How to drive traffic and make friends. Android. Rootkit. Travis Eckhart. CarrierIQ.

If you read the title, you win the game. Throw a few popular terms together, post a video of technical stuff going on, and toss in a few scary terms like “malware,” “rootkit,” “privacy violation,” and “lawsuit” and you’ll be making Adsense revenue hand over fist.

This CarrierIQ thing will blow over relatively quickly. The companies that have been dogged so wildly the past week won’t get an apology or retraction from the thousands of people who have been mislead by a well-intentioned developer and the dozens of blogs who were quick to turn a handful of claims and a 15-minute YouTube video into fodder for Fox News and Congress.

The bottom line on this CIQ thing is that it’s a service to monitor device performance and user interaction. This sort of system-level watchdog work is typically done in other environments by native code. E.g. Windows Event Logger, or a 3rd-party app the user installs, e.g. an antivirus or widget. From what I’m seeing, mobile carriers chose to outsource this logging integration to CarrierIQ rather than develop it in-house. In other cases, apparently Verizon and Apple, they’ve developed that same sort of software themselves. (Although I suppose they could just not be interested in monitoring device performance to that level of detail.)

From the carrier’s perspective I could certainly understand a position of justification where this data is just part of doing business, disclosed in their privacy policy and TOS, and no further thought given to disclosure or opt-out. The info they’re gathering simply isn’t that juicy. “You pushed the wake button 40 times each day, on average, this week.”

From the average consumer’s perspective, I could see that in a world of Facebook, WikiLeaks and LulzSec plastered on the news, any sort of personal data collection or potential transmission is enough to perk up your ears. BUt what happened in this case highlights one downside of popular blogging. And that is when faced with what could be a potentially serious issue, the “journalism” goes away, and copy/paste sensationalism is rampant.

Without independently verifying what Eckhart claimed, otherwise well-respected blogs quickly repeated his claims verbatim, or even added additional speculation to the claims. Any reader with less than a developer’s level of knowledge takes those statements as fact, and the level of misunderstanding compounds to the point where I’m not sure how CIQ or carriers can recover from this. Now we’ve got Congress involved–when was the last time you asked yourself “I wonder what Al Franken thinks about this highly complex technical issue?”


I’m generally as concerned about online privacy, mobile security and personal rights as the next guy. In fact I think most people that know me would say I’m a valuable source of information for issues like that. After watching Eckhart’s video, reading the same statements posted on blogs that I generally read every day, and the thousands of comments on reddit, XDA, etc. I’m frustrated and concerned that so much misinformation has been parroted.

Is this the status quo? Sensationalist claims get picked up by blogs that have built reputations over years, now simply anxious to nail some quick Adsense revenue, and then the masses follow this trail of pseudo-fact and unconfirmed claims, carrying their pitchforks the whole time?

I’ve never thought the democratization of information was a bad thing, but this mess has me concerned.

Justin Written by:

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *