devices you have. That'll teach them a lesson..... Geeze, wake up and smell the roses. Nobody is going to voice their opinion, except on the online forums. They won't stop buying phones in the us, they won't turn them off. In the end, they will buy their phones, accept the CIQ, and be simple mindless sheep. Accept the inevitable.
  • Accept the inevitable my A**, I posted the video he's referring to along with link so ppl can write their reps and senators about it. I'll post them RIGHT HERE as well.
    For your senator For your representative Please do both, thanks!! Tell them something to the sort of not only did you not opt into this, but you can't opt-out and that is the problem, and that and all things like this SHOULD be opt-in.
  • You live in the US. Patriot Act. You don't have a choice to "opt out" And if you did "opt out", you would be destined to 5yr old nokias........
  • You're an idiot for thinking this has ANYTHING to do with the Patriot act. That covers govt actions. This is nothing more than the carriers wanting to know how we're using our phones which is none of their business unless we want it to be.
  • Clearly you are clueless. I already "opted out" on all of the phones in my house long before we even knew what CarrierIQ was. Cyanogen doesn't have it.
  • There are a few things you can do here on the US: 1. Lawsuit
    2. Write your representative (although it seems that most of them are taking action without anyone writing to them) Lawsuits actually work when they work.
  • I noticed you didn't list Verizon as a carrier guilty of this outrageous privacy invasion. Does that mean it's not on their phones? No wonder there are FORCED updates.....
  • Verizon has gone on record stating that CarrierIQ is not on their phones.
  • But they also didn't state that they're not using something similar.... Not using CarrierIQ, yes, but CarrierIQ's evil twin? NO one knows...
  • But if it weren't for CIQ, Android bloggers would actually have to work for their articles, instead rehashing CIQ over and over again. BTW, US Cellular has publicly stated that they do not use CIQ on any of their phones; one more reason I'm glad I gave AT&T the boot last year.
  • Ive been looking for a good resone so go back to blackberry and this takes the cake.
  • Seriously? You've been looking for a reason to start using fruit phones again? Those phones have an average shelf life of 3 to 4 months. And do you really think bb isn't aware of how you use their products through their own services? You do realize that governments in the middle east have forced RIM to grant them access to their servers. Can't really boast security when you allow terrorists inside.
  • Seriously? You've been looking for a reason to start using fruit phones again? Those phones have an average shelf life of 3 to 4 months. And do you really think bb isn't aware of how you use their products through their own services? You do realize that governments in the middle east have forced RIM to grant them access to their servers. Can't really boast security when you allow terrorists inside.
  • Yes Im an aware that the government has FORCED Rim to grant them access to tbere services. But at lease they fought to keep there devices secure . There was no fight with android or iphone.
  • Be aware TMobile puts CIQ on their BlackBerry phones (not saying you are on Tmob, just giving a heads up)
  • Hahahahaha! Nice one. Both Blackberry and Apply phones also have CarrierIQ. If you want to go back to BB, then do it. No one here cares what phone you use.
  • Blackberry has their own "CarrierIQ" type software on their phones. In fact Blackberries collect MORE info from their devices than CIQ and store them onto their Blackberry services. Good luck with that switch.
  • This is why open source os is a bad thing . I guess its on are tablets as well.
  • I don't think this relates in any way to open source being a bad thing. If it were closed, then stuff like this STILL could exist, and also from the maker of the OS. Yet, there would be no alternative firmware you could even load.
  • It's on the locked down iphones all the same, its not just an open source os thing Miktro.
  • Yes it on Iphone as well but thats apple letting the carriers spy on there customers. open source anyone can do what they want with it they dont need androids ok to do it so it much easier to do shit like this.
  • Wait, so another company saying that it can be on the phone makes it acceptable... That makes absolutely no sense.
  • Has absolutely nothing to do with Open Source. If you make a phone and you want to sell it, you have to sell it to the carrier. If AT&T says they want CIQ and you don't install it, guess what? They won't buy it. It's how it works in the U.S. unfortunately. (Oh, and yes, you could sell your phone unlocked, but most U.S. buyers will balk at a full price phone.)
