The carrier has disabled Carrier IQ's software and reportedly instructed all of its hardware partners to no longer build the software into Sprint handsets.

Mathew J. Schwartz, Contributor

December 19, 2011

5 Min Read

10 Companies Driving Mobile Security

10 Companies Driving Mobile Security


10 Companies Driving Mobile Security (click image for larger view and for slideshow)

Sprint is rethinking its relationship with smartphone monitoring software vendor Carrier IQ.

Notably, Geek.com reported Friday that a source at handset manufacturer HTC said Sprint had requested that all of its device manufacturers "remove the Carrier IQ software from Sprint devices as soon as possible."

Reached for comment, a Sprint spokeswoman said Monday that the company wouldn't comment on rumors. "I can tell you that we have weighed customer concerns and we have disabled use of the tool so that diagnostic information and data is no longer being collected," she said. "We are further evaluating options regarding this diagnostic software as well as Sprint's diagnostic needs."

She also emphasized that at no time had Sprint used Carrier IQ to do anything more than collect performance data. "Sprint has not used Carrier IQ diagnostics to profile customers, to serve targeted advertising, or for any purpose not specifically related to certifying that a device is able to operate on our network or to otherwise improve the customer experience or our network operations," said the spokeswoman.

The apparent breakup of the Sprint and Carrier IQ relationship has stemmed from the ongoing controversy over Carrier IQ's software, which is used to monitor the performance of both the carrier's networks, as well as smartphones--particularly for resolving problems with reception, battery life, or crashing devices.

But since security researcher Trevor Eckhart discovered the software operating on handsets inside the corporate network he manages, and publicly started releasing research into how the software operates, Carrier IQ has experienced an ongoing public relations fallout.

Carriers haven't been immune either. Sprint was criticized for failing to come clean quickly about what Carrier IQ was doing on its devices. Furthermore, Carrier IQ and many of its carrier and manufacturer customers have been called to account for what the software was doing, thanks to multiple class-action lawsuits. Sen. Al Franken (D-Minn.) sent the company and six of its customers detailed questions about what types of data they were collecting, and Rep. Edward Markey (D-Mass.), wrote to the Federal Trade Commission, urging it to investigate Carrier IQ.

[Carrier IQ has its defenders. See Carrier IQ Data Collection Technically Legit, Say Researchers.]

Samsung, as part of its detailed response to Franken's questions, said that it began installing Carrier IQ's software on devices in November 2007. Of the handsets manufactured by Samsung, the Carrier IQ software is present on 28 Sprint handsets, two T-Mobile handsets, four Cricket handsets, and one AT&T handset. Approximately 25 million Samsung cell phones, in total, have the software built in. Samsung also said that it doesn't have access to any of that data.

AT&T, in its response to Franken, said that "AT&T uses CIQ software only to collect diagnostic information about its [AT&T's] network to improve the customer experience." According to the letter, "AT&T must collect operational data that can point to possible network upgrades, including improved call completion rates."

All told, AT&T said that Carrier IQ software resided on about 1% of its handsets. It said it first began using the software for RIM devices in February 2011, and Android in March 2011. Currently, the software is on 11 AT&T wireless devices, including the Pantech Pocket and the Motorola Atrix 2. In addition, the software is part of AT&T's Mark the Spot (MTS) application, which is a free download for Android and RIM devices. The same application, which is designed to allow users to report problems, is available for Apple iPhone and was first introduced in December 2009, but doesn't include the Carrier IQ software, said AT&T.

Sprint, in its response to Franken, echoed AT&T's comment that it needed tools for monitoring network quality. "Sprint recognizes that it is fair to ask whether the data collecting using Carrier IQ software goes beyond 'technical diagnostics information,' and Sprint's answer is unequivocally no."

Prior to Sprint's decision to stop collecting diagnostic information using Carrier IQ software, the company said that the software was installed on about 26 million Sprint handsets, although Sprint was only collecting data from 1.3 million of those. In addition, it said that 30,000 at a time might be queried to provide data for a specific performance-related research request.

Sprint first began using Carrier IQ's software in 2006, and today the software is preinstalled on Sprint devices from a number of manufacturers, including Audiovox, Franklin, HTC, Huawei, Kyocera, LG, Motorola, Novatel, Palmone, Samsung, Sanyo, and Sierra Wireless.

Last week, Carrier IQ also supplied answers to Franken's questions, while two of its executives visited Washington, meeting with Franken's staff--among other legislators and regulators--to reassure them that the software was designed to only collect performance data, and not to track users.

For the 15th consecutive year, InformationWeek is conducting its U.S. IT Salary Survey. Upon completion of the survey, you will be eligible to enter a contest for prizes including a Bravia HDTV or iPad 2, and get a link to download our report once it is published. Take the survey now. Survey ends Jan. 20.

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights