Lookout releases free Carrier IQ detection app
Sniffs out controversial software on Android smartphones, but doesn't delete it
Computerworld - A mobile security software company last Friday released a tool that detects Carrier IQ, the software embedded in numerous smartphones that has raised questions from users, privacy advocates and even Congress.
Lookout, best known for its Android security software by the same name, launched the free Carrier IQ Detector last week. It can be downloaded from the Android Market.
Lookout said that Carrier IQ was "deeply integrated with handset firmware [and] users would be required to attain special device privileges in order to remove it," then warned that doing so incorrectly could "put users at further risk of malware infection" and possibly make them unable to receive future phone updates.
The release of Carrier IQ Detector followed comments from Lookout last week that it would not classify the software as malware, and questioned the label "rootkit" for the tracking and network diagnostic program.
Tim Wyatt, a principal engineer with Lookout, refused to call Carrier IQ "malware," arguing that it just didn't fit the definition.
"Absolutely not," said Wyatt when asked if Carrier IQ was malware. "This is something that was pre-loaded by carriers, not downloaded by users," said Wyatt in an interview last week, arguing that because users hadn't been duped into launching a Trojan horse, Carrier IQ technically wasn't malware.
"It wasn't malware hidden inside an app, so it doesn't fit the Trojan pattern," Wyatt said. "All indications are that it is intended to improve user experience. What's at question is what data is sent to the carrier."
He acknowledged that Lookout and its users were worried about the privacy implications.
"We do have concerns about the data, and under what circumstances it's going out," Wyatt said, noting that his opinion was a reflection of the feedback his company had received from users. "We definitely think that users should be told, and have a choice of opting out in circumstances like this telemetry."
Other security researchers have said much the same.
In a blog post Monday, Dan Rosenberg, a consultant at Virtual Security Research, said that his analysis of Carrier IQ had not found any malicious intent.
"I have repeatedly stated that based on my knowledge of the software, claims that keystrokes, SMS bodies, email bodies, and other data of this nature are being collected are erroneous," said Rosenberg, who like Lookout, called for more transparency from Carrier IQ, handset makers and mobile service providers.
Lookout also called the "rootkit" label many have attached to Carrier IQ "a bit of hyperbole," with Wyatt adding that in the company's view, the software was not conducting "a criminal activity."
Some disagree. Both Congress and consumer advocates have asked the Federal Trade Commission, the Department of Justice and the Federal Communications Commission to investigate Carrier IQ and its practices. The Mountain View, Calif.-based Carrier IQ has also been hit with multiple lawsuits seeking class-action status.
And Carrier IQ's own marketing materials seem to undercut its most recent claims that the software is designed only to diagnose problems in smartphones and the mobile service provider networks they run on.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Lawmaker pushes consumer notification bill in wake of Carrier IQ concerns
- Goodbye 2011 ... What a year!
- Sprint disables Carrier IQ software on its handsets
- Iran tricked U.S. spy drone into landing in country, report says
- FBI never sought Carrier IQ data, director says
- Carrier IQ moves to allay fears of its tracking software
- FBI rejects FOIA request for Carrier IQ info
- Google's Schmidt calls Carrier IQ software a keylogger
- Carrier IQ downplays 2010 patent request
- 8 companies hit with lawsuit over Carrier IQ software
Read more about Mobile/Wireless in Computerworld's Mobile/Wireless Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Assessing ROI for Mobile Acceleration Clients This EMA® paper examines the business case for deploying mobile WAN optimization client software and builds a ROI model based on the experiences...
- The Apple-ization of the Enterprise: Understanding IT's New World Read this paper for how to tackle Apple-ization (and the related consumerization of IT and Bring Your Own Device/BYOD).
- A Practical Introduction to Enterprise Mobility Management Read the white paper to better understand the basic concepts within mobility management and to learn how you can apply EMM technology to...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the... All Mobile/Wireless White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!