Sprint Orders All OEMs To Strip Carrier IQ From Their Phones 156
An anonymous reader writes with a report that Sprint, in an attempt to extricate itself from the Carrier IQ drama, has "ordered that all of their hardware partners remove the Carrier IQ software from Sprint devices as soon as possible." Sprint confirmed that they've disabled the use of Carrier IQ on their end, saying, "diagnostic information and data is no longer being collected." The software is currently installed on roughly 26 million Sprint phones, though the company has only been collecting data from 1.3 million of them.
Sounds cool (Score:5, Insightful)
I am currently on the fence trying to decide between Sprint and Verizon. I think Sprint just tipped me to their side with this.
Re:Sounds cool (Score:5, Informative)
Uh, unless something's changed, Verizon never had CarrierIQ to begin with. If you're concerned about it, I think "never did it" trumps "stopped doing it when they got caught".
Re: (Score:3, Insightful)
Oh yeah, I'm totally sure Verizon made sure OEMs kept CarrierIQ off all their phones and, where that wasn't possible, deleted all such information as it arrived, since they would never use data that could be sold at a tremendous profit or alert them to network problems.
*jerk-off gesture*
Re:Sounds cool (Score:4, Insightful)
And your evidence that they ever used it is where? Oh right, you don't have any.
Re: (Score:3, Insightful)
And your evidence that they ever used it is where? Oh right, you don't have any.
And even if they didn't use CarrierIQ, what's to say that they don't have a homegrown version of software that does the exact same thing?
Re:Sounds cool (Score:5, Funny)
Based on their website, if they did I would feel secure that it didn't work properly.
Re: (Score:3)
Based on their website, if they did I would feel secure that it didn't work properly.
In my experience... everything Verizon offered worked well -at 2x the price of what I have now (MetroPCS -which works most of the time, but occasionally fails in frustrating ways.)
Quality is not their failing -price is.
Re: (Score:3)
Based on their website, if they did I would feel secure that it didn't work properly.
In my experience... everything Verizon offered worked well -at 2x the price of what I have now (MetroPCS -which works most of the time, but occasionally fails in frustrating ways.)
Quality is not their failing -price is.
I think your hyphen key is stuck...either that, or you have some sort of weird variation of turrets...you might want to check that out...
Re: (Score:2)
I think your period key is stuck (those aren't actual ellipses).
Also, it's Tourette's [syndrome].
Re: (Score:2)
(and btw, I was just joking around mr. idiot loser)
Re:Sounds cool (Score:4, Insightful)
"what's to say that they don't have a homegrown version of software that does the exact same thing" Based on their website, if they did I would feel secure that it didn't work properly.
Based on having worked for Verizon in software development, I can assure you that it's a miracle when almost anything works properly.
The really sleazy types were the marketing and management types. The stories I could tell... I feel unclean just thinking about it.
Re: (Score:2)
Then tell! I'm interested.
Re: (Score:2)
Agreed. It's a Friday night, and I want to feel dirty.
Spill.
Re:Sounds cool (Score:4, Insightful)
Maybe the fact that if they did have such software, people would have found it?
Seriously, it isn't like people just "discovered" CarrierIQ hiding a few weeks ago - the only thing new is that it made it to the right news outlets and the news went viral.
Developers on XDA have been aware of CIQ (and removing it when found in custom ROMs) for months. If Verizon had anything even remotely similar, people would have found it by now.
Re: (Score:3)
Re:Sounds cool (Score:5, Insightful)
Re: (Score:2)
So - utterly and completely irrelevant.
Out of band or inband, tell me how they are able to monitor what is happening on an applications processor within the handset that has zero support for monitoring of that processor's memory by an external entity?
Re: (Score:2)
Re: (Score:2)
I'd mod you up but I already commented. I have seen a video of CIQ catching events. Nowhere does it show a log file, or what data is being stored, or what data is being sent. I have no doubt as to the potential for misuse of this software, based on the carrier's configuration for that install. But the guy has only shown the front end, nothing worth all fo this fuss.
