Department of Homeland Security Weighs in on Threats to Mobile Devices
A lot of mobile security is about sticking to the basics. That is the gist of the Department of Homeland Security’s (DHSs) “Roll Call Release”. Their report results practically crowns Apple’s iOS as the reigning security champions. With a miniscule percentage of iOS apps shown to be infected with malware compared to the lion’s share of infected mobile devices belonging to the various, mostly older versions of the Android OS.
The study advises members of the police, fire, EMS and other security personnel to install an Android security suite to fight the never ending threat of malware to their mobile devices and consequently, to national and personal security to boot.
Especially branded as malicious in the unclassified document is an application known as Carrier IQ. The DHS specifically advises the various branches of the government to install a mobile app dedicated to removing the perceived security threat posed by any instance of Carrier IQ existing on their device.
This inclusion in the DHS report and earlier privacy scandals has rendered the international company of the same name, whose stated mission is to deliver mobile intelligence to mobile network providers, something of a Pariah in the eyes of some members of the public and private sectors. Can this be an illustration of the rule that there is no such thing as bad publicity? Carrier IQ attempts to clear their name in an 18 page PDF downloadable from their web site explaining their technology and its deployment.
Other than any attention generated by the Roll Call Release report, mobile device end users complaining that their privacy has been compromised by the app’s gathering of user data for mobile service platform providers seems to have abated.
What remains is a company dedicated to plying several key technologic areas where they claim they've established unparalleled expertise. This expertise involves implementing on-device analytics that relay various statistical and performance data from the mobile devices of individual mobile customers to their mobile networks.
What Carrier IQ does is lend their proprietary software and API to network operators and handset manufacturers who then will generally embed it into their phones’ OS’. To accomplish this, Carrier IQ provides these vendors with a porting guide along with metrics specs. Armed with those tools, the vendors write their own custom code that will then communicate with their specific handsets and networks to transmit an array of diagnostic measurements.
What information actually gets monitored depends on how the network operator or handset manufacturer programs the profiles contained in their dashboard-like Mobile Service Intelligence Platform (MSIP).
The Wireless Analytics and Wireless Metrics data that is listed as available for the vendors to select from for the monitoring of mobile devices in Exhibits A & B of the Understanding Carrier IQ Document are extremely extensive. Upon first glance it would appear that there is very little data, private or otherwise, that a phone network or handset manufacturer does not have access to should these choose to turn on this or that feature of a given profile.
Ralph Winzinger Nov 25, 2014
John Krewson, Steve Ropa and Matt Badgley Nov 24, 2014