Download Free
Learn MoreOur Take on Carrier IQ
There’s been a growing buzz over the last couple of weeks about Carrier IQ and its presence on several Android devices across several major US carriers. There is no question that Carrier IQ has deep access to sensitive user data, and questions around the handling of that data are completely legitimate. While this is true, there are also credible reports that a deeper look at the mechanics of Carrier IQ’s software indicate a bit of hyperbole in labeling it a root kit. In short, it doesn’t appear that they are sending your keystrokes straight to the carriers.
We’ve received a number of inquiries from our customers as they’ve learned about Carrier IQ, and we’re encouraged that the mobile community is paying increasing attention to privacy risks associated with their mobile data. Based on what we know so far, it doesn’t appear that Carrier IQ’s software is malware, and for that reason it’s not flagged as such by Lookout. It is software that is developed in partnership with carriers with the intent to improve network performance. As far as we can tell, it meets this description in execution.
Metrics are all the rage these days, and it’s hip to be a metrics-driven company. It’s critical to consider users’ privacy, however, and the more sensitive the data that is being touched, the more critical it is to give your users a clear opt-out path. While this isn’t currently an option provided by Carrier IQ and its partners, we’re hopeful that it will become one in the near future.
We intend to continue this conversation with our users, network operators, Carrier IQ, and the mobile ecosystem in general. We’d also like to know how you feel about it – feel free to sound off in the comments or reach out to us directly at feedback@mylookout[dot]com.
© 2012 Lookout, Inc. All rights reserved. Patents pending.
[...] more of Tim Wyatt's post on Lookout's [...]
Whether keystrokes go to carriers or not, it’s a security hole if they are being sent to Carrier IQ without user knowledge, agreement, and way to opt out.
[...] more of Tim Wyatt’s post on Lookout’s [...]
Hmmm, not sure if it is your decision to make if it is “malware” or “rootkit”.
If Carrier IQ is sending info about our phones without our consent I would have expected Outlook to inform me.
Not only an opt out option, but it needs to be opt in from the get go. The issue with CarrierIQ is that they thought it was fun to look at our data. Time has come for them to face the truth.
[...] more of Tim Wyatt’s post on Lookout’s [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] the handling of that data are completely legitimate,” Lookout’s Tim Wyatt wrote in a blog post today. “While this is true, there are also credible reports that a deeper look at the [...]
Lookout please please let us destroy Carrier IQ.
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] around the handling of that data are completely legitimate,” Lookout’s Tim Wyatt wrote in a blog post today. “While this is true, there are also credible reports that a deeper look at the mechanics [...]
[...] the handling of that data are completely legitimate,” Lookout’s Tim Wyatt wrote in a blog post today. “While this is true, there are also credible reports that a deeper look at the [...]
[...] [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] more of Tim Wyatt’s post on Lookout’s [...]
[...] the handling of that data are completely legitimate,” Lookout’s Tim Wyatt wrote in a blog post today. “While this is true, there are also credible reports that a deeper look at the [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] more of Tim Wyatt’s post on Lookout’s [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] eure Daten. Nur die Netzperformance & Co (siehe PDF). Diese Daten gehen an den Netzbetreiber. Lockout (Mobile Security) sagt, dass die Jungs von Carrier IQ höchstwahrscheinlich nicht mehr an Daten [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] the handling of that data are completely legitimate,” Lookout’s Tim Wyatt wrote in a blog post today. “While this is true, there are also credible reports that a deeper look at the [...]
Re: “In short, it doesn’t appear that they are sending your keystrokes straight to the carriers.”
Yes, but do keystrokes get sent Delayed? Indirectly? On request?
Are the keystrokes in a log on the phone which can be seen if you ever send it back for repair?
[...] wrote in a blog post that, “it doesn’t appear that they are sending your keystrokes straight to the [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
I love lookout and my employees love it too. It’s a great way for consumers to stay protected. thanks lookout !!!
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] data are completely legitimate,” Tim Wyatt, Lookout’s principal engineer, said in a blog post. “While this is true, there are also credible reports that a deeper look at the mechanics of [...]
[...] data are completely legitimate,” Tim Wyatt, Lookout’s principal engineer, said in a blog post. “While this is true, there are also credible reports that a deeper look at the mechanics of [...]
[...] are totally legitimate,” Tim Wyatt, Lookout’s principal engineer, pronounced in a blog post. “While this is true, there are also convincing reports that a deeper demeanour during a [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] aware of its presence on their mobile devices, nor the level of data that is being collected,” says Tim Wyatt, Lookout’s Principle [...]
[...] have stringent policies on data retention. Independent mobile-security company Lookout wrote in a blog post, “It doesn’t appear that they are sending your keystrokes straight to the [...]
[...] are totally legitimate,” Tim Wyatt, Lookout’s principal engineer, pronounced in a blog post. “While this is true, there are also convincing reports that a deeper demeanour during a [...]
[...] while Carrier IQ sees a great deal of data, there’s less proof of it keeping or transmitting most of it. Security researcher Dan Rosenberg wrote that he had not observed any long-term storage or [...]
[...] IQ Detector Released By tim wyatt 0 Comments Tweet Earlier this week we gave our take on Carrier IQ, the mobile network diagnostic tool that has seen an increasing amount of scrutiny recently. Since [...]
[...] while Carrier IQ sees a great deal of data, there’s less proof of it keeping or transmitting most of it. Security researcher Dan Rosenberg wrote that he had not observed any long-term storage or [...]
[...] more of Tim Wyatt’s post on Lookout’s [...]
[...] aware of its presence on their mobile devices, nor the level of data that is being collected,” says Tim Wyatt, Lookout’s Principle [...]
[...] data are completely legitimate,” Tim Wyatt, Lookout’s principal engineer, said in a blog post. “While this is true, there are also credible reports that a deeper look at the mechanics of [...]
Hi… has lookout actually performed FULL packet captures of packets LEAVING (say Sprint EVO) devices running CIQ?
What was IN the packets?
Where were the packets sent?
Were they encrypted in transit?
Would you SHARE neutrally monitored packet data in front of the press and tech savvy audience?
[...] [...]
I am sorry Carrier IQ, the ATT of the world. You may be good guys with my data. But I just do not trust you, your employee, your data centers with full of security holes with my sensitive data. The law is the law, if you data mining us without our consent, you will have to pay for it financially, and criminally.
I hope the judge will never approve any settlement with law breakers with big fines without they have to admitting the guilt thus allow them to do it again and again as we see in the wall streets firms and else where. It is high time, these white colar criminals face jail time too.
[...] more of Tim Wyatt’s post on Lookout’s [...]
[...] data are completely legitimate,” Lookout’s Tim Wyatt wrote in a blog post today. “While this is true, there are [...]
@ivan, we are still actively working to determine more information about what Carrier IQ accesses and transmits. We will be sure to keep all of our users posted as we learn more about Carrier IQ. We will continue to keep you posted as we have more information to share. Thank you!
@Pete, thank you for your questions. Based on the information that we currently have on Carrier IQ, it does not appear that Carrier IQ is logging keystrokes. We will be sure to keep you posted as we have more information to share about Carrier IQ. Thank you.
@Thomas, thanks for your message. While our research has concluded that Carrier IQ does not appear to be malware or have malicious intent, we will continue to keep you posted as we have more information to share. If you want to determine whether or not your Android device has Carrier IQ software on it, you can download the Carrier IQ Detector app that we have created: https://market.android.com/details?id=com.lookout.carrieriqdetector.