And yes, he is selling something related. Unless he goes deeper and shows what's being logged, or sent, he deserves no money or recognition
Re:Sounds cool (Score:5, Funny)
And even if they didn't use CarrierIQ, what's to say that they don't have a homegrown version of software that does the exact same thing?
If Verizon tried to home brew software as complex as CarrierIQ, their phones wouldn't even boot up.
Not a chance.
Re: (Score:2, Insightful)
That probably explains why the last two LG phones we've had from Verizon had a habit of just shutting off mid-call for no reason.
argumentum ad ignorantiam (Score:3)
And your evidence that they ever used it is where? Oh right, you don't have any.
And even if they didn't use CarrierIQ, what's to say that they don't have a homegrown version of software that does the exact same thing?
http://en.wikipedia.org/wiki/Argument_from_ignorance [wikipedia.org]
Re: (Score:2)
Re:Sounds cool (Score:4, Insightful)
Sorry, just going by CarrierIQ's own self-pimping about how many phones have their rootkits. Simple pigeonhole principle says that if they have their crap on umpteen million phones, then even if all of Sprint and AT&Fee's phones have it, some of Verizon's must as well.
Re: (Score:2, Informative)
Oh yeah, I'm totally sure Verizon made sure OEMs kept CarrierIQ off all their phones and, where that wasn't possible, deleted all such information as it arrived, since they would never use data that could be sold at a tremendous profit or alert them to network problems.
*jerk-off gesture*
Uh... you're aware that CarrierIQ was a software package SOLD TO THE CARRIER, NOT THE HANDSET MANUFACTURER, right?
So. Since Verizon never paid CarrierIQ for their data collections software, never ran their data collection servers... obviously they're just going to pirate the client software on their phones for shits and giggles, right?
meanwhile in an alternate universe (Score:3)
on shareholderdot.com, investors are furious that sprint has foregone such a significiant exploitation of revenue stream. after all, why else does sprint exist, if not to provide them with profit?
Re:Sounds cool (Score:5, Insightful)
Well, that depends. On why Verizon never had CarrierIQ.
If it's because "we looked at it, and thought it a gross violation of our customers' privacy" then, yes, "never did it" trumps.
However, if it's because Verizon has not yet managed to get the required hardware to support the volume of data that CarrierIQ produces, combined with the analytics systems required to make bottom-line-driven decisions with that information, then, no, "never did it (yet)" does not trump. In fact, it loses, big time. Sprint, having gone down that road, sunk a bunch of money on it, and abandoned it, is the clear winner as they're unlikely to do it a second time. Verizon may still be looking at implementing it/rolling it out.
I'm not saying that's the case. I'm saying it's a possible scenario that fits with the known facts (very few in this thread) where "never did it" does not trump "stopped doing it". I don't have any idea how likely either scenario is.
Re: (Score:3)
I have a pretty good idea why Verizon never used CarrierIQ. I'll bet you do, to, if you've watched any TV in the past several years. Or listened to radio. Or seen any billboards. Or really ever existed anywhere that Verizon advertises:
"Can you hear me now?"
Remember that?
Verizon actively tests their network by driving around with special vans. They're so super-secret about it, though, that it served the basis of a national ad campaign with an obnoxious catch phrase.
Somewhat ironically, the first comment on t
Re:Sounds cool (Score:4, Interesting)
When this whole CarrierIQ thing got started, I thought this was simply a diagnostic tool, yet conspiracy theorists were going to jump all over the "...but they could" aspects of the system. I also thought it was a shame, since the carriers and manufacturers ought to be able to monitor the system so they can improve it.
Your post has made me re-think all of my notions. I don't believe any nefarious purpose was afoot-- this was a tool intended to diagnose infrastructure and device performance. However, installing it as a rootkit is a bad call. It provides a vehicle for malware, and a description of its operation-- however technically accurate it migh be-- touches too many evil buzzwords. Such a tool, while useful, is eventually too easy to turn into a PR nightmare (obviously). Then throw the malware hijacking aspect in for good measure.
