Lookout releases free Carrier IQ detection app
Sniffs out controversial software on Android smartphones, but doesn't delete it
Computerworld - A mobile security software company last Friday released a tool that detects Carrier IQ, the software embedded in numerous smartphones that has raised questions from users, privacy advocates and even Congress.
Lookout, best known for its Android security software by the same name, launched the free Carrier IQ Detector last week. It can be downloaded from the Android Market.
Lookout said that Carrier IQ was "deeply integrated with handset firmware [and] users would be required to attain special device privileges in order to remove it," then warned that doing so incorrectly could "put users at further risk of malware infection" and possibly make them unable to receive future phone updates.
The release of Carrier IQ Detector followed comments from Lookout last week that it would not classify the software as malware, and questioned the label "rootkit" for the tracking and network diagnostic program.
Tim Wyatt, a principal engineer with Lookout, refused to call Carrier IQ "malware," arguing that it just didn't fit the definition.
"Absolutely not," said Wyatt when asked if Carrier IQ was malware. "This is something that was pre-loaded by carriers, not downloaded by users," said Wyatt in an interview last week, arguing that because users hadn't been duped into launching a Trojan horse, Carrier IQ technically wasn't malware.
"It wasn't malware hidden inside an app, so it doesn't fit the Trojan pattern," Wyatt said. "All indications are that it is intended to improve user experience. What's at question is what data is sent to the carrier."
He acknowledged that Lookout and its users were worried about the privacy implications.
"We do have concerns about the data, and under what circumstances it's going out," Wyatt said, noting that his opinion was a reflection of the feedback his company had received from users. "We definitely think that users should be told, and have a choice of opting out in circumstances like this telemetry."
Other security researchers have said much the same.
In a blog post Monday, Dan Rosenberg, a consultant at Virtual Security Research, said that his analysis of Carrier IQ had not found any malicious intent.
"I have repeatedly stated that based on my knowledge of the software, claims that keystrokes, SMS bodies, email bodies, and other data of this nature are being collected are erroneous," said Rosenberg, who like Lookout, called for more transparency from Carrier IQ, handset makers and mobile service providers.
Lookout also called the "rootkit" label many have attached to Carrier IQ "a bit of hyperbole," with Wyatt adding that in the company's view, the software was not conducting "a criminal activity."
Some disagree. Both Congress and consumer advocates have asked the Federal Trade Commission, the Department of Justice and the Federal Communications Commission to investigate Carrier IQ and its practices. The Mountain View, Calif.-based Carrier IQ has also been hit with multiple lawsuits seeking class-action status.
And Carrier IQ's own marketing materials seem to undercut its most recent claims that the software is designed only to diagnose problems in smartphones and the mobile service provider networks they run on.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Lawmaker pushes consumer notification bill in wake of Carrier IQ concerns
- Goodbye 2011 ... What a year!
- Sprint disables Carrier IQ software on its handsets
- Iran tricked U.S. spy drone into landing in country, report says
- FBI never sought Carrier IQ data, director says
- Carrier IQ moves to allay fears of its tracking software
- FBI rejects FOIA request for Carrier IQ info
- Google's Schmidt calls Carrier IQ software a keylogger
- Carrier IQ downplays 2010 patent request
- 8 companies hit with lawsuit over Carrier IQ software
Read more about Mobile/Wireless in Computerworld's Mobile/Wireless Topic Center.
- Tips for Driving User Adoption in New Technology Deployment Read this checklist on tips for driving user adoption to see where you stand.
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- Software Asset Management: Ensuring Today's Assets Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but...
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!