Oh yes they do.

Carrier IQ (CIQ) sells persistently privileged smartphone software that cannot be uninstalled, captures everything you do, to carriers such as Sprint and Verizon. Verizon, for example, uses the following information captured by CIQ: visited website addresses, device location, usage of apps and device features. In light of CIQ, I think this email exchange between a MacRumors reader and Steve Jobs is apt:

Q: Steve,

Could you please explain the necessity of the passive location-tracking tool embedded in my iPhone? It’s kind of unnerving knowing that my exact location is being recorded at all times. Maybe you could shed some light on this for me before I switch to a Droid. They don’t track me.

A: Oh yes they do. We don’t track anyone. The info circulating around is false.

Sent from my iPhone

Update: Nilay Patel, The Verge:

The Carrier IQ smartphone tracking scandal continues to grow, but we’ve just learned some interesting news from an extremely reliable source: the Google Nexus One, Nexus S, Galaxy Nexus, and the original Xoom tablet do not contain Carrier IQ software. Each of those devices was launched in direct partnership with Google as the flagship for a new version of Android, so it seems that the addition of Carrier IQ comes from OEMs and carriers after Google open-sources Android’s code.

With more information about Carrier IQ the closer we get to finding out the truth. And so far the privacy violators seem to be not Google, not brands like HTC or Samsung, but the carriers. Should have seen that coming with a name like Carrier IQ.

Update 2: Verizon’s Jeffrey Nelson (@VZWjeffrey) tweets:

@joshuatopolsky To be 100% clear: Carrier IQ is *not* on #Verizon Wireless #VZW phones.

Update 3: Nilay Patel, The Verge:

Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service. We also use the data to understand device performance so we can figure out when issues are occurring. We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.

CIQ can and does capture content, every single keystroke in fact. Maybe Sprint is using a different version of CIQ.

Update 4: Fuzzy statement from RIM. RIM doesn’t itself install CIQ and doesn’t authorize carriers to install CIQ. Do carriers need authorization from brands? Not really, so what I’m thinking is there are currently BlackBerry smartphones out there with CIQ installed and running.

Nokia made a strong and clear statement unequivocally denying the use of CIQ:

CarrierIQ does not ship products for any Nokia devices.

If CIQ can’t be installed on Nokia devices, there’s probably zero chance that Nokia is using CIQ. But Apple isn’t quite dirt-free:

We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

That means iPhones and iPads (iPods?) running previous versions of iOS as well as some running iOS 5 are infested with CarrierIQ. Apple better get going with that future software update. I have not once agreed to ‘help’ companies by sending my usage information. I’m glad I haven’t.

Update 5: AT&T has admitted it uses CIQ. HTC points the finger squarely at U.S. carriers:

Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier.

Update 6: Jon Brodkin, Ars Technica:

But we were a bit curious about what “most of our products” means in that context. In response to our question, Apple tells us there is only one device running iOS 5 that still runs Carrier IQ, and it’s the iPhone 4.

If you own the iPhone 4, like I do, make sure to turn Settings → Location Services → System Services → Diagnostics & Usage off. I went ahead and turned off Location-Based iAds too. Let’s hope Apple issues a quick iOS 5 software update for the iPhone 4 that completely eliminates CIQ.

Update 7: CIQ speaks via John Paczkowski:

Carrier IQ acts as an agent for the Operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers — the mobile Operators. Carrier IQ does not gather any other data from devices.

Two things. One, CIQ is attempting to clear its name by stating that it does only what it is told by the carriers to do. Two, the carrier tied to Trevor Eckhart’s HTC must have asked CIQ to gather everything.

Update 8: Terrence O’Brien, Engadget:

Well, Massachusetts congressman Edward Markey has even less patience than his esteemed colleague and has already asked the FTC to open an investigation into Carrier IQ. Markey wants the Federal Trade Commission to look into whether or not the rootkit and its creators have violated the privacy of millions of cellphone users and federal wiretap laws — an accusation the company vehemently denies.

Update 9: Andrew Coward, VP of Marketing at Carrier IQ, in an interview with Dan Goodin, The Register:

The other thing to think about is that while you potentially jump through all these hoops, the operators themselves are going to have all this information one way or another. The operators themselves will comply with law enforcement. They will have a huge amount of information even without our technology.

The carriers themselves have CIQ-like capability built into the phones?

Update 10: Sean Hollister, The Verge:

It might also surprise you to know that Carrier IQ may be installed on more devices than have already been uncovered. The company actually has two different models for collecting data: the first is built directly into the operating system, while the second is more of an aftermarket solution that can be installed by the OEM or carrier. It’s only the latter that has seen widespread investigation, but Carrier IQ has been around for six years and has been installed on over 141 million devices in that time.

If CIQ is part of the OS then it’s not surprising that it will be nearly impossible to kill the process. So it must be that carriers have their own CIQ-injected versions of Android, which is installed on smartphones manufactured by the likes of HTC.

TmoNews: T-Mobile uses CIQ and here are the infected smartphones:

  • HTC Amaze 4G
  • Samsung Galaxy S II
  • Samsung Exhibit II 4G
  • T-Mobile myTouch by LG
  • T-Mobile myTouch Q by LG
  • LG DoublePlay
  • Blackberry 9900
  • Blackberry 9360
  • Blackberry 9810

Mikael Ricknäs, PCWorld:

Organizations and regulators across Europe, including Germany, have started looking into the use of Carrier IQ’s tracking software, to ensure that mobile phone vendors and operators are not violating users’ privacy.

Update 11: via Reuters. Eric Schmidt:

Android is an open platform, so it’s possible for people to build software that’s actually not very good for you, and this appears to be one. It’s a key-logger, and it actually does keep your keystrokes, and we certainly don’t work with them and we certainly don’t support it.

Update 12: FBI states Carrier IQ may be used with law enforcement proceedings. Michael Morisy, Muckrock:

A recent FOIA request to the Federal Bureau of Investigation for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ" was met with a telling denial. In it, the FBI stated it did have responsive documents – but they were exempt under a provision that covers materials that, if disclosed, might reasonably interfere with an ongoing investigation.

Hmm. Carrier IQ might be part of something much bigger than just tapping smartphones for carriers.

Update 13: Carrier IQ vice president of marketing Andrew Coward:

As we went and did a deep dive into our technology to prove to consumers that there is nothing untoward in it, we found a bug. We found that if an SMS was sent simultaneously while a user is on the phone, the SMS would be captured by our software. Obviously, this is something that doesn’t happen very often, but we discovered that it could happen, and we caught it. Now, that information was never used. It wasn’t decoded. It sat on a server in encoded format, and no one could really get to it.

Update 14: John Paczkowski:

Responding to a Washington Post report claiming it’s the subject of an official FTC investigation, Carrier IQ said this is not the case. While it is meeting with federal regulators, the company says it is doing so proactively. It wasn’t summoned to Washington as part of a formal inquiry.