Verizon does it right, at least as we see it now. Those vans do a great job of real-world testing, where their test equipment is gathering the same metrics as CarrierIQ's software, but with test data nobody will whine about.
But...
Re: (Score:2)
They control the towers. What on earth do vans do that the towers don't? And wouldn't they be testing PHONES inside the vans? Not setting up temporary towers? I don't know the details, but that just seems more likely.
Re: (Score:3)
Just to be clear, the only long distance provider that didn't immediately roll over for the feds wanting wiretaps was Qwest. It wasn't Verizon. You think they don't tap your phone on demand, just like everyone else?
Re: (Score:3)
For all the grandstanding about Verizon and "nothing works", the truth is that Verizon did manage to put together one of the best wireless networks out there. Perhaps that's more of a comment on the *other* carriers, but the other carriers DO use CarrierIQ.
My beef with Verizon isn't their network, or their phones, but their billing department. If they could somehow manage to not make up stuff to put on their bills for me to pay, I might consider using them again. Alas, they couldn't get a bill to me to save
Re: (Score:2)
In fact, after a more thorough review, the only incorrect information published by Trevor Eckhart was information he published about Verizon Wireless. A spokesperson from Verizon clarified that the privacy policy information they published on their website was not in any way related to CarrierIQ. In fact, Verizon claims to not have any dealings at all with CarrierIQ on any of their handsets. Of course, the Verizon spokesperson failed to comment when Mr. Eckhart responded by pointing out that his research discovered three IP addresses in the CarrierIQ network that were pointed to by domains like vzw-collector.demo.carrieriq.com and hupload-vzw99.carrieriq.com.
http://www.geek.com/articles/mobile/carrieriq-plot-thickens-20111123/ [geek.com]
Re: (Score:3)
Note the word "demo" in two of the three domainnames there.
CIQ almost surely tried to sell CarrierIQ to Verizon, and those hosts were likely part of their demo to Verizon.
Whatever the reason for those hosts existing, not a single deployed Android handset on Verizon had the ability to send data to any of those hosts.
I wouldn't trust VZW (Score:4, Interesting)
Uh, unless something's changed, Verizon never had CarrierIQ to begin with.
Unless something's changed, VZW has denied using CarrierIQ, but has refused to explain why CarrierIQ was found to be connecting to servers with "vzw" in their names.
As a VZW customer, I'd be shocked if VZW wasn't doing something nefarious when it comes to customer monitoring. I'd also fully expect them to then lie about it.
Note well: This doesn't mean I'd trust Sprint (or AT&T or T-Mobile or whoever) over VZW. I wouldn't trust any of them.
Re: (Score:3)
Was it actually connecting? What I read was that domains existed, implying that connections could be made. I'd really like to see some actual info about actual connections, because that might make me flip my opinions. Right now, all I have read is conjecture by financially incentivised parties.
Re: (Score:2)
Was it actually connecting? What I read was that domains existed, implying that connections could be made.
CarrierIQ was reported to be connecting to IP addresses which reversed to domain names containing "vzw". Could CarrierIQ have set-up names with "vzw" without actually having VZW as a customer? Sure. Heck, maybe VZW really *isn't* using VZW. If so, I expect they're using some other solution that does the same thing.
As a VZW corporate customer, I am intimately familar with VZW's corporate policy of treating customers like luncheon meat. Whereas with the other carriers, I only know of that policy through
Re: (Score:3)
They also offer truly unlimited data, versus all the other carriers and their bandwidth capping practices.
Re: (Score:2)
Unless you want to send that data to your laptop. Then it suddenly isn't unlimited. First "unlimited" becomes meaningless and now so has "truly unlimited"!
Re: (Score:2)
Unlimited data from your handset.
I don't think tethering costing a few extra dollars is unreasonable when you consider that if it didn't, people would choke their network with all their pirate bay and netflix traffic
Re: (Score:3)
Tethered data IS data from the handset.
I'm not saying it isn't unreasonable to charge; I'm saying it's unreasonable to call it unlimited.
