>
New Topic
>
Reply<
Esato Forum Index
>
General discussions >
General
> "Carrier IQ" logging *everything* on your phone?
Bookmark topic
This looks like a big one - an Android dev has demonstrated how software pre-installed on millions of Android phones, along with some Nokia and Blackberry models, is secretly logging everything the user does, including all their keystrokes, even on secure sites -
http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/
The makers of the Carrier IQ software admit the app transmits data back to them but have previously denied the app logs as much as it obviously does. It seems to have been built into various ROMs from HTC and the like, runs in a "hidden" way and is very difficult/impossible to kill without rooting.
Interesting times!
--
Posted: 2011-12-01 00:20:40
Edit :
Quote
An interesting take on this from CNN -
http://tech.fortune.cnn.com/2[....]-best-reason-to-buy-an-iphone/
It has to be said, if this was an Apple product caught behaving like this, you wouldn't be able to hear yourself around here for uproar...
--
Posted: 2011-12-01 00:37:05
Edit :
Quote
Yes but didn't this happen with Apple not long back as I recall??
--
Posted: 2011-12-01 00:46:00
Edit :
Quote
No, nothing like it!
There was the so-called "location-gate", but all that consisted of was a file on the phone which locally cached location data. A bug in the software meant it wasn't clearing out old entries; a patch fixed that and also encrypted the file so it couldnt be snooped on by anyone maliciously.
This thing is logging EVERYTHING - location, keystrokes, the content of text messages, the works - and it's doing it by design so it can share it with a third party that the user has no relationship with at all. Not the same thing!
--
Posted: 2011-12-01 01:08:00
Edit :
Quote
this thing is logging EVERYTHING - location, keystrokes, the content of text messages
No, it
does not log everything. It is a service running in the background which HTC, Nokia, RIM and some operators has paid money to have installed on the device. The sad part is that the EULA seldom inform the customer of this "feature" and that it, on some devices is impossible to turn off if you want to. You can turn if of on Samsung devices.
A statement from Carrier IQ about the issue:
We would like to take this opportunity to reiterate the functionality of Carrier IQ’s software, what it does not do and what it does:
- Does not record your keystrokes.
- Does not provide tracking tools.
- Does not inspect or report on the content of your communications, such as the content of emails and SMSs.
- Does not provide real-time data reporting to any customer.
- Finally, we do not sell Carrier IQ data to third parties.
Our software is designed to help mobile network providers diagnose critical issues that lead to problems such as dropped calls and battery drain.
Here's what our software does:
- Our software makes your phone work better by identifying dropped calls and poor service.
- Our software identifies problems that impede a phone’s battery life.
- Our software makes customer service quicker, more accurate, and more efficient.
- Our software helps quickly identify trending problems to help mobile networks prevent them from becoming more widespread.
This is quite interesting reading for those interested in the functionality of the Carrier IQ software:
http://androidsecuritytest.co[....]nd-services/loggers/carrieriq/[ This Message was edited by: laffen on 2011-12-01 01:05 ]
--
Posted: 2011-12-01 01:53:04
Edit :
Quote
With respect Laffen, that's nothing more than your opinion, backed up by a week old press release from the company in question. I can see why you'd love to believe that press release, but if you actually read the article I linked to and watch the video (made by Mr Eckhart *after* he was named in that press release, and who Carrier IQ we're tryin to silence legally until very recently) you'll see hard evidence that the software DOES do everything they claim it doesn't, including key logging.
Interestingly there have now been references to CIQ found in IOS, but the analysis suggests it's old code, disabled by default, which genuinely seems related to only network performance monitoring. That seems to have been the original aim of CIQ but the version now in operation on many android handsets is clearly far, far more involved.
--
Posted: 2011-12-01 08:36:14
Edit :
Quote
What is my opinion? Please elaborate.
To me it seems like the Carrier IQ software is hooked up to hardware interrupts just like any other third party keyboard apps for example, but it does not mean that the key strokes are sent away to some kind of harvesting server. The Carrier IQ could in theory be logging key strokes, but I haven't seen any of these hard evidence you are talking about.
You might know that most OS has similar error reporting system. Mac OS has
Crash Reporter and Windows has
Windows Error Reporting. The problem is not that things are logged on the device itself, but that any data could be sent away to a third party company such as Carrier IQ without the user being informed about this. On some Samsung devices, it is possible to turn off this IQ agent while on HTC phones, it's hidden and on by default. In Apple iOS the IQ agent is turned off by default and the Carrier IQ software may only be active when the iPhone is in diagnostic mode. The agent should of course be more transparent and be an opt-in service.
--
Posted: 2011-12-01 11:20:44
Edit :
Quote
Sony Ericsson also has the Usage Info which can be turned off. Same with HTC it can be disabled.
--
Posted: 2011-12-01 11:46:00
Edit :
Quote
What's more interesting than whether Android or Apple are more responsible with user info is how to find out if this crap is on my SIM free Arc and if so, will any of the brilliant devs be able to figure out a way to turn it off or uninstall it.
--
Posted: 2011-12-01 11:49:37
Edit :
Quote
@bonovox - this is *not* the same as HTC (or Samsung, or Apple for that matter) error reporting that can be switched off. This is separate. If you watch the Eckhart video you can see how these services are unrelated, and how CIQ has no such option - on the HTC at least.
@laffen - you stated as fact that CIQ doesn't log "everything" and then backed that up with CIQ's own press release - I'd suggest to you that what you were actually stating was an opinion based on stale, biased information that you chose to believe over the report and evidence in question.
--
Posted: 2011-12-01 12:19:33
Edit :
Quote
New Topic
Reply
