As if IT admins didn't have enough to worry about with all this consumerization stuff: Around 150 million smartphones out there have software that's secretly logging detailed user activity and information.
That's according to security researcher Trevor Eckhart, whose "What is Carrier IQ?" report shook the smartphone market this week. Turns out that Carrier IQ is, according to his research, a company whose software runs in the background of smartphones and accesses all sorts of data, including keystrokes, browsing history and even the content of text messages. That's scary enough if you're a consumer using your phone for personal tasks. But imagine if you're an IT guy and all your employees are using their personal devices to read and write emails, access and modify corporate documents, etc. Welcome to Securitynightmareville. Population: You.
Not surprisingly, Carrier IQ downplayed these concerns, telling AllThingsD that its software ignores personal information and only pays attention to data that helps diagnose handset and network problems.
"The software receives a huge amount of information from the operating system," marketing vice president Andrew Coward told the blog. "But just because it receives it doesn’t mean that it’s being used to gather intelligence about the user or passed along to the carrier."
Still, the fact that the software receives any personal or corporate data at all should be alarming -- especially if your company is subject to compliance regulations, where just the fact that a third party could access protected data can land you in hot water. The news about Carrier IQ shows that IT really needs to pay attention to what devices their employees are using, what corporate data and applications they can access and what systems are in place to prevent unauthorized access.
But even then, a lot of issues are out of IT's control. If you're worried about Carrier IQ, you can try to stop employees from using devices that have the software. Oh, wait. We still don't know exactly which phones run Carrier IQ. Apple said the iPhone used to use Carrier IQ but doesn't anymore. AT&T, Sprint, T-Mobile, HTC and Samsung said some of their devices use it, and Verizon Wireless, Nokia, Research in Motion, Microsoft and Hewlett-Packard said theirs don't, but some people aren't 100% sure and others think these companies might just be using other technology that does the same thing. Got that?
The only real solution for IT is to prevent all employees from using personal phones for work until this all gets sorted out. But any solution that enrages your users and decimates productivity isn't really much of a solution at all, now is it? Consumerization is going to give rise to all sorts of issues like this one, where IT really has no appealing options.