Sprint Orders All OEMs To Strip Carrier IQ From Their Phones

← Back to Stories (view on slashdot.org)

Sprint Orders All OEMs To Strip Carrier IQ From Their Phones

Posted by Soulskill on Friday December 16, 2011 @08:41AM from the don't-want-the-bad-pr dept.

An anonymous reader writes with a report that Sprint, in an attempt to extricate itself from the Carrier IQ drama, has "ordered that all of their hardware partners remove the Carrier IQ software from Sprint devices as soon as possible." Sprint confirmed that they've disabled the use of Carrier IQ on their end, saying, "diagnostic information and data is no longer being collected." The software is currently installed on roughly 26 million Sprint phones, though the company has only been collecting data from 1.3 million of them.

51 of 156 comments (clear)

Min score:

Reason:

Sort:

Sounds cool by Toe,+The · 2011-12-16 08:44 · Score: 5, Insightful

I am currently on the fence trying to decide between Sprint and Verizon. I think Sprint just tipped me to their side with this.
1. Re:Sounds cool by gman003 · 2011-12-16 08:47 · Score: 4, Informative
  
  Uh, unless something's changed, Verizon never had CarrierIQ to begin with. If you're concerned about it, I think "never did it" trumps "stopped doing it when they got caught".
2. Re:Sounds cool by tripleevenfall · 2011-12-16 08:55 · Score: 2
  
  They also offer truly unlimited data, versus all the other carriers and their bandwidth capping practices.
3. Re:Sounds cool by DriedClexler · 2011-12-16 08:59 · Score: 3, Insightful
  
  Oh yeah, I'm totally sure Verizon made sure OEMs kept CarrierIQ off all their phones and, where that wasn't possible, deleted all such information as it arrived, since they would never use data that could be sold at a tremendous profit or alert them to network problems.
  *jerk-off gesture*
  
  --
  Information theory is life. The rest is just the KL divergence.
4. Re:Sounds cool by Tanktalus · 2011-12-16 09:02 · Score: 4, Insightful
  
  Well, that depends. On why Verizon never had CarrierIQ.
  If it's because "we looked at it, and thought it a gross violation of our customers' privacy" then, yes, "never did it" trumps.
  However, if it's because Verizon has not yet managed to get the required hardware to support the volume of data that CarrierIQ produces, combined with the analytics systems required to make bottom-line-driven decisions with that information, then, no, "never did it (yet)" does not trump. In fact, it loses, big time. Sprint, having gone down that road, sunk a bunch of money on it, and abandoned it, is the clear winner as they're unlikely to do it a second time. Verizon may still be looking at implementing it/rolling it out.
  I'm not saying that's the case. I'm saying it's a possible scenario that fits with the known facts (very few in this thread) where "never did it" does not trump "stopped doing it". I don't have any idea how likely either scenario is.
5. Re:Sounds cool by Lunix+Nutcase · 2011-12-16 09:05 · Score: 3, Insightful
  
  And your evidence that they ever used it is where? Oh right, you don't have any.
6. Re:Sounds cool by Anonymous Coward · 2011-12-16 09:05 · Score: 2, Informative
  
  Oh yeah, I'm totally sure Verizon made sure OEMs kept CarrierIQ off all their phones and, where that wasn't possible, deleted all such information as it arrived, since they would never use data that could be sold at a tremendous profit or alert them to network problems.
  *jerk-off gesture*
  Uh... you're aware that CarrierIQ was a software package SOLD TO THE CARRIER, NOT THE HANDSET MANUFACTURER, right?
  
  So. Since Verizon never paid CarrierIQ for their data collections software, never ran their data collection servers... obviously they're just going to pirate the client software on their phones for shits and giggles, right?
7. Re:Sounds cool by froggymana · 2011-12-16 09:09 · Score: 2, Insightful
  
  And your evidence that they ever used it is where? Oh right, you don't have any.
  And even if they didn't use CarrierIQ, what's to say that they don't have a homegrown version of software that does the exact same thing?
  
  --
  "To prevent this day from getting any worse, I'll just read ERROR as GOOD THING" 1GJU8xLuDKDxEs4KLf8fAGyptoDsqvEsBT
8. Re:Sounds cool by _xeno_ · 2011-12-16 09:11 · Score: 2
  
  I have a pretty good idea why Verizon never used CarrierIQ. I'll bet you do, to, if you've watched any TV in the past several years. Or listened to radio. Or seen any billboards. Or really ever existed anywhere that Verizon advertises:
  "Can you hear me now?"
  Remember that?
  Verizon actively tests their network by driving around with special vans. They're so super-secret about it, though, that it served the basis of a national ad campaign with an obnoxious catch phrase.
  Somewhat ironically, the first comment on the last Slashdot story on them was asking why they didn't just use something like CarrierIQ.
  Turns out, there are some very good reasons why they might opt not to, and they have nothing to do with respecting privacy.
  
