“The Android developer who raised the ire of a mobile-phone monitoring company last week is on the attack again, producing a video of how the Carrier IQ software secretly installed on millions of mobile phones reports most everything a user does on a phone,” David Kravets reports for Wired.
“Though the software is installed on most modern Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until 25-year-old Trevor Eckhart of Connecticut analyzed its workings, revealing that the software secretly chronicles a user’s phone experience — ostensibly so carriers and phone manufacturers can do quality control,” Kravets reports. “But now he’s released a video actually showing the logging of text messages, encrypted web searches and, well, you name it.”
Kravets reports, “Eckhart labeled the software a ‘root kit,’ and the Mountain View, California-based software maker threatened him with legal action and huge money damages. The Electronic Frontier Foundation came to his side last week, and the company backed off on its threats. The company told Wired.com last week that Carrier IQ’s wares are for ‘gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.’ The company denies its software logs keystrokes. Eckhart’s 17-minute video clearly undercuts that claim.”
Read more in the full article here.
MacDailyNews Take: Steve Jobs wasn’t kidding.
[Thanks to MacDailyNews Readers “Judge Bork” and “Eugenio” for the heads up.]
Related article:
Steve Jobs on iOS location tracking: We don’t track anyone, but Droid does – April 25, 2011
Holy cow! Is nothing considered personal or private anymore!?
Privacy is a commodity
The answer to your question is: No, nothing is private if greedy, underhanded corporations can get away with stealing it to increase their profits. It’s bad enough that this is happening. Much worse is that such blatantly dishonest behavior is considered “business as usual”.
Where’s that Stuart Smalley guy when you need him?
He’s playing mumble tennis with Google’s shysters at Senate Subcommittee meetings. Definitely part of the problem.
http://themacadvocate.com/2011/11/30/knock-off-shartphone-sufferers-take-a-look-at-what-carrier-iq-knows-about-you/
Those bastards.
People are surprised? Remember that this is GOOGLE Android.
“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
– Eric Schmidt
Oddly, that is a really good guideline to live by, but I still don’t Big Biz to know about the things I do anyway.
No, it’s a LOUSY guideline.
Want an example? You wouldn’t want anybody to know you were helping to hide Jews, if you lived in Nazi Germany.
In that case, smart people won’t buy any of these phones.
I seem to remember Eric defending his statement to Steven Colbert, claiming he’d been joking. I didn’t believe him, though
http://www.businessinsider.com/google-quotes-that-could-come-back-to-haunt-the-company-2011-9#here-are-googles-stated-principles-1
And it logs IDs and passwords on httpS web pages and sends them to the carrier?!! Android users are SO totally pwned!!!
Has anyone said anything one way or another about iPhone?
Does iOS do this?
Steve Jobs said something about it;
“We don’t track anyone. The info circulating around is false.”
At least one researcher has found Carrier IQ references in iOS. Examining in greater depth, he found that it is much less pervasive than the version on other platforms. For example, it does not log keystrokes. Oh, and it is OFF by default. You have to turn it on in Settings > General > About > Diagnostics & Usage.
If iOS did this the Jail-break crowd would have told us by now.
If this were Apple doing it, It will be on the front page of every newspaper tomorrow. Law suits will be filed everywhere and Apple will be called the evil big brother!
Very well said–and sadly true !!
Google upto their usual tricks.
That company has no morals at all.
They certainly Winn the award for the business that is turning into the next Microsoft.
Even though Google allowed this software to be included in their Android OS installation packages, formally it is done by “independent” company.
Both Mountain View is the same place where Google is situated. Hardly Google actually does not know what this software is doing.
What do you expect? The spooks own a minority stake in google (via a shell company) and have a direct connection to all the data.
From their press release a couple of weeks ago:
“While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking
tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools.”
Going to be fun watching this play out! I think heads will roll.
Sadly, I doubt it. It will get swept under the rug because darling Google is involved.
Question that I would like answered. Why the heck is anyone using Android?
Open mean OPEN!
ALL smartphones are relaying data in one form or another, but what it comes down to is, whom do you trust?
I trust Apple and they’ve never violated that trust in the thirty-some-years I’ve been doing business with them.
I used to feel that way about HP, a long time ago. I’m still sort of upset about what they’ve become. By contrast, Microsoft has been squalid from the beginning.
“whom do you trust?”
Put your trust in His Immenseness, the Flying Spaghetti Monster and surely goodness will follow you until the end of your days.
that kid is pretty damn sharp, thanks Trevor, keep up the good work.
I don’t see what all the fuss is, ALL smartphones are relaying data in one form or another even Apple. You can’t escape Google even if u r not using an Android.They already knows everything about you and me and everybody’s behaviour on line. They are just collecting data like what they did with the web already. You guys are attacking this becoz it’s Google!!! They are not evil, they are just a company like Apple. Grow up, fanboys!
“I don’t see what all the fuss is”
Then you’re a complete idiot. Try reading the article again. And then keep reading it until you actually understand it.
Carrier IQ is logging things it isn’t at all supposed to be logging, like text messages, web searches, and keystrokes. The difference between it and a malware trojan is, well, nothing.
And the software company that makes it is lying through its teeth and saying that Carrier IQ merely “gathers information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life”, which Eckhart demonstrated to be false. e.g., it hardly needs to be logging your web searches to figure out where your phone calls are dropped.
