Google CEO Eric Schmidt distanced his company from the scandal surrounding the Carrier IQ software in remarks at an internet freedom conference in The Hague yesterday. During his talk he called Carrier IQ a key-logger. “[I]t actually does keep your keystrokes,” he said, “and we certainly don’t work with them and don’t support it.”
The Carrier IQ scandal - dubbed the "Spyphone" scandal by some - broke early last week when Android app developer Trevor Eckhart posted a YouTube video demonstrating that the software has access to a slew of sensitive data on users’ phones, including keystrokes, location data, web traffic, and SMS messages. Eckhart called the software a “rootkit,” and pointed out that most users who have it on their phones are not aware of it, and are not given the opportunity to disable the app’s data collection.
The presence of the software on Android phones despite Google’s lack of support is, Schmidt said, one of the pitfalls of creating an open operating system. The freedom of carriers and manufacturers to modify the OS to suit their own needs has the potential to create a host of situations that are beyond Google’s control. “Android is an open platform,” Schmidt said, “so it’s possible for people to build software that’s actually not very good for you, and this appears to be one.”
As the story developed last week information came to light that the software was to be found on a wide variety of mobile phones across carriers - AT&T, Sprint, and T-Mobile phones all carry the software, as do Blackberry phones and even Apple’s iPhone, though in a slightly modified version. The carriers all released statements defending their use of the software, which they said they only use to gather data on handset and network performance, and never users’ personal information. This mirrors statements by Carrier IQ that although they made the software to access a wide variety of data, they did not intend it to function as spyware. The only data the software sends to Carrier IQ, they said, is network and handset performance information. At least three lawsuits have been filed against Carrier IQ, carrier companies, and phone manufacturers since the story broke.
In an interview with TPM published on Wednesday, Carrier IQ’s Vice President of marketing, Andrew Coward, tried to nuance the company’s response to the scandal. He claimed that although users are not aware that Carrier IQ, specifically, is on their phones, the service agreements they sign with carriers authorize the collection of diagnostic data from their phones. Carrier IQ, he said, is a tool used by carriers to gather information on “how the network is actually working.”
Meanwhile, a pair of Android apps designed to detect the presence of Carrier IQ’s software on users’ devices reached a combined total of 200,000 downloads in the Android App Market on Monday. Apple released a statement last week saying that they had stopped supporting Carrier IQ with iOS 5, and would soon be releasing an update that would remove the software completely from all their devices. Though the software is installed on the iPhone, it is only active when the phone is in diagnostic mode. Also, of those with the software installed, the iPhone is the only device to allow users to disable diagnostic data gathering.
Several phones appear to be free of the software completely, including Google’s Nexus devices, phones running the Windows Phone operating system, and HP’s webOS devices.