  • I'm sorry, but this is the wrongest statement I've read all day, even wronger than modifying the word wrong with er and est for superlative purposes. This has nothing to do with open source! iOS 3,4 and some 5 all have "carrierIQ" and they clearly aren't open source. Of course that just proves the statement wrong, but doesn't explain why it's so egregiously, inherently wrong. It's antithetical to OSS. OSS is so wonderful because anyone can read it and compile it! Closed source software is insecure because developers can intentionally, or unintentionally leave holes in it. It's protection through obfuscation, not protection through good, rigorously inspected coding.
  • Confirmed: Sprint Evo 3D has Carrier IQ. So does my old, Evo 4G (which has no connection with the carrier anymore). So it might be safe to assume that most or all Sprint Android devices contain this spyware. If you already have a device infected with the Carrier IQ rootkit, it looks like your only option to get rid of it is to void your warranty, lose all updates, and lose at least some if not many hardware features by rooting the phone and installing a different, 3rd-party firmware. What great choices.
  • You are dead on except the part where you're completely wrong. You can rook your phone and remove CarrierIQ without losing any updates or hardware features at all. You don't even have to flash a new ROM if you don't want to, just leave the stock ROM there once you root. Of course if you go through the trouble or rooting it would make sense to at least install a stock ROM that opens additional features that you don't current have or have to pay ridiculous prices for.
  • Being spied on in any form is horrible. In this sort of thing you cannot be a little pregnant:)
    I grew up in East Germany during the STASI years, and believe me, hearing someone taking a breath while you are on your phone is chilling. This is why carrier IQ and or "the carriers" must be stopped.
  • Oh yus! I don't have it! :)
    I have T-Mobile's Samsung Exhibit II 4G. UPDATE: Nevermid, I do have it... The app was frozen when I first ran it, but when I ran it again it said I have it. ¬_¬
  • Maybe the carriers could offer OTA updates to remove CIQ. Would that alleviate some of your concerns?
  • Ran the voodoo carrier IQ detector on my Inspire... No Carrier IQ detected.. Guess I got nothing to worry about. Curios why a carrier would have it on one device but not others.
  • Just wait til your next forced update, you'll have it option to decline those forced updates either....
  • What forced updates? I've never been forced to update any of my phones. I turn updates off as soon as I get them.
  • Just now ran voodoo on my wife's AT&T sgs2... No Carrier IQ detected. So what AT&T phones are we talking about?
  • It's on my Skyrocket
  • Just curious as to why AC passed on this major story when it had the opportunity to cover it early on? As I look to AC for most of my Android info, I was disappointed that AC initially passed on informing its readers of CARRIER IQ. All major news media is now reporting on this, so AC initially missed the boat! Why did you not report on this story?
  • Hey Phil, update the part under damn android to include that this is also on other phone manufacturers phones, just to clear up that it is also not just an android only issue. Apple has stated it was on all of their phones as well and im sure there are others except for MS windows phone 7. but really, why would i want to switch to that.
  • Its been confirmed its not on Blackberrys.
  • yes, it is....trying researching it a bit better, a simple google search would have told you that....
  • Apparently TMobile puts it on their BlackBerry phones behind RIM's back
  • Ran voodoo on my stock droid x and nothing was found.
  • AH HA HA HA...... Parinoia sets in... Livin in America... dot o dit diddy did a dot Livin with the Patriot act... Owww! It feels good!!!
  • Great Q&A, thanks! I hope these carriers get sued!
  • This has nothing to do with the patriot act. Obviously don't know anything about the patriot act and who gets to use that and what for. Making completely misinformed childish comments just makes you look stupid
  • You can bitch about it all you want, but CarrierIQ is going to be baked into our phone's ROMs until somoene makes a better product to do the same thing. At the end of the day after all of the bad PR, condemnation, etc, you'll get an apology from the carriers who used it and there will then be a legal notice or click-wrap license on every phone that they sell advising you that they are doing what they've already been doing. This data is simply far too valuable to the carriers and (potentially) far too important to law enforcement for them not to be collecting it.
