Comprehensive Analysis of the Carrier IQ’s Products

Background

Recently, Android developer Trevor Eckhart found Carrier IQ software could gather user privacy information. This software is pre-installed into phones by Carrier IQ and its wireless carriers.

Carrier IQ officially claims:

“Carrier IQ is the leading provider of Mobile Service intelligence Solutions to the Wireless industry. As the only embedded analytics company to support millions of devices simultaneously, we give Wireless Carriers and Handset Manufacturers unprecedented insight into their customers’ mobile experience.”

Jason Gertzen, the spokesman of wireless carrier Sprint, claims in his mail:

It (Carrier IQ software) collects enough information to understand the customer experience with devices on our network and how to devise solutions to use and connection problems. We do not and cannot look at the contents of messages, photos, videos, etc., using this tool.

However, Sprint’s disclosed product patents and training material show Carrier IQ software collects network-related information, including voice and data services. It also collects other information, including device type, memory, battery, software, device location, keystroke information, and use history. Such information is uploaded to Carrier IQ’s server for statistical analysis. Based on IMEI or IMSI, Carrier IQ can gather history records, so users’ privacy is completely exposed to Carrier IQ and its wireless carriers.

Verizon and Sprint pre-installed Carrier IQ software in several types of phones, involving Android, Symbian and BlackBerry platforms. It is said that more than 141 million mobile phones have been infected. Several well-known custom-built ROM providers, such as CyanogenMod, also use this software.

After the scandal, Carrier IQ claimed Trevor Eckhart use and backup its training materials, which infringes its rights. So, Carrier IQ sent a strongly worded cease-and-desist letter to him. However, some lawyers pointed out that Eckhart was exempted by U.S. copyright law. On November 24, Carrier IQ retracted the C&D, and re-emphasized:

“(This application) does not record your keystrokes; does not provide tracking tools; does not provide real-time data reporting to any customer… Our software is designed to help mobile network providers diagnose critical issues that lead to problems such as dropped calls and battery drain.”

About This Report

Antiy Labs analyzes the event and samples in depth, and draw some conclusions on Carrier IQ Trojan.

  • Carrier IQ Trojan is found in several custom-built ROM;
  • It is found in some mobile phones in China;
  • It is composed of several modules that are pre-installed into ROM;
  • It collects information on current mobile network;
  • It contains privacy stealing codes;
  • It contains codes that upload privacy to specified server;
  • Once executed, it would start a service;
  • Once executed, it would trigger the uploading codes;
  • It uploads privacy to specified server when receiving specific-formatted SMS or WAP push messages;
  • It is found in trial software on 3 platforms: Android, Symbian, and BlackBerry;
  • CarrierIQ’s product training materials indicate its software collects user privacy;
  • CarrireIQ can inquire information on specified phones and users, and get all detailed uploaded privacy.

The full analysis report can be downloaded from here.