• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Carrier IQ Android, Symbian and BlackBerry Spyware Records Everything Users Do, No Easy Way to Disable


    Android, Symbian, and BlackBerry handsets secretly record everything you do.

    Locationgate looks like Apple tried to sneak a few gummy bears from the candy section at the supermarket compared to this. Fast forward to the nine minute mark in the video above for what Gizmodo calls “the damning sequence.”

    The culprit is a piece of software called Carrier IQ. It lurks in the deep recesses of nearly every modern Android, Symbian, and BlackBerry phone and literally records everything you do. The program even circumvents web encryption to grab passwords and Google queries. Manufacturers and carriers are the ones installing this software and using this data to provide “a better user experience.” With no way to opt-out this is essentially forced surveillance.

    The video above, recorded by 25-year-old Android developer Trevor Eckhart, displays where Carrier IQ lurks and information it gathers. The company who develops the spyware describes it as “the only embedded analytics company to support millions of devices simultaneously, we give wireless Carriers and Handset Manufacturers unprecedented insight into their customers’ mobile experience.”

    Users google queries, passwords, location, and access to their bank accounts would presumably qualify as “unprecedented insight.”

    The software is installed on nearly every Android phone as well as Blackberry and Nokia (Symbian) smartphones. Whether the phone is purchased on contract or off contract is irrelevant, Carrier IQ’s software is there. Users are never notified in any fashion that Carrier IQ is running let alone asked to opt-in or opt-out. It’s installed in your Android phone at the deepest level, recording everything you do and operating under a cloak of invisibility.

    Carrier IQ has issued a statement denying the accusations stating “While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools.”

    The video clearly shows this is not true. Keystrokes submit unique key codes to Carrier iQ allowing them to identify what you are doing on the phone. User’s actions on the web are encrypted, but Carrier IQ sits between the browser and the user so everything the user does Carrier IQ Grabs and submits in plain text. Carrier IQ even ignores requests by the user to disallow applications from knowing the user's location logging the user’s location anyway. User's incoming text messages are actually logged by Carrier IQ before the user receives them. Information over HTTPS while browsing isn't even safe.



    There is no easy way to remove the spyware, no notification that is running and 99.9% of cell phone users don’t possess the programming skills to deactivate it. Eckhart, a developer, even finds the spyware difficult to remove. Eckhart asks “Why is this no opt-in and why is it so hard to fully remove?”

    This is a question Carrier IQ, every carrier, and every handset manufacturer need to answer immediately. They should have answered it yesterday by never installing the spyware. This is illegal. A violation of Android, Symbian and BlackBerry users’ rights and a gigantic black eye for carriers and Android handset manufacturers everywhere. Many outside the iOS community scoffed at Apple’s Locationgate scandal, and many manufacturers and carriers took action with their own phones to disable “location tracking.” Either that was a bold-faced lie, or carriers and handset makers operate their companies with both eyes closed and hands over their ears.

    While this doesn’t affect iDevice users directly, the fact something like this could go on for so long unabated is disgusting. Expect more on this soon.

    *Update*
    The Story has been updated to emphasize the fact the Carrier IQ software is not solely installed on Android. The article mentioned this, but needed to be more clearly stated. Also, this isn't just an Android, Symbian or BlackBerry issue, it is a carrier issue. Regardless of whether you use an iPhone, Android handset, BlackBerry or Nokia phone everyone subscribes to the same large carriers. Don't think for a second these same people didn't try to negotiate with Apple to get the Carrier IQ Spyware on your iPhone. To assume otherwise is naive.

    This is an issue of consumer privacy and violation of trust and applicable law. It extends far beyond whatever fanboyish boundaries iOS, Android and others love to erect. At best this is a woefully negligant oversite by an enormous number of people and at worst its a conscious effort between carriers, handset manufacturers and Carrier IQ to deceive their consumers.

    As always your feedback and discussion is welcome and appreciated. Without it violations of consumer rights would go unchanged.