  • Okay, I was just browsing through Root Uninstaller for shiggles, and came across a random package called "System Manager Application". Seems important right? I clicked on it, and guess what I see in the package name? "IQ". So I'm guessing this "important" package turns out to be the spyware. Well played T-Mobile.
  • If you can and there's support for your phone just use CyanogenMod.
  • MIUI doesn't have CIQ, either.
  • .
  • another snarky Android central article. What a surprise...can we get Alex to write these from now on?
  • Just because CIQ isn't on your phone doesn't mean some other software isn't . Google is getting your info, Apple is getting it, as well as your carrier plus many others. It's big business and your data is the product.
  • So is it possible to tell carriers and CIQ to f*** off? a form of a class-action law suit?
  • As a consumer (without wearing the tinfoil hat) this is an outrage and equates to an INVASION OF PRIVACY and THEFT. Unless I'm breaking laws, how I use my device is up to me and I should be secure in how I use it. My feedback and whether I'm happy with my purchase or not belongs to me; I own my thoughts and actions. If you want diagnostics or "analytics" on how I use my phone you have to ask for permission. Sprint, HTC, Carrier IQ and/or Google didn't ask for permission. One, several or all of these entities installed software to take it from me; STEALING. Doing so without my knowing is an intentional invasion of privacy and protected under federal wiretap laws (to the best of my knowledge). As a concerned citizen (wearing a tinfoil hat), God only knows the true location that all of this data is being collected and stored. Is it for marketing or to track individuals and log what they've done in a database for later scrutiny? It doesn't really matter because neither are OK (unless you just decide to knowingly give up that information). I don't care if it's just to see how well my device is working on your network. If so, it was done VERY messy and without the best interest of consumers in mind. Regardless of WHY, this is still WRONG.
  • It's not just android phones though, it's apple phones too. If a carrier put the CIQ on one phone they do it to all of them. This is a pretty big mistake the carriers have made. The carriers are to blame here.
  • That link pretty much pins most of this on the carriers and proves CIQ is lying to defend them. CIQ has marketed their product stating that they can do everything that we have discovered (and subsequently lied about doing!). The carriers see this and install it without our consent and operate it without our knowledge. This all disgusts me.
  • I just checked my Inspire (AT&T) and the device does mot have CarrierIQ on it. It must be on select devices on select networks. I don't like that there are apps like this, but unless you buy a Nexus device, this is the gamble you take with bloatwate.
  • CIQ has been out of MIK ROMS for a long while now... many months
  • Factory-unlocked phones that have no carrier software naturally don't have this, since they've never been touched by a carrier.
  • I think part of the problem is that you can buy a device out of contract without agreeing to anything and it will still be on there. You have no say unless you can ROM your phone. And we know how difficult carriers are making it to do that.
  • Much better post than Jerry's. It warns against over-reaction without making it seem like nothing is wrong.
  • Agree. Great article!
  • I think the last paragraph of the story is the biggest deal here. When I install a lot of Microsoft products on my PC, usually there's a checkbox at the end of the install process that asks if I want to send anonymous usage information to Microsoft. I can't remember if it says exactly what they send. But I can uncheck that box.
  • so your big niggle about carrier iq is that they dont make you fully aware of it being on your phone, guess what you just did? you made us aware that it could be on our there explodes your little niggle
  • No, the problem is that they are doing it without consent and there is no setting to turn it off. Knowing you are being spied on does not imply consent. Niggle intact.
  • Carriers are butt munchers.
  • No CIQ On My Nexus S 4G. Simply Root And Be Free
  • I totally understand the idea of CIQ and like it...but hate the way carriers went around using it. I would mind letting them in if they give me something in earlier upgrades or giving me insurance for free. Just saying that if they are using it to help determine where their networks need to be better and stuff like that I'm fine with it...but tell me about it first. Also want to talk about privacy had to go into the Sprint store and get a replacement for my ns4g and the tech was showing another guy how to show a customer all the texts sent and received on that customers account in the last year.
  • Thats a great option and notification dodgebusta!