Carrier IQ points finger at Sprint
In light of the looming Senate hearing, Carrier IQ has issued another statement. It reads like their previous statements but now throws in a woman named Rebecca Bace from Infidel Inc, a supposedly respected security expert who claims that CIQ implementation does not by default record keystrokes or other personal information.
The company reminds us that Carrier IQ works and designs software for the carriers (Sprint, in our case) and once again goes into their advertisement about allowing the operators to determine why a call was dropped.
What they are saying is that the software in its default state receives all of this information (this video from TrevE shows it sending every bit of user input to the CIQ process), it does not record any of it by default. Now, they've sold this service to Sprint, and HTC, who claims they are not a customer or a partner of CIQ, has baked it into the kernel. I'm not sure if Bace's comment was on CIQ default from the factory, or Sprint and HTC's modified version.
I'll buy the assertion that CIQ doesn't record that stuff by default when it left HQ, but the problem is every single action on your phone is sent to the CIQ daemon. They may not have flipped the switch to record this information, but they very obviously can just by tasking the phone to do so.
It's more of the same, really. It's like the Three Stooges vs The Wiretapping Allegation. Sprint needs to direct HTC to get this out of the kernel and leave this business behind, or come out and show how putting a rootkit on our phones has actually improved call quality.
Every day I'm more and more glad I rooted my phone, voided my warranty, and can surf with some expectation of privacy. If I were a celebrity or a business that worried about industrial spies, I'd chuck anything with CIQ on it out the window.[BusinessWire]