Intelligent Machines

Why Transparent Tracking Needs Its Own App

A call for smart-phone software that lets users see what data their gadgets are sending out.

Amid widespread concern over an obscure piece of smart-phone diagnostic software that some experts say could be used to collect and transmit sensitive information, a leading academic has called on the industry to give users a one-click way to see what their gadgets are actually doing.

“It would be good to have some form of auditing function built into our devices,” says Jonathan Zittrain, a Harvard Law School professor and cofounder of the Berkman Center for Internet and Society. “The auditing function can be implemented by Apple and by handset makers through Android. Make it part of the ‘About’ tab. And it would show with whom the phone has been communicating and the sorts of things it has been sending.”

Zittrain raised the idea in an interview following a controversy over software developed by a small company called Carrier IQ. Installed on at least 140 million phones, the software is designed to operate in the background and send performance data from handsets to telecom carriers, allowing carriers to diagnose dropped calls and obtain other network information.

The company was thrown on the defensive recently when a security researcher, Trevor Eckhart, said the software collected more sensitive information including “geographical location of the device, the end user’s pressing of keys on the device, [and] usage history of the device,” and posted a video showing the software capturing the text of his text messages, Google search terms, and location information—even though he’d disabled his GPS.

Carrier IQ has taken issue with the dark implications of the researcher’s report. It says the details of the implementation were up to handset makers and that its product didn’t “record, store, or transmit” personal information. That stance has been backed up by some researchers who have nonetheless called for tighter control over what the software can do and—echoing Zittrain’s proposal—for more visibility for end users.

Already, some members of Congress have gotten involved, with Senator Al Franken, of Minnesota, demanding from Carrier IQ a detailed accounting of what data was collected and who got it, including whether law enforcement ever sought or obtained permission to use the technology as a back door for surveillance. The company is slated to reply to those questions on December 14.

There is no easy way for users to disable or remove the tool, which runs behind the scenes regardless of what the user is doing on the phone. But some handset makers, including HTC, have said they are exploring whether to allow consumers to opt out of data collection by Carrier IQ. And a security company, Bitdefender, last weekend released an app that can detect whether Carrier IQ is running on a phone. Another company, Whisper Systems, already offers Android apps that can help keep track of what different apps are up to on a device.

Catalin Cosoi, head of online threats at Bitdefender, however, says that inserting the Carrier IQ auditing function would have to be done at the operating system level, to which application developers do not have access. It would require a tweak by Apple to its iOS operating system, or by handset makers and networks using Android and other operating systems.

Until that happens, Cosoi adds, users have one other way to check what their smart phones are sending out: they can connect the phone to a laptop or PC running a traffic-sniffing program, such as Wireshark. But this is a fairly technical procedure, not the kind of simple function that users have come to expect on their phones.

Carriers and handset makers, including Apple, didn’t immediately return calls for comment on the transparency-app idea yesterday. AT&T replied to reiterate that it used Carrier IQ only for network maintenance, and did not address questions about whether it might give customers a way to audit data dispatches.

On the specifics of Carrier IQ, Zittrain says it is too soon to say how serious the matter might be. “It seems like there are competing empirical claims about what the software is doing,” he says. And until more is known, he says, it is not particularly useful to focus on what the software has the potential to do. “You could say any application or process on a traditional PC has the potential to wipe your hard drive or monitor its bits, too,” he notes.

But an easy-to-use auditing window would resolve the problem and prevent future controversies. “Why shouldn’t we know what our phones are up to?” says Zittrain. 

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.
Subscribe today

Uh oh–you've read all five of your free articles for this month.

Insider Premium

$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.

  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Join in and ask questions as our editors talk to innovators from around the world.

  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

You've read of free articles this month.