Over the past few weeks the Carrier IQ PR firestorms has died down, and the dialog has evolved from initial speculation of a ‘rootkit’ to objective evaluations of what personal data is collected, and when. One of the most informative examples of the latter is Peter Eckersley’s December 13th overview at the EFF of Carrier IQ’s software architecture – recommended reading for more technically curious readers out there.
In developing Carrier IQ Detector, we discovered very similar results to those published by the EFF. The take-home message is that determining whether or not a device has an active instance of Carrier IQ is a very nuanced subject, with dependencies on software developed by Carrier IQ, handset manufacturers (also referred to as OEMs), mobile operators, and chipset manufacturers. After individually inspecting a number of handsets that cut across a variety of US carriers and OEMs, we decided to develop our detector to report positive detections of Carrier IQ if a single relevant file is found. This approach brings with it both an upside and downside:
- Upside: It provides the broadest detection reach possible
- Downside: Our detector registers the presence of Carrier IQ in some cases where the software is not active
After hearing from some of our customers that this specific nuance of the detector wasn’t clear, we’ve updated the app description to make sure this point is emphasized.
Recently major US mobile operators have responded to criticisms over the use of Carrier IQ software through public statements that directly address questions regarding the scope and impact of their deployments:
- Verizon stated that it does not use Carrier IQ software on its phones, and our data appears to confirm this. The very small number of positive detections we received for Verizon devices can be traced to two specific devices, which means that they likely have incomplete and/or inactive instances of Carrier IQ software.
- Sprint and AT&T provided insight into their specific use of Carrier IQ’s software. In addition, Sprint has since announced that they will be disabling its use moving forward.
- T-Mobile provided information on the number of specific devices that contain Carrier IQ software, along with estimates of the number of customers affected.
Along with recent information detailing the actual capabilities of Carrier IQ’s software, these statements have been very useful in developing a bigger picture of the issue.
Carrier IQ Detector Results
In the 5 weeks that Carrier IQ Detector has been on the Android Market, it’s been downloaded over 200,000 times. We’re amazed by the sheer amount of interest, and it significantly exceeds any of our initial estimates, but it points to the importance that users are increasingly placing on the security and privacy of their mobile devices.
As a part of releasing Carrier IQ Detector, we incorporated an option for users to anonymously submit the results of their scan to us. Thanks to the nearly 60,000 users who have chosen to submit their results, we’ve gained a unique perspective on the topic that we’re sharing here. For the results below, it’s important to remember that positive detections were triggered by finding any Carrier IQ file on a device, regardless of whether or not the entire Carrier IQ stack is present and/or active.
We received nearly 60,000 submissions from users, but the insights below focus on results received for Version 1.1 of the Detector, which improved detection accuracy for a number of specific device types and operators. While the total rate of Carrier IQ detection did not noticeably change between versions, we’d like to err on the side of caution when segmenting this data into smaller groupings.
Detections By Popular Devices
This was the first question we wanted to answer: are there specific device types that show higher instances of Carrier IQ than others? Consistent with reports from handset manufacturers, our results show that there are a number of popular devices that account for high number of detections.
Top 20 Devices Reported (By Detection Rate)
Detections By Carrier
Our second question: what percentage of devices on US carriers have Carrier IQ software installed? The data we gathered was extremely consistent with the public statements detailed above from mobile operators.
Note: It’s important to remember that positive detections are triggered by finding any Carrier IQ file on a device, regardless of whether or not the entire Carrier IQ stack is present and/or active. As an example, the 72 positive detections reported for Verizon devices are tied to two specific devices: the Samsung Galaxy Tab and HTC Droid Eris.
Top US Carriers (By Detection Rate)
Lastly, we wanted to understand the level of International impact. The Carrier IQ story has been largely domestically focused to-date – is that focus supported by the data? While the majority of results were submitted by US users, there is a fairly large group of International users that used the detector as well.
Top 20 Countries Reported (By Detection Rate)
While at first it may appear that Carrier IQ is installed across a broad range of International devices and carriers, on closer inspection it is actually a small number of specific devices that drive our international detections. The Samsung Galaxy Tab alone represents 57% of international detections.
Top International Contributing Devices (By Total Detections)
The amount of interest from our users on the subject of Carrier IQ has been incredible, and we’re happy to share the data they’ve voluntarily submitted to us. In general, we found that this data is consistent with disclosures and public statements from carriers and handset manufacturers. Based on all the evidence provided to-date, we still do not classify Carrier IQ as malware, and for a variety of reasons our software does not remove it from devices. That said, we’re happy to see that consumers are becoming increasingly aware of mobile privacy issues, and we’ll continue to be committed to helping them better understand mobile risks and security threats.