Carrier IQ touches on insecure log files, puts the blame on manufacturers
Carrier IQ has come under quite a bit of criticism as of late thanks to a video posted by Android developer Trevor Eckhart that shows the software logging much of what the user does, including key presses and sending and receiving text messages, and storing the data in an insecure, plain text log file. However, Andrew Coward, Carrier IQ's VP of Marketing, claims that those easy-to-access logs are the fault of the manufacturer, not Carrier IQ. Coward explained in an interview with The Verge that Carrier IQ has created an API that allows for manufacturers to communicate with the software installed on the devices and that Carrier IQ has no access to the data that's gathered by carriers and manufacturers. Then the manufacturer must implement a way for the OS to gather the data and pass it on to Carrier IQ's software, meaning that the manufacturer is responsible for collecting and storing that information. Coward did say that Carrier IQ's software does keep a log file of its own, but that it's a secure file and is frequently overwritten.
It's good to finally hear Carrier IQ come out and speak at length about the situation that's going on, especially considering how much attention this situation has garnered in such a short period of time. The blame for these insecure log files has been passed around quite a bit between Carrier IQ, the operators, and the manufacturers, and now that CIQ has put the focus on the handset makers, it should be interesting to hear how they respond. We'll keep an eye on the situation and alert you to any updates that we get.