An Android security researcher, Trevor Eckhart, has found himself in a little bit of hot water after performing a deep dive into a pretty hidden mobile tracking software from Carrier IQ. He managed to figure out how the software worked and what it monitors, however, after delving into the software and publicising his findings he has seriously annoyed the company.
Carrier IQ has filed a cease-and-desist letter against Eckhart, stating he has committed copyright infringement by posting what would seem to be some of the company’s training materials in his post and that he has made “false allegations” about what their software does.
Never heard of Carrier IQ? Here’s a brief overview: Carrier IQ promotes themselves as the “leading provider of mobile service intelligence solutions,” their services are used by a number of players in the mobile space. The company’s main U.S. carrier partner is Sprint, and Eckhart has found that their tracking software on Android devices including HTC and Samsung among others.
Eckhart’s research has found that Carrier IQ is capable of monitoring everything from the phone location, what apps are installed and even the keys that you are pressing. Carrier IQ says that the information is collected to give carriers insight into how to improve the mobile users experience. It sounds like something that would help everyone, except Eckhart found that the software might possibly run without the user’s knowledge or consent, as was the case with the HTC phones he looked at.
Carrier IQ says that the data they collect is being handled responsibly, and Sprint goes on to say that they only collect information that helps them to understand their customers’ use experience.
“We do not and cannot look at the contents of messages, photos, videos, etc., using this tool,” a Sprint spokesman told CNET.
On top of taking down the training materials (which were freely available on Carrier IQ’s website), Carrier IQ also want Eckhart to publicly retract his findings and apologize to them. If Eckhart doesn’t do this, Carrier IQ is ready to take the matter to court. If they have any legal standing to do so.
Eckhart spoke to the Electronic Research Organisation for legal representation, and they didn’t think much of Carrier IQ’s chances should things get that far. Here’s part of the EFF’s response to Carrier IQ’s allegations:
“We have now had a chance to review your allegations against our client, and have concluded that they are entirely baseless. Mr. Eckhart used and made available these materials in order to educate consumers and security researchers about the functionality of your software, which he believes raises substantial privacy concerns. Mr. Eckhart’s legitimate and truthful research is sheltered by both the fair use doctrine and the First Amendment.”
We won’t have to wait long to see what the outcome of this is going to be, but the ball is in Carrier IQ’s court at present.