Carrier IQ isn't the problem, it's HTC and Sprint
There has been a lot reported about the low-level root-running Carrier IQ that is shipped with your HTC EVOs and is completely unmanageable by the end users (us).
But Carrier IQ is, most likely, not at fault. You've seen their corporate response a couple of times now, in which they've very nicely said that their customers can opt out (even though people have pointed out that we have no ability to do this) and what they do with the software is up to them.
Something to remember, however, is that you are not Carrier IQ's customer. HTC, Sprint, and Verizon are their customers, presumably along with other carriers.
Sprint and HTC have done a remarkable job of letting Carrier IQ dangle out there as the big evil while not saying much of anything (and at one point denying it even existed), probably because they're trying to live down lots of embarrassment from the past couple of months, and Carrier IQ has not really been pointing fingers directly at what I assume are the companies that sign their paycheck.
It's also probably worth noting that Carrier IQ as it exists on your phone is not how they built it. It's been stripped of the opt-out option, hidden by HTC, and runs transmitting who knows what to the carrier's portal, or potentially a third-party site.
Right now we've been lucky that the rootkit that CIQ has become has not been compromised and exploited to send all of our information to Kazakhstan, or perhaps used to yank photos off of our phones, but where there's a will, there's a way.
HTC shipped bootloaders that have been repeatedly defeated. There's always something someone missed in millions of lines of code. How long before CIQ is exploited to, perhaps, send all of your information repeatedly to Sprint while signaling everyone in your contact list the codes, which supposedly can be transmitted via text message, to do the same? That would overload the already dead-horse that 3G on Sprint has become as of late.
What do you do when you have an exploit of that magnitude?
AT&T once stated that jailbreaking iPhones could lead to towers becoming compromised and the end of cell service as they knew it. Sprint has stated that rooting your phone to remove that software is grounds for termination. HTC put a root-level hidden process (CIQ) that you can speak to via any medium it transmits or receives data.
Carrier IQ is not going to know what to patch until the hack comes. If we're lucky, someone will hand them all the information they need to patch their product, and they'll give it to their customers, and their customers will create an OTA update, and their customer's customers (us) will get it before someone decides to hit every Sprint/HTC/CIQ-loaded phone out there.
It's also important to understand this: if you compromise an application and take it over, you have the rights that application has. This means that if I develop a method to compromise an application with the ability to make calls, well, I can make calls too. If I hack an application that can write to the SD card, I can probably destroy everything on the SD card.
If I hack and gain control of a root process, I can do most anything, and at that point if I decide you don't have a phone, then you don't have a phone. As creepy as a bunch of random people having all the information on my phone may be, destroying a whole product line in one fell swoop would be an epic disaster, and that's something Sprint really needs to prepare for if they keep CIQ running as a root process.
Whether you're rooted or not, have CIQ or not, this affects you. It's not something to lose sleep over, but it is something to wonder why our beloved carrier isn't doing something simple about, such as not running it as a hidden root process, allowing us to turn it off, strictly limiting the methods that CIQ is able to be activated, or releasing the source code so we can pick through it and determine it's unhackable.
Whatever the case, Sprint/HTC need to know this isn't right and address these issues instead of dismissing them, and Carrier IQ should probably re-craft their generic response and just say "we wrote it, Sprint/HTC bought it, they chopped it up, you got it from them, call Sprint."