Re: (Score:3)
The data usage profile of just a handset vs tethering with something like an iPad or a laptop are drastically different. You can either price the two data usages differently or price it based on worse-case scenarios and make it much more expensive for everyone.
Re: (Score:2)
Whether the profile is for a handset or a tethered handset is irrelevant. The service being sold is unlimited data.
Re: (Score:2)
It's like gas dude. If you're going to sell unlimited fuel for a car, it's not going to be the same price as unlimited fuel for an 18-wheeler. As long as mobile broadband is a constrained, shared resource (there are only so many towers and only so much spectrum), it isn't going to change.
Re: (Score:2)
Yes, however, what does the contract say?
Re: (Score:2)
That if you want tethering you're paying more for it? Good luck otherwise.
Re: (Score:2)
I am currently on the fence trying to decide between Sprint and Verizon. I think Sprint just tipped me to their side with this.
Somewhere deep in the bowels of Sprint, a marketing exec is getting a nice Christmas bonus.
Re: (Score:2)
I am currently on the fence trying to decide between Sprint and Verizon. I think Sprint just tipped me to their side with this.
Somewhere deep in the bowels of Sprint, a marketing exec is getting a nice Christmas bonus.
Why am I suddenly recalling the end of "Little Nicky" -the scene with the pineapple and Hitler... Oh, wait, you said a nice Christmas bonus, not a well deserved Christmas bonus.
Re:Sounds cool (Score:4, Interesting)
Re: (Score:2)
Having worked near them, I watched their news carefully. Customers were not happy, and they did a lot of work to turn that around. They aren't perfect, but a large company will never be.
Re: (Score:2)
Re: (Score:2)
This again? Take a look at your terms of service. They reserve the right to hand over data to law enforcement. Given the number of times any crime drama leans on someone to turn over information without a warrant, I'm surprised anyone but a pedant would expect otherwise.
People didn't know when they signed up for service that their GPS information might be turned over to LEA. That's ignorance. Any new technology that comes out, you need to know what information is private and what is not. If it's not s
Re: (Score:2)
Make sure their 4G coverage goes inside your home. For me Sprint doesn't, but Verizon does. The extra bandwidth is always handy.
Re: (Score:2)
Re: (Score:2, Informative)
You get what you pay for.
Sprint - 2847GB/mo (limited by 4G connection speed/availability)
Verizon - 5GB/mo + overage charges
I'll take service over "customer care" any day.
Re: (Score:3)
You get what you pay for.
Sprint - 2847GB/mo (limited by 4G connection speed/availability)
Verizon - 5GB/mo + overage charges
I'll take service over "customer care" any day.
I used to be a Sprint customer. I'll take the 5GB + overage charges.
Re: (Score:2)
I have been a Sprint customer for 13 years now.
Never had a problem with coverage. YMMV.
Never had a bad customer service issue with them.
But until very recently. (Last 2 or 3 years)
They had shit phones. They worked but Verizon and ATT had all the newest shit.
My friends on Verizon and T-Mobile were getting decent Android handsets before me.
Re: (Score:2)
They had shit phones. They worked but Verizon and ATT had all the newest shit.
My friends on Verizon and T-Mobile were getting decent Android handsets before me.
Had sprint for a long time (technically still do, but I'm much happier with the price I'm paying for Virgin..), and except for a few exceptional models, I agree with your statement with one caveat: sprint eventually got the models that VZ and ATT had, but months later. This turned out to be a feature - at the time the mobile industry's policy on software updates was to have a "check for updates" menu item that never did anything.
So, the Sprint phones, by being later to market, ironically had the most up-to
Sacrificial Lamb? (Score:2)
Re: (Score:2)
Exactly my first thought (Score:5, Interesting)
That was my first thought when I read the headline: what have the replaced it with?
They're apparently doing this in order to avoid being dragged in front on Congress and not out of any sort of altruism. (OK, so no one thought they were doing it out of altruism, but you may have thought they were trying to avoid alienating customers. Nope. They just want Congress to drop the issue.)