  --
  You are in a maze of twisty little relative jumps, all alike.
9. Re:Sounds cool by msauve · 2011-12-16 09:12 · Score: 4, Funny
  
  "what's to say that they don't have a homegrown version of software that does the exact same thing"
  
  Based on their website, if they did I would feel secure that it didn't work properly.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
10. Re:Sounds cool by Andy+Dodd · 2011-12-16 09:13 · Score: 3, Insightful
  
  Maybe the fact that if they did have such software, people would have found it?
  Seriously, it isn't like people just "discovered" CarrierIQ hiding a few weeks ago - the only thing new is that it made it to the right news outlets and the news went viral.
  Developers on XDA have been aware of CIQ (and removing it when found in custom ROMs) for months. If Verizon had anything even remotely similar, people would have found it by now.
  
  --
  retrorocket.o not found, launch anyway?
11. Re:Sounds cool by ColdWetDog · 2011-12-16 09:14 · Score: 4, Funny
  
  And even if they didn't use CarrierIQ, what's to say that they don't have a homegrown version of software that does the exact same thing?
  If Verizon tried to home brew software as complex as CarrierIQ, their phones wouldn't even boot up.
  Not a chance.
  
  --
  Faster! Faster! Faster would be better!
12. Re:Sounds cool by Local+ID10T · 2011-12-16 09:18 · Score: 2
  
  Based on their website, if they did I would feel secure that it didn't work properly.
  In my experience... everything Verizon offered worked well -at 2x the price of what I have now (MetroPCS -which works most of the time, but occasionally fails in frustrating ways.)
  Quality is not their failing -price is.
  
  --
  "You want to know how to help your kids? Leave them the fuck alone." -George Carlin
13. Re:Sounds cool by scubamage · 2011-12-16 09:23 · Score: 3, Interesting
  
  I've been a long time Sprint customer. About 10 years ago, the experience was pretty miserable - they screwed up my account numerous times. But I stuck through it. Now, I honestly wouldn't go elsewhere. They still offer true unlimited data, they're getting better handsets, and their support has gotten much, much better. Sadly they cancelled their premier rewards program this past year, but I honestly never used any of the benefits. They're, on the whole, the most pleasant of the carriers I've had to deal with.
14. Re:Sounds cool by scubamage · 2011-12-16 09:25 · Score: 2
  
  Are you serious? Have you ever heard of SNMP? I can communicate with an out of band hardware agent built into a server which will tell me literally every single thing about that box - often more than the box itself could tell me from inside the OS. Why would you believe that phones wouldn't have any similar capability? I know cable set top boxes have it, as do most modems. How else do you think they can "push down an update" to you? Its SNMP.
15. Re:Sounds cool by DriedClexler · 2011-12-16 09:27 · Score: 3, Insightful
  
  Sorry, just going by CarrierIQ's own self-pimping about how many phones have their rootkits. Simple pigeonhole principle says that if they have their crap on umpteen million phones, then even if all of Sprint and AT&Fee's phones have it, some of Verizon's must as well.
  
  --
  Information theory is life. The rest is just the KL divergence.
16. Re:Sounds cool by XanC · 2011-12-16 09:28 · Score: 2
  
  Tethered data IS data from the handset.
  I'm not saying it isn't unreasonable to charge; I'm saying it's unreasonable to call it unlimited.
17. Re:Sounds cool by Andy+Dodd · 2011-12-16 09:33 · Score: 2
  
  Note the word "demo" in two of the three domainnames there.
  CIQ almost surely tried to sell CarrierIQ to Verizon, and those hosts were likely part of their demo to Verizon.
  Whatever the reason for those hosts existing, not a single deployed Android handset on Verizon had the ability to send data to any of those hosts.
  
