While the FBI has so far blocked FOIA attempts regarding its involvement in the Carrier IQ scandal, the embattled firm has released an expansive report detailing its data collection process and responds directly the allegations against it.
Most of the information in the report has come to light previously but a few new tidbits stand out. First, the Android log files discovered by Trevor Eckhart — the ones apparently containing unencrypted users’ personal information — are the result of “debug messages from pre-production handset manufacturer software.” These logs are generated on phones sold with the Carrier IQ program preloaded but the company says it’s working with manufacturers and networks to adjust the certification process and turn off debugging messages when the phone is activated.
Second, Carrier IQ has admitted that under some “unique circumstances” a bug in the program does cause it to record SMS messages. These circumstances could include when “a user receives an SMS during a call, or during a simultaneous data session” but the messages are encrypted and unreadable. Carrier IQ goes on to reassert that MMS, email, web sites, and other media are not captured. The company states that it is currently ferreting out the bug to prevent this from reoccurring.
You can view the report in its entirety here, in pdf format.