What Is Carrier IQ? Why Should We Care?

3/31/2011: Hello, Slashdotters!

11/14/2011: Hello, XDA and Android media!

12/3/2011: Hello, InformationWeek readers!

12/11/2011: Hello, lawyers!



Update: we have some definitive answers on exactly what CIQ does and does not do. With much thanks to Dan Rosenberg (@djrbliss), please see the following: http://vulnfactory.org/blog/2011/12/...he-real-story/



Quote: Originally Posted by DISCLAIMER - READ Originally Posted by Carrier IQ spokeswoman Mira Woods states, "While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools."



Further research is necessary to confirm or deny this statement. The original post as written in February follows. Please note that "receives" is NOT equivalent to "sends off" or "logs". When this post was written, what was done after receipt was not known. XDA author egzthunder1 has published an article on CIQ, with LOTS of information provided by developer TrevE. If you did not come here from that article, please click HERE to read it.

Quote: [T]he combination of the MSIP and IQ Insight lets you move seamlessly from broad trend data across many users, through comparative groups down to diagnostic data from individual devices. Now, not only can you identify trends, you have the power to drill down to specific instances, giving you the insight your specialists need to make a difference.

Put simply - and bluntly - Carrier IQ is a software package buried deep within Android by Samsung at the behest of Sprint. It has been in active use since the time of the Moment, if not before. The company that develops it, also known as Carrier IQ , bills it as "Mobile Service Intelligence". In their own words,On its own, that description can vary from harmless, to worrying, depending on how you look at it. It's not until one drills deep down into the system and ferrets out every piece of the software that one truly knows what it contains. As some of you might remember, we took the first steps toward disabling the Carrier IQ software with the release of SyndicateROM and Xtreme Kernel 1.0. That, however, didn't even scratch the surface.Carrier IQ's native libraries are plainly visible - libiq_client.so and libiq_service.so in /system/lib. During every boot, this service is launched - you can see it in Settings > Applications > Running Services as "IQAgent Service". These native libraries are called by non-native (Android application) libraries located in ext.jar (the client) and framework.jar (the service). Removal of these (rather obviously-named) libraries alone, be it the .so files or the libraries in framework or ext, will, obviously, break boot. So I had to dig deeper. To make a long story short, reference to the IQ Service and IQ Client were littered across the deepest portions of the framework, and some of the most basic functions of the Android system as we know it.Carrier IQ as a platform is designed to collect "metrics" at any scale. What I found it to hook into is far beyond the scope of anything a carrier needs - or should want - to be collecting. Carrier IQ sits in the middle of, and "checks" the data of, SMS and MMS messages. It listens for and receives every battery change notifications. It hooks into every web page you view, and every XML file your device reads. It receives. It 'sees' what you type on the physical keyboard. It reads every number you press in the dialer. It can track which applications you use, what 'type' they are, how often, and for how long. It hooks into data sent and received.The only saving grace - if there is one - to this nasty, ten-legged mutant spider is that its logs are off by default. During the investigation process, I was able to enter its UI. Below are two screenshots of it.That being said, the question still must be asked - why is the service even running? Why does Sprint and Samsung feel the need to leave a dormant monster in every one of its most loyal customers' phones?In testing, I and others noticed a significant rise in Smartbench scores and overall system 'snappiness' after Carrier IQ's removal. In addition, with it removed, a prominent tester saw 30 hours of battery life, with heavy use, on the stock battery.Thanks for the long read!