The article itself makes it pretty clear that they expect that Sprint is simply going to switch to some other software. It's kind of like how the iPhone "doesn't run CarrierIQ as of iOS 5." Well, of course it doesn't - Apple moved all of that stuff into iOS 5 itself. It's built-in to the OS now. All that CarrierIQ information is still gathered, and still sent back to Apple.
But that's OK. Remember when people were upset about the iPhone tracking you? That's a "feature" in iOS 5. Essentially, by allowing you to "track" yourself and your friends, Apple managed to turn "we constantly track and record your location" into a bullet point feature. (Not joking! [apple.com] Yes, you have to "opt in" to be allowed to see the data that Apple gathers about you. That's nice. They still gather it if you have the features turned off, you just aren't allowed to use that data yourself.)
So I fully expect that a couple of weeks after the "remove CarrierIQ update" is released, security researchers will discover Sprint phones now come with some new software with a different name that does the exact same thing.
Re: (Score:3)
I don't expect it... If Carrier IQ is replaced with anything on Sprint and AT&T handsets, it will be with something more visible to the user and less invasive, not less visible, with the ability for the user to turn it off.
One of the primary reasons CIQ had such negative publicity was the fact that it was hidden from users and EXTREMELY difficult to turn off.
Trying to replace CIQ with something else when the media and public are now aware of such things would be idiotic on an epic scale
Firmware modders
Re: (Score:2)
I'd like to know what article you were reading.
I going to go ahead and make some assumptions, because that's all that you've left me with:
1. Article says they are making OTA updates to remove Carrier IQ
2. In your paranoid world, this really means they're removing Carrier IQ and putting on Sprint IQ. Even though they're about to seriously get their assholes reamed for spying on 1.3 mil
Re: (Score:2)
You opt-in to any tracking and performance logging. It's one of the first options when you turn on the phone, and the preferences for it are pretty robust in what they allow you to enable or disable. Find My iPhone is a different feature, completely opt-in and triggered on demand, and you can use it separately from the built in logging.
Re: (Score:2)
I forgot to mention, you can also view all of the Diagnostics and Usage data on the phone itself, to see exactly what is being sent to Apple.
Re: (Score:2)
tucked away where? on radio modem fw level?
they're not a sacrificial lamb. they're a company that got some quick cash - selling diagnostics the carriers already had and giving them the option to get something they shouldn't have - and now the party is over.
Re: (Score:2)
selling diagnostics the carriers already had
This has been repeated many times, and I don't think it's true. For example, one of the listed uses of CarrierIQ is to analyze dropped calls. If the call is dropped, what device knows? The tower? Does the tower know the call wasn't handed off to another tower? Obviously the carrier would be able to find out if a call dropped or switched towers, but with millions of phones and thousands of towers, there are a lot of data points to sort through when their netwo
Re: (Score:2)
1.3M? Why Not All? (Score:3)
Why wouldn't they collect "diagnostics" on all 26 million? If I were a data analyst looking for useful data to "improve user experience" (or whatever it is they say they use it for) then I want the largest data set possible.
Re: (Score:3)
The cost of both hardware and DB licenses for a system that can handle 500 Ktps (transactions per second) at peak vs 5-10 Mtps may be significant. If I'm looking for useful data to actually improve user experience, I don't need all of them, a sample is good enough, and if I keep the volume down, I can do it on much smaller hardware and thus much smaller cost for licensing to Oracle, DB2, whatever.
Re: (Score:2)
Profit = revenue from data collected - x phones * quantities of data * cost of maintenance of those data
Re: (Score:3)
Not doing them all and using only a 'small' sample, leads more creditability to the explanation of them capturing the data to improve the system.
Carrier IQ (Score:5, Interesting)
I'd hate to work for and / or have a stake in Carrier IQ. Talk about going down in a massive ball of flames overnight! Simply put, that company, at least by name, will have to cease to exist. No one would dare want that name associated with their devices.
Re:Carrier IQ (Score:4, Insightful)
Re: (Score:3)
"Ceasing to exist" translates to: they'll axe the dev teams, sell the codebase and senior management intact to another player in the business you probably haven't heard of.
