NEW YORK (CNNMoney) — Carrier IQ is a piece of software installed on millions of mobile phones that logs everything their users do, from what websites they browse to what their text messages say.
No, it’s not part of some great Orwellian plot; it’s a diagnostic tool that carriers say plays a crucial role in helping them assess and troubleshoot their networks. But the recording app, which flew under the radar for years until security researchers drew attention to it recently, is setting off red-alert privacy and security alarms.
It’s also spotlighting how little customers — and, sometimes, the carriers and manufacturers themselves — know about what goes on under the hood of their data-stuffed mobile devices.
Reports about Carrier IQ’s hair-raisingly detailed tracking capabilities began swirling in the tech press several months ago and gained steam after Android developer Trevor Eckhart posted an analysis of the software’s data logs.
But on Monday, Eckhart followed up with a 17-minute YouTube videoshowing how the software secretly runs on his HTC EVO 3D Android phone and logs every key press, every text, and the full URL of every website he visits. It recorded that data even from websites that use security encryption designed to prevent that kind of tracking.
Then word began spreading about just how ubiquitous Carrier IQ’s software is. It’s on an estimated 150 million mobile devices.
AT&T (T, Fortune 500) and Sprint (S, Fortune 500) confirmed to CNNMoney that handsets on their networks run Carrier IQ’s software and transmit information from it back to them. T-Mobile, which was not immediately prepared to comment, also uses Carrier IQ to monitor devices on its network, researchers say.
Verizon Wireless (VZ, Fortune 500) says it doesn’t use Carrier IQ’s software. It also claims that it doesn’t run anything similar, though Verizon’s rivals all disputed that, insisting that modern networks can’t operate without these kinds of diagnostic tools.
Apple (AAPL, Fortune 500) also confirmed Thursday to CNNMoney that the software is running on some of its mobile devices, but the company says it stopped supporting it in the latest version of iOS and will completely eliminate Carrier IQ from all iPhones and iPads in an upcoming software update.
What the logging tool does: Carrier IQ — and several of its major customers — say its software is being misunderstood.
Carrier IQ says the core purpose of its tool is to uncover broad trends across a network. Its software can help carriers find out where calls are dropping and why, and zero in on device glitches. If a specific handset line from HTC, say, has a battery life problem, Carrier IQ’s software will help surface the problem.
Sprint, for example, said it uses Carrier IQ to root out network problems.
“We collect enough information to understand the customer experience with devices on our network and how to address any connection problems,” Sprint said in a prepared statement. “We do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.”
But as Eckhart’s video and other security investigations have illustrated, Carrier IQ is logging a shockingly extensive cache of data.
In response, Carrier IQ issued a statement saying that it doesn’t “record,” meaning it doesn’t actually transmit to the carriers or anyone else, most of the information it stores on phones.
It’s a technical but meaningful distinction. Sprint and AT&T said that they do not and cannot collect the kinds of detailed information that the Carrier IQ software tracks on the phone.
Independent security analyst Dan Rosenberg has studied Carrier IQ’s software and several wireless providers’ user of it. As he puts it: “People need to recognize that there’s a big difference between recording events like keystrokes … and actually collecting, storing, and transmitting this data to carriers, which doesn’t happen.”
He added: “After reverse engineering Carrier IQ myself, I have seen no evidence that they are collecting anything more than what they’ve publicly claimed: anonymized metrics data.”
Still, he didn’t let Carrier IQ off the hook completely. There are significant privacy concerns — which both Carrier IQ and its customers seem to have overlooked — associated with having a big chunk of personal data stashed on your phone.
Rosenberg called that software design approach “pretty bad.”
Christopher Soghoian, a cyberprivacy researcher and fellow at human rights organization Open Society, echoed that view.
“Carrier IQ doesn’t seem as nefarious as incompetent, but that may not be enough to allay the legitimate concerns of the public,” he said. “There would be huge issues if this data were transmitted to a carrier, but even if not, it presents huge concerns. This would be a gold mine for a hacker.”
Soghoian thinks that Carrier IQ has far more access and stores much more information on phones than it should.
Yet users are essentially powerless to stop it. The software is so buried in the device’s operating system that the average consumer can’t possibly delete it, and doing so would void the phone’s warranty.
“It’s not reviewed by Google’s security team, it’s not audited, it may not get regular security updates, and you really don’t want one app to have all that information,” Soghoian noted.
Google insisted that Carrier IQ is installed at the manufacturer and carrier level. A company spokesman said it had no involvement with the software’s appearance on its Android devices.
One thing is clear: This mess isn’t over. What began as a wonky technical issue is becoming the subject of widespread public scrutiny.
Senator Al Franken, a Democrat from Minnesota, fired off a letter to Carrier IQ on Thursday demanding answers. Franken said he is “very concerned” by reports that the software “is logging and may be transmitting extraordinarily sensitive information.”
He’s far from the only one with those concerns.