Also, Apple does not allow this malware on iOS. So how exactly is Google “a company just like Apple”, again?
Yeah, I think somebody here is a fanboy, alright. Say hi to The Mole, for me.
THEY ARE LOGGING AND COLLECTING IDS AND PASSWORDS FROM HTTPS WEB PAGES, FOR GOD SAKES!!!!!!! What does it take to upset you?!!!
Well, if this were sooooo bad, tell me, why isn’t Engadget or Gizmodo reporting on this? Why is it only MacWhatEver Blogs thats keeps going on about it???
This is your witty retort? Really?
Android fanboys really are guzzling the kool-aid.
Plus, obviously they exhibit the writing abilities of 4th Graders. “Andi”- come out of your Mom’s basement once in a while to get some fresh air and clear your head, so that you can begin to think more clearly and make some sense…
To be fair (briefly), Carrier IQ isn’t a Google product. CIQ is a 3rd party that provides the means for others – in this case carriers – to have user information relayed to them under the guise of “improving service”.
That said, there’s ample blame to go around. Phone manufacturers like HTC customize the software so it can access the core of the Android OS, much like a rootkit, and provides the APIs that hook into other services. Google provides Android to manufacturers with no restrictions on doing this either, but they feel their “free and open” BS allows them to crap in a box and let the recipients (consumers) deal with the smell.
Apple does NOT do what Carrier IQ does, nor would they allow carriers to get away with implementing something as egregious as this because the *own* the OS. Educate yourself on the issue or get back under your bridge.
Google has woken up a bit to the problems.
Android 4 has new “android compatible” licensing verbage that will bar carriers from loading apps that can’t be removed and other restrictions.
@Andi & troll brigade
You’ll soon see what the fuss is about. This isn’t like the other fanboy stuff. This is Capitol Hill, Grand Jury stuff.
Guys, I’m usually one of the last people to defend Android, but I think this is bogus. Watch the video. It appears to just be showing the “USB debugging” log that he explicitly turned on. There’s no indication I noticed that the data is being sent anywhere. When you see “com.htc.android.blah.blah” – those are reverse-domain namespace indicators (like the com.apple.preview.plist preference files in your Preferences folder).
Basically, the video appears (to me) to prove that turning on USB Debugging on his phone turns on USB debugging. Did anyone notice any part of the video that shows any evidence that any personal data is sent anywhere other than via his USB cable to a log (that he explicitly had to ask for)?
If the information collected wasn’t being sent to the carriers (and whoever else is listening or can hack in) it wouldn’t be of any use, would it? Obviously, what is being collected is being sent, else why collect it? One of the data sets being collect is entries on an https web page, which has to include login IDs and PASSWORDS!
He’s using the debug log to monitor what is being collected and SENT, is what I heard on the video.
Nice revealing article posted to Forbes today (11/30) under security by Andy Greenberg. CarrierIQ may have violated wiretap law in millions of cases. Probably do not have U.S. Government top secret security clearance either. Nice little FCC/DOJ project shaping up as the carriers’ had to knowingly build this root kit into their Android releases. One of CarrierIQ affiliated companies is Huawei Technologies – part of the Chinese government. More on privco dot com.
Just verified that my friend’s T-mobile Galaxy SII Android 2.3.5
does not have any apparent CarrierIQ code running. Same is true on a recycled Vibrant with Cyanogenmod 7.1 (2.3.7) running without carrier bloat. Glad I have the iPhone.
I don’t use any of the above referenced OSes. But it is still disturbing. It means that information shared via email on a Blackberry between an attorney and her client is logged. So much for confidentiality.
This highlights the differences (and different motivations) between Apple and Google.
Apple profits mostly from selling hardware products. Apple highest motivation is giving customers (people who buy the hardware) the best possible user experience, so that they will continue to be customers. Apple’s motivations and its customers’ motivations are mostly aligned.
Google profits mostly from selling information-related services, such as advertising. Android users are NOT Google’s customers. People who use Google’s online services are NOT Googles customers. Google’s customers are the advertisers, and whoever pays for the user information Google collects. They pay the bills to keep the lights on at Google HQ. And Google’s users are the “commodity” that is being sold.
you should read all the hypocritical apologia being drummed by the Fandroids around the web for this outrage. talk about a Stockholm Syndrome.
Why isn’t this story on Engadget or Gizmodo? Why isn’t this on the mainstream news? It’s shocking.
I smell the mother and father of all class action suits approaching.
Bwaaaaaaa-ha-ha-ha!
I keep telling people to buy whatever they want as it makes no difference to me what they use, but I do also warn them that Android is total piece of shit.
Android is controlled by the carriers, who pull shit like installing root kits.
Oddly, the only one who may escape the legal reaming sure to come is Google. Google can say that Android is not supplied with this CIQ malware; rather, it was installed by the telco.
Not the Droid world’s only security disaster this week…
http://arstechnica.com/tech-policy/news/2011/11/researchers-find-big-leaks-in-pre-installed-android-apps.ars
Actually it maybe the same issue. The manufactures would have to leave the barn door open for CIQ to work. The real worry should be if CIQ can access this info then any malicious software could too. And with google not vetting the software on their app store that is going to happen.