  --
  retrorocket.o not found, launch anyway?
18. Re:Sounds cool by liquidhokie · 2011-12-16 09:35 · Score: 4, Interesting
  
  When this whole CarrierIQ thing got started, I thought this was simply a diagnostic tool, yet conspiracy theorists were going to jump all over the "...but they could" aspects of the system. I also thought it was a shame, since the carriers and manufacturers ought to be able to monitor the system so they can improve it.
  Your post has made me re-think all of my notions. I don't believe any nefarious purpose was afoot-- this was a tool intended to diagnose infrastructure and device performance. However, installing it as a rootkit is a bad call. It provides a vehicle for malware, and a description of its operation-- however technically accurate it migh be-- touches too many evil buzzwords. Such a tool, while useful, is eventually too easy to turn into a PR nightmare (obviously). Then throw the malware hijacking aspect in for good measure.
  Verizon does it right, at least as we see it now. Those vans do a great job of real-world testing, where their test equipment is gathering the same metrics as CarrierIQ's software, but with test data nobody will whine about.
  But...
  ...couldn't those vans also spy on every packet going through the cell they were testing? I'm not suggesting they are, or if that would be on any use. But they certainly have the necessary equipment in those special vans. Paint the vans black... and... wow, I don't want to think about it.
19. Re:Sounds cool by inject_hotmail.com · 2011-12-16 09:52 · Score: 2
  
  Based on their website, if they did I would feel secure that it didn't work properly.
  In my experience... everything Verizon offered worked well -at 2x the price of what I have now (MetroPCS -which works most of the time, but occasionally fails in frustrating ways.)
  Quality is not their failing -price is.
  I think your hyphen key is stuck...either that, or you have some sort of weird variation of turrets...you might want to check that out...
20. Re:Sounds cool by neonKow · 2011-12-16 09:53 · Score: 2
  
  They control the towers. What on earth do vans do that the towers don't? And wouldn't they be testing PHONES inside the vans? Not setting up temporary towers? I don't know the details, but that just seems more likely.
21. Re:Sounds cool by scubamage · 2011-12-16 09:57 · Score: 4, Insightful
  
  A separate out-of-band piece of hardware running snmp is common place in carrier's, and in high end systems. How else do you think cable carriers control set top boxes? Its defined by packetcable and docsis specs. How else do you think iLOM, aLOM, iLO, and DRAC can provide SNMP statistics for the boxes they're embedded in? Read more before you call someone an idiot. SNMP is frequently used out of band, specifically when you don't want an end user to be screwing with things. Try working in a fortune 500 carrier and you'll learn a bit more about it.
22. Re:Sounds cool by fdrebin · 2011-12-16 10:09 · Score: 3, Insightful
  
  "what's to say that they don't have a homegrown version of software that does the exact same thing" Based on their website, if they did I would feel secure that it didn't work properly.
  Based on having worked for Verizon in software development, I can assure you that it's a miracle when almost anything works properly.
  The really sleazy types were the marketing and management types. The stories I could tell... I feel unclean just thinking about it.
  
  --
  Stupidity... has a habit of getting its way.
23. Re:Sounds cool by Dishevel · 2011-12-16 10:18 · Score: 2
  
  I have been a Sprint customer for 13 years now.
  Never had a problem with coverage. YMMV.
  Never had a bad customer service issue with them.
  But until very recently. (Last 2 or 3 years)
  They had shit phones. They worked but Verizon and ATT had all the newest shit.
  My friends on Verizon and T-Mobile were getting decent Android handsets before me.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
24. Re:Sounds cool by Anonymous Coward · 2011-12-16 10:41 · Score: 2, Insightful
  
  That probably explains why the last two LG phones we've had from Verizon had a habit of just shutting off mid-call for no reason.
25. Re:Sounds cool by drinkypoo · 2011-12-16 10:48 · Score: 2
  
  Just to be clear, the only long distance provider that didn't immediately roll over for the feds wanting wiretaps was Qwest. It wasn't Verizon. You think they don't tap your phone on demand, just like everyone else?
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
26. Re:Sounds cool by TooMuchToDo · 2011-12-16 11:34 · Score: 2
  
  The data usage profile of just a handset vs tethering with something like an iPad or a laptop are drastically different. You can either price the two data usages differently or price it based on worse-case scenarios and make it much more expensive for everyone.
27. Re:Sounds cool by mcrbids · 2011-12-16 16:24 · Score: 2
  
  For all the grandstanding about Verizon and "nothing works", the truth is that Verizon did manage to put together one of the best wireless networks out there. Perhaps that's more of a comment on the *other* carriers, but the other carriers DO use CarrierIQ.
  My beef with Verizon isn't their network, or their phones, but their billing department. If they could somehow manage to not make up stuff to put on their bills for me to pay, I might consider using them again. Alas, they couldn't get a bill to me to save their lives that was anything like accurate.
  And so, while my business cell phone is Verizon, my personal (family) cell phones are all Metro PCS, which provides acceptable service at not only good prices, but more importantly, consistent prices.
  
