Article by  

"Android", "Key Logging", "Smartphone", "Android", "iPhone" , "Blackberry"

Earlier this month, security researcher Trevor Eckhart published information that showed how software manufactured by a company named Carrier IQ logs and transmits data on your personal cell phone without your consent. Carrier IQ responded by suing Eckhart (the suit has since been dropped). It then issued a statement claiming that its software “Does not record your keystrokes” and “Does not inspect or report the content of your communications, such as the content of emails and SMS.”

Claptrap.

Eckhart has just published a 17-minute video illustrating how Carrier IQ’s software logs and reports data even when a phone is set for airplane mode or is only communicating via WiFi. The video is long because Eckhart steps through each stage of the process from bootup to web search. If you want to skip to the actual logging, it begins at 8:38. Web search logging is demonstrated at 13:45.

 

The program can’t be shut off, isn’t shown in the “Running Programs” dialog, and — contrary to Carrier IQ’s statements – transmits SMS and keystroke information as plain text, even when searching Google in HTTPS mode. Furthermore, Carrier IQ logs the content of an SMS before the end-user is even notified that a message has been received. There’s a diagram of Carrier IQ’s activity pictured below.

Carrier IQ, however, isn’t the real villain of the story. That role goes to the carriers such as AT&T and manufacturers who have authorized the installation of CIQ software on to their devices without feeling the need to inform consumers of its presence or the manner in which it tracks their usage.

The companies involved may wind up arguing that they don’t retain any of the keystroke or SMS data they receive, but there’s no disputing the fact that the data is logged and transmitted. Given the degree of dodging and reversal going on in multiple quarters, anything that now emerges will be viewed with an increasingly jaundiced eye.

As violations of privacy go, this makes Apple’s “locationgate” scandal from earlier this year look like nothing more than a minor hiccup. Carrier IQ’s software tracks search information, location, and unique device identification data even when communication is being handled by WiFi rather than the carrier’s network. It does so even when all location and data sharing services have been disabled.

"Trevor Eckhart", "Android", "iPhone", "blackberry", "Smartphone", "Security"

If ever a privacy issue deserved to explode in the faces of those responsible, this one does. The degree of data collection goes far, far beyond any claim to collect anonymous usage information or statistics on dropped calls. There’s no reason for the software to even parse the content of SMS data or to log web searches in plain text, much less to report every button press.

What you can do

As of this writing, Carrier IQ’s software has been found on smartphones from HTC, Samsung, BlackBerry, and Nokia. The Android app Any Cut can be used to determine if a phone is running CIQ’s software — once installed, it allows the user to create a shortcut to any application, including those normally hidden. If IQRD and IQAgent are presented as options, your phone is infected.

Android users who are comfortable tinkering with their phones have the option of installing CyanogenMod or an equivalent product. Because CM is based an open version of Android rather than a custom, manufacturer-provided ROM, it lacks the kernel hooks used to tie CIQ to particular devices.

Apple products are another possibility. Normally we’d shy away from suggesting that Android users consider jumping ship, given that many Android users cite Apple’s closed"Steve Jobs", "Apple", "iPhone", "Security", "TechHelper" software model as a reason for avoiding their products. In this case, however, the Android handset manufacturers have committed a colossal breach of trust, to the point of undermining the very openness that supposedly underpins Android in the first place. It is, at least, an option.

Those of you who aren’t willing/able to switch phones and don’t feel comfortable installing customized firmware should make noise — and lots of it. In this case, the fact that (nearly) “everyone is doing it” is no reason to continue. The CIQ software, as it currently functions, blatantly violates both privacy agreements and security best practices. It’s also the best reason to buy an iPhone that we’ve heard in months. Given the choice between a closed software ecosystem and an open phone that spies on its user, we’ll take closed software every time.

Update @ 16:30 ET: Several readers have pointed out that Windows Phone 7 devices may also be valid options. To the best of our knowledge, Carrier IQ (or an analogous program) has not been found on a WP7 product.

 

Reblogged Via extremetech.com

One Response to Carrier IQ is the best reason yet to switch to the iPhone

  1. King_cantona007 says:

    How To Remove It From Your Device

    If you want to remove it from your device, you have two choices. Either flash a custom ROM that doesn’t contain Carrier IQ (as described above), or use Eckhart’s Logging Test App to remove it. Both solutions require rooting your phone.
    To remove it with the Logging Test App, download the original app and then buy the $0.99 Pro licence from the Android Market. Then, open it up, hit the Menu button, and tap “Remove CIQ”. This will completely remove it from your device.

Leave a Reply

About The Author

Nick

Nick is an IT Professional who has been in the IT industry for over 15 years. A passion for technology & thirst for knowledge. A certified ITIL v3 professional, Nick is qualified & dedicated to delivering effective & efficient IT services with an Honest smile.