Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sprint Orders All OEMs To Strip Carrier IQ From Their Phones

Posted by Soulskill on from the don't-want-the-bad-pr dept.

An anonymous reader writes with a report that Sprint, in an attempt to extricate itself from the Carrier IQ drama, has "ordered that all of their hardware partners remove the Carrier IQ software from Sprint devices as soon as possible." Sprint confirmed that they've disabled the use of Carrier IQ on their end, saying, "diagnostic information and data is no longer being collected." The software is currently installed on roughly 26 million Sprint phones, though the company has only been collecting data from 1.3 million of them.

20 of 156 comments (clear)

  1. Sounds cool by Toe,+The · · Score: 5, Insightful

    I am currently on the fence trying to decide between Sprint and Verizon. I think Sprint just tipped me to their side with this.

    1. Re:Sounds cool by gman003 · · Score: 4, Informative

      Uh, unless something's changed, Verizon never had CarrierIQ to begin with. If you're concerned about it, I think "never did it" trumps "stopped doing it when they got caught".

    2. Re:Sounds cool by DriedClexler · · Score: 3, Insightful

      Oh yeah, I'm totally sure Verizon made sure OEMs kept CarrierIQ off all their phones and, where that wasn't possible, deleted all such information as it arrived, since they would never use data that could be sold at a tremendous profit or alert them to network problems.

      *jerk-off gesture*

      --
      Information theory is life. The rest is just the KL divergence.
    3. Re:Sounds cool by Tanktalus · · Score: 4, Insightful

      Well, that depends. On why Verizon never had CarrierIQ.

      If it's because "we looked at it, and thought it a gross violation of our customers' privacy" then, yes, "never did it" trumps.

      However, if it's because Verizon has not yet managed to get the required hardware to support the volume of data that CarrierIQ produces, combined with the analytics systems required to make bottom-line-driven decisions with that information, then, no, "never did it (yet)" does not trump. In fact, it loses, big time. Sprint, having gone down that road, sunk a bunch of money on it, and abandoned it, is the clear winner as they're unlikely to do it a second time. Verizon may still be looking at implementing it/rolling it out.

      I'm not saying that's the case. I'm saying it's a possible scenario that fits with the known facts (very few in this thread) where "never did it" does not trump "stopped doing it". I don't have any idea how likely either scenario is.

    4. Re:Sounds cool by Lunix+Nutcase · · Score: 3, Insightful

      And your evidence that they ever used it is where? Oh right, you don't have any.

    5. Re:Sounds cool by msauve · · Score: 4, Funny

      "what's to say that they don't have a homegrown version of software that does the exact same thing"

      Based on their website, if they did I would feel secure that it didn't work properly.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    6. Re:Sounds cool by Andy+Dodd · · Score: 3, Insightful

      Maybe the fact that if they did have such software, people would have found it?

      Seriously, it isn't like people just "discovered" CarrierIQ hiding a few weeks ago - the only thing new is that it made it to the right news outlets and the news went viral.

      Developers on XDA have been aware of CIQ (and removing it when found in custom ROMs) for months. If Verizon had anything even remotely similar, people would have found it by now.

      --
      retrorocket.o not found, launch anyway?
    7. Re:Sounds cool by ColdWetDog · · Score: 4, Funny

      And even if they didn't use CarrierIQ, what's to say that they don't have a homegrown version of software that does the exact same thing?

      If Verizon tried to home brew software as complex as CarrierIQ, their phones wouldn't even boot up.

      Not a chance.

      --
      Faster! Faster! Faster would be better!
    8. Re:Sounds cool by scubamage · · Score: 3, Interesting

      I've been a long time Sprint customer. About 10 years ago, the experience was pretty miserable - they screwed up my account numerous times. But I stuck through it. Now, I honestly wouldn't go elsewhere. They still offer true unlimited data, they're getting better handsets, and their support has gotten much, much better. Sadly they cancelled their premier rewards program this past year, but I honestly never used any of the benefits. They're, on the whole, the most pleasant of the carriers I've had to deal with.

    9. Re:Sounds cool by DriedClexler · · Score: 3, Insightful

      Sorry, just going by CarrierIQ's own self-pimping about how many phones have their rootkits. Simple pigeonhole principle says that if they have their crap on umpteen million phones, then even if all of Sprint and AT&Fee's phones have it, some of Verizon's must as well.

      --
      Information theory is life. The rest is just the KL divergence.
    10. Re:Sounds cool by liquidhokie · · Score: 4, Interesting

      When this whole CarrierIQ thing got started, I thought this was simply a diagnostic tool, yet conspiracy theorists were going to jump all over the "...but they could" aspects of the system. I also thought it was a shame, since the carriers and manufacturers ought to be able to monitor the system so they can improve it.

      Your post has made me re-think all of my notions. I don't believe any nefarious purpose was afoot-- this was a tool intended to diagnose infrastructure and device performance. However, installing it as a rootkit is a bad call. It provides a vehicle for malware, and a description of its operation-- however technically accurate it migh be-- touches too many evil buzzwords. Such a tool, while useful, is eventually too easy to turn into a PR nightmare (obviously). Then throw the malware hijacking aspect in for good measure.

      Verizon does it right, at least as we see it now. Those vans do a great job of real-world testing, where their test equipment is gathering the same metrics as CarrierIQ's software, but with test data nobody will whine about.

