Your Android, BlackBerry, or Nokia phone may be spying on you

Last week 25 year old researcher Trevor Eckhart uncovered a piece of software installed on most Android, BlackBerry, and Nokia phones called Carrier IQ.  Eckhart revealed that the software tracked the user’s phone experience and pushed that data back to central servers. This week Eckhart released a video chronicling some of the more offensive tasks of Carrier IQ, features the company claimed the software did not do.

ADVERTISEMENT

Eckhart originally labeled the Carrier IQ software as a “rootkit” which incensed the software maker, who immediately threatened him with legal action. The Electronic Frontier Foundation (EFF) immediately jumped to Eckhart’s aid (PDF) forcing Carrier IQ to drop their claims and issue an apology (PDF).

“As, of today, we are withdrawing our cease and desist letter to Mr. Trevor Eckhart. We have reached out to Mr. Eckhart and the Electronic Frontier Foundation (EFF) to apologize. Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.”

In the same timeframe, Carrier IQ made a list of what the software does not do. First, they do not share their data with third parties. The general reason for the software is for carriers to perform quality control on their network and devices by being able to track dropped calls and outages. Carrier IQ says the software will not record your keystrokes, provide tracking tools, inspect/report on the contents of emails and SMS or provide real time data reporting to customers.

ADVERTISEMENT

Echkart has just released a video this week that demonstrates what the software does do and some of it directly refutes the company’s claims. In the video, the research shows the software logging his online search of “hello world.” In addition, his keystrokes while dialing numbers are logged (which means each number you dial is logged and recorded). That data, along with the contents of text messages, is quietly sent back to the Carrier IQ central servers without the phone user even knowing. All of this is done by the phone even when the user is connected to a WiFi network instead of their wireless carrier.

The most offensive part about all of this is there is absolutely no way to disable this software. The only way to get rid of Carrier IQ is to root your phone and reinstall the operating system which has been specifically compiled without the application built in.

I will be really surprised if this isn’t a violation of some privacy policies or even some privacy laws. There is a specific government ban on wiretapping, but perhaps this gets around that by not actually recording the phone calls themselves? Either way this needs to be investigated and customers should have a way to opt out of this kind of data collection.

ADVERTISEMENT

Let us know what you think of this horrendous piece of software in the comments.

No posts to display