On Sunday, we ran an extensive report on the problems surrounding a Mountain View-based company called Carrier IQ, which has been discovered as installing software on smartphones from multiple carriers and manufacturers.
As it is, the weekend has opened up even more cans of worms. Of course Carrier IQ denies responsibility dumping the blame over to the carriers themselves. Those guys clearly wouldn't take that, would they?
AT&T has confirmed that its mobile handsets use the software — but only for legitimate services and quality-related purposes …
Ooh, that's a big one. But it's just one company, right?
Sprint, who has also confirmed that its handsets use the software but only for legitimate services. Sprint, however, is more willing to talk about things than AT&T. Speaking to Computer World, spokeswoman Stephanie Vinge-Walsh said Sprint uses Carrier IQ's data to work out how handsets are performing and to identify problems sooner: "We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool … The information collected is not sold and we don't provide a direct feed of this data to anyone outside of Sprint."
Oy. Still, that's just two, right?
T-Mobile has also admitted to using Carrier IQ as a diagnostic tool, in a similar way to Sprint … TMoNews has published a screenshot from an alleged internal T-Mobile document which notes that the tracking software is "currently deployed on some of the following T-Mobile devices" …
- HTC Amaze 4G
- Samsung Galaxy S II
- Samsung Exhibit II 4G
- T-Mobile myTouch by LG
- T-Mobile myTouch Q by LG
- LG DoublePlay
- BlackBerry 9900
- BlackBerry 9360
- BlackBerry 9810
OH COME ON ALREADY! Verizon has "claimed" that none of their phones have the problematic software installed, but there's one way to know for sure.
Anyway, all this led Senator Al Franken, chair of the Senate subcommittee on Privacy, Technology and Law, to demand Carrier IQ give up all the 411 by December 14th. How would they play along with that?
Andrew Coward, Carrier IQ: When a piece of information is sent to us from the operation system, we do not need it to go through that log file. There is no value to us in reading a keylog file, that's not how our software works.
The Verge: That is not your log file?
Coward: That logfile is not our logfile. It's a standard, Android system logfile. What goes in that logfile is up to the manufacturer. …So, you would hope in a shipping device, you wouldn't get very much information to go in there.
The Verge: […] I'm trying to understand why a manufacturer, in order to give you certain information, is actually logging keystrokes. I want to separate those two things. It's logging it, putting it into this file, and then giving it to you?
Coward: What should be happening, is it should just be giving it to us through the API. What appears to be happening is that it's giving it to us and making a copy of what it gave to us in the log file.
That seems legit, right? Nobody would have a problem with that explanation, right?
Just a day after the Senate launched an investigation into the debacle, Carrier IQ, Samsung and HTC have been nailed with class action lawsuits that could cost them hundreds of millions of dollars.
As we expected, the plaintiffs go after Carrier IQ as well as Samsung and HTC for violating the Federal Wiretap Act. The suits allege that as customers were using their phones, the handset makers were surreptitiously monitoring and collecting private information without permission. If they lose, the companies could face penalties of $100 for every day that violation took place. Ouch. So far no carriers have been targeted by suits, but that can't be a long way off.
Wow … that's a lot going on. Komplicated is reluctantly powered by Android phones, acknowledging the laundry list of security issues, which we skirt by accepting that our contacts are "out there" and keeping any sensitive files off the drives. We wish we had more good news to tell you, but we're following this story closely.