Trevor Eckhart, a Torrington security researcher, has set off a firestorm over his allegations that a diagnostic software company, CarrierIQ, is capturing the content of text messages and other personally identifiable information on hundreds of millions of mobile phones running the Google Android operating system.

Eckhart alleged that the Carrier IQ software is often enabled by default on many phones, running as a “rootkit” that does not show up on a list of active tasks running on the device.  Further, he showed that the software has the potential to transmit personally identifiable information back to carriers and/or manufacturers, including text messages, location data, and URLs of websites visited. 

Eckhart’s findings raised concerns that the data collected could be linked to specific users should carriers choose to collect information in that manner.  Additionally, Eckhart discovered the software has the ability to log individual keystrokes and that it could capture private data sent to secure websites prior to the information being encrypted and transmitted.

Following Eckhart’s publication, Carrier IQ issued a cease and desist letter threatening him with legal action if he did not remove his post.  Eckhart reached out to the Electronic Frontier Foundation, a non-profit organization that protects free speech online, who took up his case and forced Carrier IQ to retract its demands.  Carrier IQ has since issued an apology.

For its part Carrier IQ claims that it is not transmitting all of the data its software has the potential to collect.

“While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen,” the company said in a statement.

Despite that assurance, Eckhart released a YouTube video that shows SMS data is in fact logged by the software.  That video has been viewed more than 1.3 million times since its release on November 28.

YouTube video

Carrier IQ’s website includes a running ticker of the 141 million installations of its software on mobile handsets.  The ticker adds about one device per second to that figure.  Carrier IQ claims they are a “consumer advocate to the mobile provider” in their statement, stating they help carriers identify problems related to dropped calls and battery life. 

Adding to the complexity of the story is that each manufacturer and carrier can choose to use the software in different ways.  Nearly all major manufacturers, including Apple, HTC, and Samsung, currently or have used the company’s software to log issues with their handsets.  Apple said it stopped supporting the software in its latest version of its operating system but it still may be installed on older devices even with the new upgrade.  A future version will remove it completely. 

Carriers are also chiming in.  Computerworld reports that Verizon has denied using Carrier IQ for data collection, but Eckhart said in his initial publication that he has found it installed on Verizon handsets.  AT&T and Sprint both acknowledged to Computerworld they use the software to track performance of its network.

Senator Al Franken issued a letter to Carrier IQ asking the company to clarify what data it collects and how.  Franken set a deadline of December 14 for the information.  A number of class actions lawsuits have already been filed against the company, manufacturers, and carriers. 

Lon Seidman is the host and producer of “Lon.TV,” a consumer technology video show that is on a number of platforms including YouTube and Amazon. He creates in-depth, consumer-friendly product reviews and commentary. His YouTube channel has over 300,000 subscribers and more than 100 million views.

In addition to being a full-time content creator, Lon is an adjunct faculty member at the University of Hartford (his alma mater) where he teaches a course in entrepreneurial content creation.

Prior to becoming a full-time creator, Lon was a partner at The Safety Zone, his family’s business that manufactures gloves and safety equipment. The company has locations around the globe and employs over 200 people worldwide. The Safety Zone was acquired by the Genuine Parts Corporation in 2016.

Lon is also active in public service, serving as the Chairman of the Essex Board of Education, a member of the Region 4 Board of Education, and as the Secretary / Treasurer of the Connecticut Association of Boards of Education. He was endorsed by both Democrats and Republicans for his re-election in 2021.

The views, opinions, positions, or strategies expressed by the author are theirs alone, and do not necessarily reflect the views, opinions, or positions of