The story of Carrier IQ, a smartphone monitoring application which was subsequently accused of being malware, became one of the biggest technology stories around, crossing over from the trade press into the consumer, provoking rhetoric from bloggers, with the legal profession also quick to join the fray.
In brief, software designed to enable operators to monitor the performance experienced by smartphone users was alleged to contain features that track personal information, sparking concerns about privacy and an investigation into which devices and operators were using it.
Due to its support by several of the biggest US operators, much of the attention focused on that side of the Atlantic, although with Carrier IQ claiming its technology has been installed on more than 140 million devices, attention was piqued worldwide.
The amount and type of data collected has been disputed, but once the genie was out of the bottle, Carrier IQ became public enemy number one.
One issue that has been largely overlooked is that whatever the end result, the motivation for the deployment of the software was good: ask most customers if they want better connectivity, and the result is likely to be a resounding yes. If this affects other aspects of the device performance, such as reducing battery drain, then even better.
But it is the way in which this was done that came up short, with operators and device makers not being upfront about where, when and why the software was deployed. Indeed, Carrier IQ’s initial response to the claims made against its software was to call in the lawyers, with a cease-and-desist letter sent to the man who discovered its (apparently hidden) functionality.
In some ways, the approach taken fits with the telco attitudes of old: we supplied the device, we subsidised the device, we are providing connectivity, so we can do what we want with data collected when it is in use. Indeed, had it been installed on feature phones, it is unlikely that anyone would have ever detected its presence.
But as Vodafone discovered to its cost last year, when it attempted to push more of its own software and services to customer via a firmware update, customers do not take kindly to some players unilaterally using their position in the value chain for their own ends. In much the same way as customers complain about the way some PC vendors pre-load machines with large amounts of unwanted software, the same is true of mobile devices, with attacks on operator and vendor “bloatware.”
Indeed, the growth of smartphones has led to a new world where customers see their devices more like PCs, and where developers are able to probe deeply into handsets to see what they are doing – and why. Like with PCs, customers are increasingly becoming aware of the potential for “spyware,” and as Facebook will undoubtedly testify, user privacy has now become a mainstream issue.
It was previously alleged that “two thirds” of the most popular Android apps “used sensitive data suspiciously.” But some of this information sharing was to enable mobile advertising, in order to allow developers to still make money from free apps – and consumers have certainly shown an appetite for free as a price point.
There are parallels to be drawn between the two issues: in both cases the intention was not malicious, but the lack of communication meant that users were – understandably – suspicious when potentially privacy-breaching features were highlighted. It is perhaps not what the software is doing that is the issue, but the impression of secrecy – after all, if everything is above board, why hide it?
Monitoring network performance to assess user experience does not breach user privacy. Using (some) data to monetise free apps is not “suspicious.” The problem comes when this is done without the user explicitly being aware of, and consenting to, the process.
The editorial views expressed in this article are solely those of the author(s) and will not necessarily reflect the views of the GSMA, its Members or Associate Members