Carrier IQ: The Rootkit Keylogger on Most US Smartphones

As it turns out, Carrier IQ, a research and metrics company, has software on a variety of smartphones, including a large range of Nokia, Blackberry and Android smartphones. It runs invisibly in the background, gathers a host of information and then feeds that information back to company servers, anonymously. This is done, supposedly for analytics, traffic monitoring and optimisation. Comparable to HTC’s background logging services then (which they have since withdrawn from). At this time Carrier IQ appears to cover phones from U.S Carriers and it’s unknown whether international phones are also affected.

So, what information do these background processes provide to carriers? Key presses, which apps are run, phone number and SMS logs and geographic data. The process has permissions to basically everything. Add this to the information carriers naturally have about you (like which cell tower you’re near, what your monthly usage and data patterns are) and they have a far more detailed picture that they would otherwise. CarrierIQ has , though their lawsuit (now dropped) against the security researcher who found the rootkit, may leave a bitter taste with many.

This is undoubtedly going beyond what most people would be comfortable with. However, it’s hardly surprising. Such information gathering occurs on many levels, even with website tracking cookies, or when you’re walking around shopping malls (see previous post). What the important takeaway with CarrierIQ is not that your information is compromised, it’s that it has the potential to be compromised AND it’s in the hands of a third party (one which many did not even know existed before this). It’s also encouraging to see that people still care about what’s running on their devices and want control over their own information, though many will be indifferent in this day and age of oversharing.

How does one tell if this is running on their phone? You can run the Logging Check app ( if you have root access. If you have an OEM-ROM’ed device, such as a factory Samsung or HTC device, odds are good that it’s running on your system. If you’re running an AOSP build, such as CyanogenMod or MIUI (which you SHOULD be ;), then you do not have this running.

More information from Trevor Eckhart here:

You can read CarrierIQ’s press release defending itself here:

Carrier IQ: The Rootkit Keylogger on Most US Smartphones – Forbes


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s