Video shows secret software on millions of Android, BlackBerry, and Nokia phones logging everything you do

“The Android developer who raised the ire of a mobile-phone monitoring company last week is on the attack again, producing a video of how the Carrier IQ software secretly installed on millions of mobile phones reports most everything a user does on a phone,” David Kravets reports for Wired.

“Though the software is installed on most modern Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until 25-year-old Trevor Eckhart of Connecticut analyzed its workings, revealing that the software secretly chronicles a user’s phone experience — ostensibly so carriers and phone manufacturers can do quality control,” Kravets reports. “But now he’s released a video actually showing the logging of text messages, encrypted web searches and, well, you name it.”

Kravets reports, “Eckhart labeled the software a ‘root kit,’ and the Mountain View, California-based software maker threatened him with legal action and huge money damages. The Electronic Frontier Foundation came to his side last week, and the company backed off on its threats. The company told Wired.com last week that Carrier IQ’s wares are for ‘gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.’ The company denies its software logs keystrokes. Eckhart’s 17-minute video clearly undercuts that claim.”

Read more in the full article here.

MacDailyNews Take: Steve Jobs wasn’t kidding.

[Thanks to MacDailyNews Readers “Judge Bork” and “Eugenio” for the heads up.]

Related article:
Steve Jobs on iOS location tracking: We don’t track anyone, but Droid does – April 25, 2011

51 Comments

    1. The answer to your question is: No, nothing is private if greedy, underhanded corporations can get away with stealing it to increase their profits. It’s bad enough that this is happening. Much worse is that such blatantly dishonest behavior is considered “business as usual”.

    1. At least one researcher has found Carrier IQ references in iOS. Examining in greater depth, he found that it is much less pervasive than the version on other platforms. For example, it does not log keystrokes. Oh, and it is OFF by default. You have to turn it on in Settings > General > About > Diagnostics & Usage.

    1. Even though Google allowed this software to be included in their Android OS installation packages, formally it is done by “independent” company.

      Both Mountain View is the same place where Google is situated. Hardly Google actually does not know what this software is doing.

  1. From their press release a couple of weeks ago:
    “While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking
    tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools.”
    Going to be fun watching this play out! I think heads will roll.

  2. ALL smartphones are relaying data in one form or another, but what it comes down to is, whom do you trust?

    I trust Apple and they’ve never violated that trust in the thirty-some-years I’ve been doing business with them.

  3. I don’t see what all the fuss is, ALL smartphones are relaying data in one form or another even Apple. You can’t escape Google even if u r not using an Android.They already knows everything about you and me and everybody’s behaviour on line. They are just collecting data like what they did with the web already. You guys are attacking this becoz it’s Google!!! They are not evil, they are just a company like Apple. Grow up, fanboys!

    1. “I don’t see what all the fuss is”

      Then you’re a complete idiot. Try reading the article again. And then keep reading it until you actually understand it.

      Carrier IQ is logging things it isn’t at all supposed to be logging, like text messages, web searches, and keystrokes. The difference between it and a malware trojan is, well, nothing.

      And the software company that makes it is lying through its teeth and saying that Carrier IQ merely “gathers information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life”, which Eckhart demonstrated to be false. e.g., it hardly needs to be logging your web searches to figure out where your phone calls are dropped.

      Also, Apple does not allow this malware on iOS. So how exactly is Google “a company just like Apple”, again?

      Yeah, I think somebody here is a fanboy, alright. Say hi to The Mole, for me.

        1. Plus, obviously they exhibit the writing abilities of 4th Graders. “Andi”- come out of your Mom’s basement once in a while to get some fresh air and clear your head, so that you can begin to think more clearly and make some sense…

    2. To be fair (briefly), Carrier IQ isn’t a Google product. CIQ is a 3rd party that provides the means for others – in this case carriers – to have user information relayed to them under the guise of “improving service”.

      That said, there’s ample blame to go around. Phone manufacturers like HTC customize the software so it can access the core of the Android OS, much like a rootkit, and provides the APIs that hook into other services. Google provides Android to manufacturers with no restrictions on doing this either, but they feel their “free and open” BS allows them to crap in a box and let the recipients (consumers) deal with the smell.

      Apple does NOT do what Carrier IQ does, nor would they allow carriers to get away with implementing something as egregious as this because the *own* the OS. Educate yourself on the issue or get back under your bridge.

      1. Google has woken up a bit to the problems.

        Android 4 has new “android compatible” licensing verbage that will bar carriers from loading apps that can’t be removed and other restrictions.

  4. Guys, I’m usually one of the last people to defend Android, but I think this is bogus. Watch the video. It appears to just be showing the “USB debugging” log that he explicitly turned on. There’s no indication I noticed that the data is being sent anywhere. When you see “com.htc.android.blah.blah” – those are reverse-domain namespace indicators (like the com.apple.preview.plist preference files in your Preferences folder).
    Basically, the video appears (to me) to prove that turning on USB Debugging on his phone turns on USB debugging. Did anyone notice any part of the video that shows any evidence that any personal data is sent anywhere other than via his USB cable to a log (that he explicitly had to ask for)?

    1. If the information collected wasn’t being sent to the carriers (and whoever else is listening or can hack in) it wouldn’t be of any use, would it? Obviously, what is being collected is being sent, else why collect it? One of the data sets being collect is entries on an https web page, which has to include login IDs and PASSWORDS!

      He’s using the debug log to monitor what is being collected and SENT, is what I heard on the video.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.