An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, webs browsing and received messages of its users.
In a YouTube video, Trevor
Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his
device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software.
Eckhart then connected the device to a Wi-Fi network and pointed his browser at Google. Even though he denied the option
to share his physical location, the Carrier IQ software recorded it. The secret app then recorded the precise input of his search query, hello world, even though he typed it into a page that uses the SSL, or secure sockets layer, protocol to
encrypt data sent between the device and the servers.
In an interview last week, Carrier IQ VP of Marketing Andrew Coward rejected claims the software posed a privacy threat because it never captured key presses. Our technology is not real
time, he claimed at the time. It's not constantly reporting back. It's gathering information up and is usually transmitted in small doses. Coward went on to claim that Carrier IQ was a diagnostic tool designed to give network carriers and
device manufacturers detailed information about the causes of dropped calls and other performance issues.
Carrier IQ and Your Phone: Everything You Need to Know
See
article from mashable.com
Is the software only on smartphones? Carrier IQ
says its software is on feature phones, smartphones, and tablets.
Is it on my phone? Carrier IQ is running on 141 million devices in the U.S., according to InformationWeek. Among the major carriers, Sprint, T-Mobile and AT&T have
confirmed that they use it, and Verizon Wireless told Mashable that it doesn't.
On the manufacturer side, both RIM and Nokia made statements that said it doesn't install or authorize its carrier partners to install Carrier IQ on phones. Nokia
similarly denied installing Carrier IQ on its products. If you're an iPhone owner, Apple told AllThingsD that it removed Carrier IQ in most of its products when it released iOS 5, with plans to remove it completely in a future software update.
How do I get rid of Carrier IQ? If you have an Android phone, you can find out whether or not Carrier IQ is installed by using Eckhart's Logging Test App, and you can use the app to remove the software for the cost of a dollar. The app requires
rooting your phone, however, so proceed with caution and be warned: Some reports say it's not always successful.
On an iPhone, it may already be absent from your iOS 5 device, according to Apple, but if you want to be 100% safe, TechCrunch says
you should open your settings, go to Diagnostics & Usage, and select Don't Send.
How likely is it that data collected by Carrier IQ could be accessed by a third party such as the security agemcies? ...
Update: Under Investigation in the US
6th December 2011. See article from
guardian.co.uk
US senator Al Franken has asked software maker Carrier IQ to respond to claims by an independent security researcher that its products collect and transmit
potentially sensitive data about millions of mobile phone users.
Update: Under Investigation in Europe
7th December 2011. See article from gamepolitics.com
Watchdog groups and
governments in Europe are taking a closer look at Carrier IQ's tracking software, to make sure those mobile phone vendors and operators who use it are not violating users' privacy or the law. The Bavarian State Office for Data Protection recently sent a
letter to Apple asking it how it uses Carrier IQ's software.
The most important thing to me is that users know how their data is used, and if that isn't the case there is a problem, said Thomas Kranig, president of the Bavarian data
protection office. Kranig did not comment on the letter's contents, but tells PC World that he expects an answer from Apple within about two weeks.
Update: Law Suit
10th December 2011. See
article from mashable.com
A class action lawsuit, spotted by Ars
Technica, was filed in Delaware late Friday against Apple, AT&T, Carrier IQ, HTC, Motorola Mobility, Sprint Nextel, Samsung, and T-Mobile USA.
Filed on behalf of four plaintiffs who use smartphones, the suit claims the installation and use of
Carrier IQ violates the Federal Wiretap Act, Stored Electronic Communications Act, and the Computer Fraud and Abuse Act. It demands financial compensation, as well as a court order to prevent the companies from installing such potentially privacy-busting
software in future.