      But...

      ...couldn't those vans also spy on every packet going through the cell they were testing? I'm not suggesting they are, or if that would be on any use. But they certainly have the necessary equipment in those special vans. Paint the vans black... and... wow, I don't want to think about it.

    11. Re:Sounds cool by scubamage · · Score: 4, Insightful

      A separate out-of-band piece of hardware running snmp is common place in carrier's, and in high end systems. How else do you think cable carriers control set top boxes? Its defined by packetcable and docsis specs. How else do you think iLOM, aLOM, iLO, and DRAC can provide SNMP statistics for the boxes they're embedded in? Read more before you call someone an idiot. SNMP is frequently used out of band, specifically when you don't want an end user to be screwing with things. Try working in a fortune 500 carrier and you'll learn a bit more about it.

    12. Re:Sounds cool by fdrebin · · Score: 3, Insightful

      "what's to say that they don't have a homegrown version of software that does the exact same thing" Based on their website, if they did I would feel secure that it didn't work properly.

      Based on having worked for Verizon in software development, I can assure you that it's a miracle when almost anything works properly.
      The really sleazy types were the marketing and management types. The stories I could tell... I feel unclean just thinking about it.

      --
      Stupidity... has a habit of getting its way.
  2. Carrier IQ by Dan+East · · Score: 4, Interesting

    I'd hate to work for and / or have a stake in Carrier IQ. Talk about going down in a massive ball of flames overnight! Simply put, that company, at least by name, will have to cease to exist. No one would dare want that name associated with their devices.

    --
    Better known as 318230.
    1. Re:Carrier IQ by CSFFlame · · Score: 3, Insightful

      And if they'd actually behaved when they made the release version they would have been fine (no GPS, keylogging, website logging, or SMS reading and they would have been fine.

  3. Price Change Coming? by crow_t_robot · · Score: 3, Insightful

    I wonder if this will result in a price hike since they will be losing all this juicy customer data that they may have been selling to "market research" vultures.

  4. Exactly my first thought by Anonymous Coward · · Score: 5, Interesting

    That was my first thought when I read the headline: what have the replaced it with?

    They're apparently doing this in order to avoid being dragged in front on Congress and not out of any sort of altruism. (OK, so no one thought they were doing it out of altruism, but you may have thought they were trying to avoid alienating customers. Nope. They just want Congress to drop the issue.)

    The article itself makes it pretty clear that they expect that Sprint is simply going to switch to some other software. It's kind of like how the iPhone "doesn't run CarrierIQ as of iOS 5." Well, of course it doesn't - Apple moved all of that stuff into iOS 5 itself. It's built-in to the OS now. All that CarrierIQ information is still gathered, and still sent back to Apple.

    But that's OK. Remember when people were upset about the iPhone tracking you? That's a "feature" in iOS 5. Essentially, by allowing you to "track" yourself and your friends, Apple managed to turn "we constantly track and record your location" into a bullet point feature. (Not joking! Yes, you have to "opt in" to be allowed to see the data that Apple gathers about you. That's nice. They still gather it if you have the features turned off, you just aren't allowed to use that data yourself.)

    So I fully expect that a couple of weeks after the "remove CarrierIQ update" is released, security researchers will discover Sprint phones now come with some new software with a different name that does the exact same thing.

  5. Hands in the Cookie jar? by bobbied · · Score: 4, Insightful

    I think they just got caught with their hand in the cookie jar and wisely decided to let go of the cookie. I'm guessing that their corporate lawyer types who are dealing with the lawsuits recommended this happen ASAP and management is following their lawyers'' advice. The question now is will all the crumbs laying around lead to them being punished or just sent to bed without dinner.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  6. Looks like AT&T too by Andy+Dodd · · Score: 3, Informative

    While Sprint has been the largest user of CarrierIQ, with the most invasive CIQ installations in devices, AT&T was starting to put it on their phones too. For example, the Samsung Infuse 4G Gingerbread leaks from September to November carried a CIQ installation that was quite invasive. All evidence of CIQ is gone from the latest UCKL2 leak.

    Similarly, while the original UCKH7 build for the Galaxy S II did not have CIQ, all leaks from October and November had it start to appear - but it was removed before the official UCKK6 update that just started getting rolled out to users earlier this week.

    Carrier IQ (the company) = smoking crater. Their largest user is dropping them like a hot potato, and their fastest growth market (AT&T devices) is also ditching them.

    Canadians are still screwed - Rogers seems silent in terms of CIQ. They actually had the balls to claim they don't use it, even though it was clearly there in the UXKG3 firmware release for the Samsung Infuse in that country.

    --
    retrorocket.o not found, launch anyway?
  7. I wouldn't trust VZW by DragonHawk · · Score: 3, Interesting

    Uh, unless something's changed, Verizon never had CarrierIQ to begin with.

    Unless something's changed, VZW has denied using CarrierIQ, but has refused to explain why CarrierIQ was found to be connecting to servers with "vzw" in their names.

    As a VZW customer, I'd be shocked if VZW wasn't doing something nefarious when it comes to customer monitoring. I'd also fully expect them to then lie about it.

    Note well: This doesn't mean I'd trust Sprint (or AT&T or T-Mobile or whoever) over VZW. I wouldn't trust any of them.

    --

    dragonhawk@iname.microsoft.com
    I do not like Microsoft. Remove them from my email address.