Re: (Score:2)
Unfortunately for them the name Xe is already taken.
Price Change Coming? (Score:4, Insightful)
Lucky me! (Score:3)
Re: (Score:2)
Yes when my friend was hospitalised doing a backflip while jumping off a wall matrix style, I considered myself lucky too that I'm a cripple.
Re: (Score:2)
Re: (Score:2)
You can't play Angry Birds on it.
Re: (Score:2)
It's nice to have a Blackberry through all of this.
Why? The carriers are ignoring Blackberry's policies and installing CIQ on Blackberrys. If yours did, here's a link on how to remove it. [washingtonpost.com] You're welcome.
Re: (Score:2)
Hands in the Cookie jar? (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Great! But... (Score:3)
What about those of us who already have it on our existing phones? Any way to remove it, Sprint?
Re: (Score:2)
Sprint (or at least their OEMs) are working on updates that remove it, such as the EL13 leak for the Epic 4G Touch.
now, to get that root off the existing phones (Score:2)
there are some phones shipped to Verizon that also have cIQ on them. if Verizon is not using it, they should also do an "update" strip of that root.
Looks like AT&T too (Score:4, Informative)
While Sprint has been the largest user of CarrierIQ, with the most invasive CIQ installations in devices, AT&T was starting to put it on their phones too. For example, the Samsung Infuse 4G Gingerbread leaks from September to November carried a CIQ installation that was quite invasive. All evidence of CIQ is gone from the latest UCKL2 leak.
Similarly, while the original UCKH7 build for the Galaxy S II did not have CIQ, all leaks from October and November had it start to appear - but it was removed before the official UCKK6 update that just started getting rolled out to users earlier this week.
Carrier IQ (the company) = smoking crater. Their largest user is dropping them like a hot potato, and their fastest growth market (AT&T devices) is also ditching them.
Canadians are still screwed - Rogers seems silent in terms of CIQ. They actually had the balls to claim they don't use it, even though it was clearly there in the UXKG3 firmware release for the Samsung Infuse in that country.
Android OS Upgrade (Score:2)
Now if they would only strip the other bloatware (Score:2)
Like Sprint Nascar, Sprint Football, Sprint Zone, Amazon MP3, Blockbuster (they still exist?), NOVA, Telenav GPS (which appears to be cheap knockoff of Google Maps nav mode) and Qik Video.
While I'm glad the Carrier IQ stuff is going away, I'm still planning on rooting my phone when I have the time (like over the holidays; whee!).
Re: (Score:2)
Sprint phones have had Telenav since before the iPhone came out. Like.. years before the iPhone came out. And not just the smartphones either. All the regular flip-phones where everything was java.
Re: (Score:3)
They will rebrand to something like NetworkOptimiz (Score:2)
I guess that carrier IQ will just rebrand to something positive sounding like NetworkOptimiza
Re: (Score:2)
and sell to china and middle-east and belarus(it's like russia - only more tightly gripped and without the mellow countryside).
oh wait they already probably did..
do you pay extra for tether on sprint? (Score:2)
I'm wondering, because detecting unauthorized tethering seemed to me the most "useful" use for a carrier to use cIQ for. I know at&t does that, but does sprint?
Where's My DIY Sprint Stripper? (Score:2)
Is Sprint also putting a CarrierIQ stripper app into the Android Market so I can strip it myself from my own phone? Why do I have to rely on the OEM, and probably never get it - unless with a new phone, which will have something even sneakier? I don't want to rely on even CarrierIQ detectors from a 3rd party - who knows what it will do when I install it with its permissions.
Apps should have a "line item veto" where I tell my Android OS to refuse specific permissions and accept others if I want. If a feature
Competition. (Score:2)
This, my friends, is what happens when you have it.
Re: (Score:3)
end users paid the transfers.
apparently it didn't even check how it was connected to the internet, imagine leaking that stuff over starbucks wifi.(not "shit easy" to do to check how you're connected.. but easy to do anyways, even without root).