This week has been hell for CarrierIQ, the company providing software for 140 million smartphones around the world. It's not surprising considering they've tried to log user data in a completely un-transparent way, and without giving the user a way to stop it. Right now, the FTC got involved and there's a class action lawsuit against them. Plus, all the carriers will now want to stay as far away from them as possible. This means only one thing. CarrierIQ is done as a company, because nobody will want to ever use their software again.
But CarrierIQ didn't come out of nowhere and landed on our phones. The manufacturers and carriers gave them this opportunity, and they should be blamed just as much as CarrierIQ themselves, if not more so. HTC and Samsung used this software on some of their phones, and earlier this year when a researcher found some vulnerabilities in HTC's phones, HTC pretended that they had no idea how those happened, and they will work to fix it. When in fact, HTC knew all along that the whole thing was planned, to get that monitoring data from the users.
It's not obvious yet if they logged keystrokes. CarrierIQ definitely says they didn't do that, but either way they broke a few laws, but logging data without the user's permission. I really don't know how these companies actually expect not to be caught with stuff like this in this day and age, with thriving hacker communities, who love nothing more than to tinker with the software inside their Android phones. How do they actually expect no one will ever find out? All companies from now on need to adopt a highly ethical and transparent approach, otherwise they will be found out and the backlash will be huge.
This is important to understand because even if CarrierIQ gets eliminated from their phones, it doesn't necessarily mean they won't use something similar in the future under a different name. And once again, they will be found out. So if I were them, I'd rather be safe than sorry, because public opinion can only forgive these companies so many times.
These Android manufacturers are not the only ones to use the software. Apple has used it, too, up until iOS5. Obviously that doesn't wash their mistake so easily, either, because it means they've also been logging user data for years, and only since two months ago they've stopped doing it, apparently just in time before it was discovered. Hopefully, from now on these companies will think twice before adding software like this to their phones, although this probably won't save them from losing millions of dollars in the upcoming class-action lawsuits.
If you want to check if you have the CarrierIQ software installed, check out one of these apps in the Android Market.