  --
  I have no problem with your religion until you decide it's reason to deprive others of the truth.
Sacrificial Lamb? by A10Mechanic · 2011-12-16 08:48 · Score: 2

Wonder if they're giving up Carrier IQ as a sacrificial lamb, while their other gathering program(s) lie safely tucked away. Old Gestapo trick. Shoot one of your own...
1. Re:Sacrificial Lamb? by Quanticfx · 2011-12-16 08:57 · Score: 2
  
  That would be interesting, but imagine the storm of criticism that would come about if the other program(s) is/are discovered. I think it would end up making them look even worse, unless the average person has forgotten about all this by then.
1.3M? Why Not All? by crow_t_robot · 2011-12-16 08:53 · Score: 2

Does this mean that 1.3million Sprint users are on some DHS watchlist?

Why wouldn't they collect "diagnostics" on all 26 million? If I were a data analyst looking for useful data to "improve user experience" (or whatever it is they say they use it for) then I want the largest data set possible.
1. Re:1.3M? Why Not All? by Tanktalus · 2011-12-16 09:06 · Score: 2
  
  The cost of both hardware and DB licenses for a system that can handle 500 Ktps (transactions per second) at peak vs 5-10 Mtps may be significant. If I'm looking for useful data to actually improve user experience, I don't need all of them, a sample is good enough, and if I keep the volume down, I can do it on much smaller hardware and thus much smaller cost for licensing to Oracle, DB2, whatever.
2. Re:1.3M? Why Not All? by nurb432 · 2011-12-16 10:03 · Score: 2
  
  Not doing them all and using only a 'small' sample, leads more creditability to the explanation of them capturing the data to improve the system.
  
  --
  ---- Booth was a patriot ----
Carrier IQ by Dan+East · 2011-12-16 08:56 · Score: 4, Interesting

I'd hate to work for and / or have a stake in Carrier IQ. Talk about going down in a massive ball of flames overnight! Simply put, that company, at least by name, will have to cease to exist. No one would dare want that name associated with their devices.

--
Better known as 318230.
1. Re:Carrier IQ by CSFFlame · 2011-12-16 09:00 · Score: 3, Insightful
  
  And if they'd actually behaved when they made the release version they would have been fine (no GPS, keylogging, website logging, or SMS reading and they would have been fine.
2. Re:Carrier IQ by Dynedain · 2011-12-16 09:13 · Score: 2
  
  "Ceasing to exist" translates to: they'll axe the dev teams, sell the codebase and senior management intact to another player in the business you probably haven't heard of.
  
  --
  I'm out of my mind right now, but feel free to leave a message.....
Price Change Coming? by crow_t_robot · 2011-12-16 08:58 · Score: 3, Insightful

I wonder if this will result in a price hike since they will be losing all this juicy customer data that they may have been selling to "market research" vultures.
Lucky me! by the+linux+geek · 2011-12-16 08:59 · Score: 2

It's nice to have a Blackberry through all of this. The WP7 users are probably pretty happy too.
Exactly my first thought by Anonymous Coward · 2011-12-16 09:01 · Score: 5, Interesting

That was my first thought when I read the headline: what have the replaced it with?
They're apparently doing this in order to avoid being dragged in front on Congress and not out of any sort of altruism. (OK, so no one thought they were doing it out of altruism, but you may have thought they were trying to avoid alienating customers. Nope. They just want Congress to drop the issue.)
The article itself makes it pretty clear that they expect that Sprint is simply going to switch to some other software. It's kind of like how the iPhone "doesn't run CarrierIQ as of iOS 5." Well, of course it doesn't - Apple moved all of that stuff into iOS 5 itself. It's built-in to the OS now. All that CarrierIQ information is still gathered, and still sent back to Apple.
But that's OK. Remember when people were upset about the iPhone tracking you? That's a "feature" in iOS 5. Essentially, by allowing you to "track" yourself and your friends, Apple managed to turn "we constantly track and record your location" into a bullet point feature. (Not joking! Yes, you have to "opt in" to be allowed to see the data that Apple gathers about you. That's nice. They still gather it if you have the features turned off, you just aren't allowed to use that data yourself.)
So I fully expect that a couple of weeks after the "remove CarrierIQ update" is released, security researchers will discover Sprint phones now come with some new software with a different name that does the exact same thing.
1. Re:Exactly my first thought by Andy+Dodd · 2011-12-16 09:55 · Score: 2
  
  I don't expect it... If Carrier IQ is replaced with anything on Sprint and AT&T handsets, it will be with something more visible to the user and less invasive, not less visible, with the ability for the user to turn it off.
  One of the primary reasons CIQ had such negative publicity was the fact that it was hidden from users and EXTREMELY difficult to turn off.
  Trying to replace CIQ with something else when the media and public are now aware of such things would be idiotic on an epic scale
  Firmware modders in XDA have been aware of CIQ and removing it whenever it was found for months - the only new development in the past few weeks is that the media finally picked up on it and enduser awareness of it increased because the media picked up on it.
  
