Carrier IQ Makes Android Devices a Risk to Enterprises
So what does this mean to your business or your personal privacy? First, it appears that BlackBerry devices are not affected by Carrier IQ, but if it shows up on a BlackBerry, RIM will help you remove it. Second, while the iPhone may have Carrier IQ installed, it can be disabled easily and in any case may only run in a diagnostic mode. But Android devices are another story.
If your company uses Android phones, then it's important that you determine if Carrier IQ is installed on the device. If you find it, then the device should only be used for applications where there is no sensitive or protected data that can pass through it. Because Carrier IQ can record the content of email and text messages, it would probably violate U.S. Payment Card Industry, Sarbanes-Oxley Act and Health Insurance Portability and Accountability regulations even if the data isn't sent to Carrier IQ.
If you have a large corporate contract with a carrier that uses Carrier IQ, your best option is to insert language into your contract that the carrier will remove this software from any devices they provide. If the carrier refuses, then find another carrier. The risk to your company from having its protected data compromised by Carrier IQ is too great. After all, who wants to find themselves in prison just because some phone carrier wanted to monitor more than it should?
Basically, this means that if your carrier is Sprint, you'll need to check every Android device you have for the presence of Carrier IQ. If it's on those phones, the safest course is to ask Sprint to either replace the phones or remove the software. Of course, an even safer route is to buy something besides Android devices for your company. Android phones have suffered from a widespread problem with malware unrelated to Carrier IQ of late and that simply adds another layer of risk and another management headache.
If you're in the process of signing up a new wireless carrier, add language that the carrier cannot install any sort of monitoring software that has the potential to violate the law. If you allow your employees to bring their own smartphones for use at work, then you'll need to inspect them for the presence of Carrier IQ before they can be allowed on the company network or be used for company communications.
Finally, if you need some help figuring out just what information is being collected about your activities on your smartphone, Eckhart has a solution that might help. But all of this adds another layer of management time and expense. It might be better just to avoid Android for now, at least until this is figured out and stick with devices that don't have the problem, such and Windows Phones and BlackBerries, and probably iPhones if they use iOS5 and can turn off Carrier IQ.
Editor's note: This story was updated with a statement from T-Mobile regarding it's use of Carrier IQ.