There has been a rolling scandal about the Carrier IQ software installed by cell phone companies on 150 million phones, mostly within the United States. Subjects of outright disagreement have included the nature of the program, what information it actually collects, and under what circumstances. This post will attempt to explain Carrier IQ's architecture, and why apparently conflicting statements about it are in some instances simultaneously correct. The information in this post has been synthesised from sources including Trevor Eckhart, Ashkan Soltani, Dan Rosenberg, and Carrier IQ itself.

First, when people talk about "Carrier IQ," they can be referring to several different things. For clarity, I will give them each a number. You can think of senses 2, 3 and 4 as being "layers" of code that are wrapped around each other.

The company, Carrier IQ, Inc.; a core software library that is written by Carrier IQ Inc. and which is present on all of the 150 million handsets; a Carrier IQ application or program running on a phone, which includes the software in layer 2, but also additional porting code written by handset manufacturers (sometimes called "original equipment manufacturers" or "OEMs"), mobile network operators ("telcos"), or baseband chipset manufacturers; the entire Carrier IQ stack, which includes the program described above as layer 3, but also often includes other code within a phone's Operating System and Baseband Processor OS to send data to layer 3. Like layer 3, this code is written by handset manufacturers, telcos or baseband manufacturers.

The huge amount of disagreement about various points, such as whether Carrier IQ logs keystrokes and text message content, is a result of using the term "Carrier IQ" to mean one of these four different things, as well as the fact that layers 3 and 4 vary on depending on which manufacturer built the phone, and which network it was customized for. Finally, there is an additional configuration file (called a "Profile") that controls the behavior of layer 2 and determines what information is actually sent from the phone to a carrier or other Carrier IQ client. Profiles are programs in a domain-specific filtering language; they are normally written by Carrier IQ Inc. to the specifications of a telco or other client.

There is consensus agreement that layers 2–4 collect information that can include location, browsing history (including HTTPS URLs), application use, battery use, and data about the phone's radio activity. The Carrier IQ Profile that is active on the phone determines where this information is intentionally transmitted, under what circumstances, the way in which it is filtered or processed beforehand, and whether it contains unique phone identifiers.

Our client Trevor Eckhart (whose research set off the present firestorm) and his subsequent collaborator Ashkan Soltani have shown that on some phones, dialer keypresses and SMS text are being written to system logs by layer 4 code. However, it seems that only much more limited types of keystroke and SMS information can make their way down from layer 4 into the underlying layer 2 Carrier IQ software. Unfortunately, our current belief is that the layer-4 logging that has been observed, which goes to Android system logs, is in fact being inadvertantly transmitted to some third parties and otherwise made available to other applications on the device. This happens when crash reporting tools collect copies of the system logs for debugging purposes. The recipients of such transmissions are unlikely to have anticipated receiving keystrokes, text messages, URLs or location information through such channels, but that can in fact happen on some of the phones to which Carrier IQ has been ported. What this means is that keystrokes, text message content and other very sensitive information is in fact being transmitted from some phones on which Carrier IQ is installed to third parties.

The complexities of this situation explain the apparent contradiction between claims by Carrier IQ Inc. and researchers examining code written by the company, who have said that the company does not collect full keystroke data or the content of text messages, and others who say that they have observed this happening. People on all sides of this debate may be simultaneously correct.

The information that we need now is a complete history of all of the Profiles that carriers have ever installed on their customers' phones, to learn what the carriers meant to collect. This would be a good place for regulators and others to start their inquiries. Separately, and equally importantly, the carriers and the OEMs need to take the steps necessary, whether OS updates or better yet, removing Carrier IQ software entirely, to stop the overbroad logging and transmittal of sensitive user data out of their customers' phones.