Here’s what you need to know…
CarrierIQ is what has been described as a rootkit which is installed on most cell phones. When this news initially came out, CarrierIQ took some rather heavy-handed actions to silence the researcher looking into the application.
The concern amongst privacy activists (such as myself) is that 1) users have no ability to opt-out or 2) detect and deactivate CarrierIQ and 3) that CarrierIQ records EVERYTHING including keystrokes, text messages, phone numbers, and URLs, apparently in plain text. The circumstances and conditions which cause CarrierIQ to ‘phone-home’ are unclear at this time.
As of this time, all of the major cellphone manufacturers are stating that they do not install CarrierIQ on their devices, and some cell phone carriers (from the UK via the Guardian as well as Verizon and Rogers) have explicitly stated that they do not use CarrierIQ. CarrierIQ has been stated as being a tool which is installed by the carrier (ie. cell phone provider) and not phone manufacturers (ie. Motorola, HTC, Nokia, Microsoft, Google, Samsung, RIM, or Apple). To Apple’s credit, they do provide a way to turn CarrierIQ off, with support being dropped on future versions of the iOS software. Verizon has stated that they do not use CarrierIQ, while Sprint and AT&T have used it in the past.
CarrierIQ has made a statement to clarify [pdf]:
Our software is designed to help mobile network providers diagnose critical issues that lead to problems such as dropped calls and battery drain.
CarrierIQ in turn has pointed their finger at the carriers [via Android Central]:
Carrier IQ acts as an agent for the Operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers – the mobile Operators. Carrier IQ does not gather any other data from devices.
The United States Senate via Senator Al Franken has demanded answers [pdf]. Mashable has a good FAQ should you want to know more. Public Intelligence links to corporate manuals.