Hidden AppsCarrier IQ and Privacy in Mobile Devices

Hidden Apps

Your device: The expectation of privacy

Hidden Apps

Hidden Apps

Most people take the privacy of phone service for granted.

Regulations provide our phone calls with an expected level of security.

With the widespread use of smartphones, the level of privacy we have on mobile devices is changing.

Hidden Apps

While phone calls are protected, apps and the data stored on smartphones are not protected in the same way.o Carriers often use network monitoring software without

the user’s knowledgeo Carriers are not specific as to what data is gatheredo Regulations protect some user data but not all

Hidden Apps

The most common way to gather private user data is through hidden apps. These are programs:o Generally run without the user’s knowledgeo Can be installed by the carrier, the manufacturer or by

a user looking for other functionalityo Are often completely legal, protected by end-user

license agreements with obscure and difficult language

Return to Menu

Their service:How hidden apps can be a threat

Hidden Apps

Hidden Apps

Carriers and app developers use hidden apps to collect various kinds of data.

This data can have legitimate purposes:o Improving quality of serviceo Identifying common trouble spots on cellular networkso Troubleshooting common user issueso Identifying hardware malfunctions and failures

Hidden Apps

However, some apps are either not developed with security as a priorty.

Recently, this has come to the forefront with Carrier IQ, a company that develops a hidden app for many major carriers to monitor networks and provide a “better user experience.”

Hidden Apps

Carrier IQ, in most configurations, is completely hidden from the user and cannot be disabled.

It collects:o Network performance informationo Hardware fault informationo All user interface events (what the user taps on or

selects)o All keystroke information from phone, SMS or web

browser

Hidden Apps

Apparently, Carrier IQ does not transmit information other than network performance and other anonymous data.

However, other apps could read the data because it is logged in a completely unprotected way.

Hidden Apps

This is a video demonstration by a developer of the potential abuses of Carrier IQ software:

Hidden Apps

Carrier IQ may not be transmitting this data, but that doesn’t mean other apps can’t read logfiles it creates.

The potential for abuse in the logs generated by Carrier IQ is immense.o Carrier IQ can see all traffic, even encrypted web traffic.o Carrier IQ could be compromised to collect users’ credit

card data, contacts, location or anything they type into a keyboard or touchscreen.

o Carrier IQ could presumably be used to infiltrate corporate or public networks.

Hidden Apps

An important note: As of this writing, no evidence

exists that proves Carrier IQ has been abused in any way.

However, the publicity generated by this issue virtually guarantees that it will, given enough time.

Return to Menu

Who is affected?Hidden Apps

Hidden Apps

Carrier IQ is currently known to be in use by the following carriers:

• Sprint• AT&T• T-MobileOther carriers have not yet responded to inquiries

about their use of this software.

Hidden Apps

• Android and Blackberry phones are the most likely to use Carrier IQ and are the most susceptible to security threats.

• Carrier IQ is only implemented in a limited way on Apple’s iPhone and will soon be removed completely through an iOS upgrade.

• Carrier IQ’s future is uncertain. US Congress and the FCC have inquired into the exact nature of their data collection and software.

Hidden Apps

Carrier IQ is only a single app in a much larger world.

All users are affected by the privacy concerns these issues have raised. Some platforms may be safer than others; all of us should be wary of the drawbacks any technology presents.

Hidden Apps

Many carriers have denied using Carrier IQ but this does not mean they don’t use a similar type of tracking software. Every carrier tracks users on their networks.

What is being tracked and how will we know our data is protected?

Hidden Apps

To learn more about this issue and read stories as they develop, visit the following links:o The Verge – Carrier IQ Controversyo CNN Moneyo All Things Digital

Return to Menu