Carrier-IQ Detection Tool

Carrier-IQ appears to be an innocuous little diagnostic tool that returns small statistical data sets about smartphone use and location to the service provider.  Although the manufacturer claims that only minimal information provided through the application is used by the provider, the amount of personal data the app has access to raises privacy concerns, as does its potential abuse by malware authors.
 
Several tools have been added to the Android Marketplace recently:
  • Bitdefender has announced the release of a new tool for identifying the presence of the controversial mobile network diagnostic tool Carrier-IQ.  Carrier IQ Finder instantly determines if an Android device has been outfitted with the Carrier IQ package, and if the device is being monitored.
  • Lookout Security has released Carrier IQ Detector, a free tool to detect Carrier-IQ “in an effort to keep mobile users fully informed about what their phone is doing”.
  • Voodoo has released their open source Simple Carrier IQ Detector program, which detects what they call the Carrier-IQ ROOTKIT, however, it appears to be somewhat prone to false positives.

Because the Carrier IQ mobile network diagnostic tool is deeply integrated within the device’s firmware, users cannot simply remove it.  The best you can do so far is to identify it.  We may not be able to remove the tool, but if one of these clever authors were to produce a method to exert control over the data that the tool can send, we may have a solution that does more than confirm the existance of what some see as a problem, others see as a disaster waiting to happen, and still others couldn’t care less about.  I’m in the middle group…

UPDATE –  Good Article at WindowsITPro:  http://www.windowsitpro.com/article/mobile-computing-devices/carrier-iq-security-threat-141520

Advertisements