Risk
3/1/2012
11:04 AM
Fritz Nelson
Fritz Nelson
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Carrier IQ Fights Back With Consumer Dashboard

Carrier IQ, attacked last year for monitoring cell phone user data, says it can help consumers gauge wireless phone performance--if carriers implement the app.

Carrier IQ Dashboard
(click image for larger view)
Carrier IQ Dashboard
Carrier IQ, the infamous company whose tracking software was derided as a rootkit capable of exposing user action and data, is back in the news. But this time it is proposing to give consumers their own data through a consumer dashboard, the company announced at Mobile World Congress this week in Barcelona.

Carrier IQ was once just an obscure company, working behind the scenes, its software installed on some 140 million phones and capable of tracking phone usage, mostly to provide mobile carriers with data critical to the operation of their networks. The software can detect dropped calls, signal strength, network utilization, and phone performance, as well as things like battery life and application performance--basically how the devices were performing on the network, and the gap between consumer perception and carrier perception.

The software was used by Sprint and AT&T, across multiple device types, and is now also used by T-Mobile and Cricket, said Andrew Coward, Carrier IQ's VP of Marketing and Product Management. While it might seem as if the carriers already have access to their network performance, they don't necessarily have it from the device's point of view. In fact, customer care agents, when helping customers, need to see what the user sees (for example, where the user was when a call was dropped). Naturally all of this data became important to the handset manufacturers as well, creating an entire ecosystem of parties interested in this data.

But then along came security researcher Trevor Eckhart's discoveries about how that data was being exposed, and the potential for privacy abuse. Specifically Eckhart saw that Carrier IQ's software was tracking all of the HTTP and HTTPS traffic from his HTC phone, in addition to phone numbers and the contents of incoming and outgoing SMS messages. Questions arose concerning whether this violated federal wiretap laws, and Carrier IQ allegedly threatened Eckhart for exposing information. Eckhart and others created some demonstration videos showing users how to disable Carrier IQ. Sprint even pulled Carrier IQ software from its devices.

Carrier IQ claims that the information Eckhart found wasn't really the company's fault; the mistake was in how the operators were deploying the tool. Since then, the company has issued a white paper, detailing how its technology works, and it has detailed the data it collects, in addition to allowing third-party inspection of its software and data, according to Coward.

In a way, then, it makes sense that Carrier IQ is trying to extend its tools to consumers--as if to say, we have nothing to hide, and in fact we're here to help. Carrier IQ announced a consumer dashboard of data, but it's really an API that allows mobile operators to create ways to expose the data to customers; a way to extend the carrier platform, IQ Care, to their customers.

[ See our complete Mobile World Congress 2012 coverage, live from the mobile industry's hottest event. ]

Coward said that it would be in the interest of these mobile operators, simply because it could help lower support costs, especially as customers now call their provider for help in solving phone issues, not just network problems. For example, about half of the phones that customers return to mobile operators have nothing wrong with them, and the process of having phones returned, troubleshooting the problems, and issuing new phones can be costly.

"The cost of support is so astronomically high that [the mobile operators] want customers to self help," Coward said. The operators want to "provide enough information such that consumers don't have to call them."

The Carrier IQ tool collects a huge volume of data, but its magic, Coward said, is in analyzing the data, which is where the company spends most of its resources. Every piece of data gets a traffic light-like rating (red, green, yelllow) for every aspect of performance--voice experience, data experience, battery life, application failure, all from the device point of view. If there's a battery life issue, the software can be used to determine if it's really the battery life or it's really an application that is draining the battery. All of this information is fairly simple to dive into and understand.

Another important aspect of the software is what Coward called a "dynamic normal." That is, all data is viewed through the lens of what's normal, or what's happening to others (within a network, with similar hardware, and so on). That version of normal changes over time, but the specific users' performance is compared back to this "dynamic normal."

While all of this seems especially enticing, and Carrier IQ should be applauded for being willing to expose its data, it will be up to the operators to make that happen, and doing so could be a double-edged sword. Forget whether users will really use such a tool (which is questionable), but imagine if the operator is experiencing dramatic delays or dropped calls and that information is getting exposed to the consumer … they'll have plenty to answer for.

Which is, perhaps, as it should be.

The Enterprise Connect conference program covers the full range of platforms, services, and applications that comprise modern communications and collaboration systems. It happens March 26-29 in Orlando, Fla. Find out more.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
llocat333
50%
50%
llocat333,
User Rank: Apprentice
3/2/2012 | 7:30:05 PM
re: Carrier IQ Fights Back With Consumer Dashboard
There are quite enough government agencies "tracking" cell phones. The "data" these people are 'collecting' belongs to the cell phone user.....Awwww, don't give me that crap about names are not used in the reporting to the carriers, because I don't even want them collecting such information, bbb-u-t, its their pipe and they have "legal" requirements to collect such data for "law enforcement".

Why anyone thinks this company has a platform worth money is ridiculous. As was mentioned in the article; the carriers already have the ability to perform this work(without the expense and exposure to their customers of 'another' third party).

-2- THUMBS DOWN!
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6212
Published: 2014-04-19
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2013-6215
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.

CVE-2013-6218
Published: 2014-04-19
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

Best of the Web