Skip to Content

Why Transparent Tracking Needs Its Own App

A call for smart-phone software that lets users see what data their gadgets are sending out.
December 8, 2011

Amid widespread concern over an obscure piece of smart-phone diagnostic software that some experts say could be used to collect and transmit sensitive information, a leading academic has called on the industry to give users a one-click way to see what their gadgets are actually doing.

“It would be good to have some form of auditing function built into our devices,” says Jonathan Zittrain, a Harvard Law School professor and cofounder of the Berkman Center for Internet and Society. “The auditing function can be implemented by Apple and by handset makers through Android. Make it part of the ‘About’ tab. And it would show with whom the phone has been communicating and the sorts of things it has been sending.”

Zittrain raised the idea in an interview following a controversy over software developed by a small company called Carrier IQ. Installed on at least 140 million phones, the software is designed to operate in the background and send performance data from handsets to telecom carriers, allowing carriers to diagnose dropped calls and obtain other network information.

The company was thrown on the defensive recently when a security researcher, Trevor Eckhart, said the software collected more sensitive information including “geographical location of the device, the end user’s pressing of keys on the device, [and] usage history of the device,” and posted a video showing the software capturing the text of his text messages, Google search terms, and location information—even though he’d disabled his GPS.

Carrier IQ has taken issue with the dark implications of the researcher’s report. It says the details of the implementation were up to handset makers and that its product didn’t “record, store, or transmit” personal information. That stance has been backed up by some researchers who have nonetheless called for tighter control over what the software can do and—echoing Zittrain’s proposal—for more visibility for end users.

Already, some members of Congress have gotten involved, with Senator Al Franken, of Minnesota, demanding from Carrier IQ a detailed accounting of what data was collected and who got it, including whether law enforcement ever sought or obtained permission to use the technology as a back door for surveillance. The company is slated to reply to those questions on December 14.

There is no easy way for users to disable or remove the tool, which runs behind the scenes regardless of what the user is doing on the phone. But some handset makers, including HTC, have said they are exploring whether to allow consumers to opt out of data collection by Carrier IQ. And a security company, Bitdefender, last weekend released an app that can detect whether Carrier IQ is running on a phone. Another company, Whisper Systems, already offers Android apps that can help keep track of what different apps are up to on a device.

Catalin Cosoi, head of online threats at Bitdefender, however, says that inserting the Carrier IQ auditing function would have to be done at the operating system level, to which application developers do not have access. It would require a tweak by Apple to its iOS operating system, or by handset makers and networks using Android and other operating systems.

Until that happens, Cosoi adds, users have one other way to check what their smart phones are sending out: they can connect the phone to a laptop or PC running a traffic-sniffing program, such as Wireshark. But this is a fairly technical procedure, not the kind of simple function that users have come to expect on their phones.

Carriers and handset makers, including Apple, didn’t immediately return calls for comment on the transparency-app idea yesterday. AT&T replied to reiterate that it used Carrier IQ only for network maintenance, and did not address questions about whether it might give customers a way to audit data dispatches.

On the specifics of Carrier IQ, Zittrain says it is too soon to say how serious the matter might be. “It seems like there are competing empirical claims about what the software is doing,” he says. And until more is known, he says, it is not particularly useful to focus on what the software has the potential to do. “You could say any application or process on a traditional PC has the potential to wipe your hard drive or monitor its bits, too,” he notes.

But an easy-to-use auditing window would resolve the problem and prevent future controversies. “Why shouldn’t we know what our phones are up to?” says Zittrain. 

Keep Reading

Most Popular

open sourcing language models concept
open sourcing language models concept

Meta has built a massive new language AI—and it’s giving it away for free

Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

Yann LeCun
Yann LeCun

Yann LeCun has a bold new vision for the future of AI

One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.