  --
  retrorocket.o not found, launch anyway?
Hands in the Cookie jar? by bobbied · 2011-12-16 09:01 · Score: 4, Insightful

I think they just got caught with their hand in the cookie jar and wisely decided to let go of the cookie. I'm guessing that their corporate lawyer types who are dealing with the lawsuits recommended this happen ASAP and management is following their lawyers'' advice. The question now is will all the crumbs laying around lead to them being punished or just sent to bed without dinner.

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Re:Sprint by Anonymous Coward · 2011-12-16 09:02 · Score: 2, Informative

You get what you pay for.
Sprint - 2847GB/mo (limited by 4G connection speed/availability)
Verizon - 5GB/mo + overage charges
I'll take service over "customer care" any day.
Great! But... by flaming+error · 2011-12-16 09:09 · Score: 2

What about those of us who already have it on our existing phones? Any way to remove it, Sprint?
Looks like AT&T too by Andy+Dodd · 2011-12-16 09:21 · Score: 3, Informative

While Sprint has been the largest user of CarrierIQ, with the most invasive CIQ installations in devices, AT&T was starting to put it on their phones too. For example, the Samsung Infuse 4G Gingerbread leaks from September to November carried a CIQ installation that was quite invasive. All evidence of CIQ is gone from the latest UCKL2 leak.
Similarly, while the original UCKH7 build for the Galaxy S II did not have CIQ, all leaks from October and November had it start to appear - but it was removed before the official UCKK6 update that just started getting rolled out to users earlier this week.
Carrier IQ (the company) = smoking crater. Their largest user is dropping them like a hot potato, and their fastest growth market (AT&T devices) is also ditching them.
Canadians are still screwed - Rogers seems silent in terms of CIQ. They actually had the balls to claim they don't use it, even though it was clearly there in the UXKG3 firmware release for the Samsung Infuse in that country.

--
retrorocket.o not found, launch anyway?
meanwhile in an alternate universe by decora · 2011-12-16 09:27 · Score: 2

on shareholderdot.com, investors are furious that sprint has foregone such a significiant exploitation of revenue stream. after all, why else does sprint exist, if not to provide them with profit?
I wouldn't trust VZW by DragonHawk · 2011-12-16 09:31 · Score: 3, Interesting

Uh, unless something's changed, Verizon never had CarrierIQ to begin with.

Unless something's changed, VZW has denied using CarrierIQ, but has refused to explain why CarrierIQ was found to be connecting to servers with "vzw" in their names.
As a VZW customer, I'd be shocked if VZW wasn't doing something nefarious when it comes to customer monitoring. I'd also fully expect them to then lie about it.
Note well: This doesn't mean I'd trust Sprint (or AT&T or T-Mobile or whoever) over VZW. I wouldn't trust any of them.

--

dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
1. Re:I wouldn't trust VZW by b4dc0d3r · 2011-12-16 16:15 · Score: 2
  
  Was it actually connecting? What I read was that domains existed, implying that connections could be made. I'd really like to see some actual info about actual connections, because that might make me flip my opinions. Right now, all I have read is conjecture by financially incentivised parties.
Re:Now if they would only strip the other bloatwar by witherstaff · 2011-12-16 10:37 · Score: 2

I doubt the few people who complain don't nearly equate to how much nascar, amazaon, and others are paying Sprint for this.
Re:Bandwidth by gl4ss · 2011-12-16 10:48 · Score: 2

end users paid the transfers.
apparently it didn't even check how it was connected to the internet, imagine leaking that stuff over starbucks wifi.(not "shit easy" to do to check how you're connected.. but easy to do anyways, even without root).

--
world was created 5 seconds before this post as it is.
Re:Sprint by PNutts · 2011-12-16 12:42 · Score: 2

You get what you pay for.
Sprint - 2847GB/mo (limited by 4G connection speed/availability)
Verizon - 5GB/mo + overage charges
I'll take service over "customer care" any day.
I used to be a Sprint customer. I'll take the 5GB + overage charges.
argumentum ad ignorantiam by luis_a_espinal · 2011-12-17 00:58 · Score: 2

And your evidence that they ever used it is where? Oh right, you don't have any.
And even if they didn't use CarrierIQ, what's to say that they don't have a homegrown version of software that does the exact same thing?
http://en.wikipedia.org/wiki/Argument_from_ignorance