    Source: Gizmodo, Threat Level, Android Security Test
    This article was originally published in forum thread: Carrier IQ Android Spyware Records Everything Android Users Do, No Way to Disable started by Phillip Swanson View original post
    Comments 40 Comments
    1. smooth22's Avatar
      smooth22 -
      Yes i hear the govenment are using our devices to spy on us, by using the microphones in our phones and cameras as well besides txt, and phone calls.
    1. Slim J's Avatar
      Slim J -
      I found a strange named app on my Samsung Transform (it's a Sprint Android). It's called keytracer.apk. I found it comes with my phone because I examined an official update for my phone. Since I have a rooted phone, I deleted the file and my phone seems to run a little bit faster (and safer). I don't like this because it invades on privacy and it is illegal. I say that they need to do something about this.
    1. travis_t80's Avatar
      travis_t80 -
      Yep, here is a screenshot of my new HTC Vivid, using logcat and sure enough, I see it...... Thanks for bringing this to attention!
    1. wolverinemarky's Avatar
      wolverinemarky -
      Take that android not only do they know where u are at all times but they know every keystroke and can read your text messages even before you receive them wow
    1. Zokunei's Avatar
      Zokunei -
      SMS going through your carrier's servers is something to be worried about? As far as I know your carrier gets these on non-smartphones.
    1. Cer0's Avatar
      Cer0 -
      Quote Originally Posted by Zokunei View Post
      SMS going through your carrier's servers is something to be worried about? As far as I know your carrier gets these on non-smartphones.
      Think it is more of a third party company tracking every single tiny thing you do; every keystroke.
    1. Orby's Avatar
      Orby -
      I'd also like to add this Carrier IQ software is present on iPhones (since 3.1) as well. However, it appears to track less information...

      Twitter / Grant Paul: (As pointed out to me by [ ...
      Twitter / Grant Paul: It appears Carrier IQ /is/ ...
    1. Zokunei's Avatar
      Zokunei -
      Quote Originally Posted by Cer0 View Post
      Think it is more of a third party company tracking every single tiny thing you do; every keystroke.
      I agree with all that I was just wondering why SMS was a big deal. Although it is sent to the manufacturers so that is something to worry about.

      Quote Originally Posted by Orby View Post
      I'd also like to add this Carrier IQ software is present on iPhones (since 3.1) as well. However, it appears to track less information...

      Twitter / Grant Paul: (As pointed out to me by [ ...
      Twitter / Grant Paul: It appears Carrier IQ /is/ ...
      Not iOS 5.0.1. A Terminal 'locate' reveals nothing for iq, IQ, iQ, or Iq (except for irrelevant parts of other words). The closest thing is the "Diagnostics and usage" that can now be viewed in Settings > General > About > Diagnostics and usage, which sends no keystrokes or stuff that was of concern in this video. It only sends data when apps crash.
    1. Orby's Avatar
      Orby -
      Quote Originally Posted by Zokunei View Post
      I agree with all that I was just wondering why SMS was a big deal. Although it is sent to the manufacturers so that is something to worry about.
      SMS/MMS communications are generally protected by the Wiretap Act (Title III of the Omnibus Crime Control and Safe Streets Act of 1968, 18 U.S.C. §§ 2510-2522) insofar as the carrier has no right to intercept or read the communications outside of ensuring integrity of their communications service (and it gets a whole lot messier with the PATRIOT Act and the required disclosures, but that's another story).

      This is a third party grabbing the contents of the communications... as in neither the sender or recipient of the message nor the carrier transmitting the communication. There is a reasonable expectation of privacy that the communication will only be read by its intended recipient. It's a pretty big deal, IMO.

      Quote Originally Posted by Zokunei View Post
      Not iOS 5.0.1. A Terminal 'locate' reveals nothing for iq, IQ, iQ, or Iq (except for irrelevant parts of other words). The closest thing is the "Diagnostics and usage" that can now be viewed in Settings > General > About > Diagnostics and usage, which sends no keystrokes or stuff that was of concern in this video. It only sends data when apps crash.
      The binary has been renamed to "awd_ice" according to chpwn (see second linked tweet earlier).
    1. Zokunei's Avatar
      Zokunei -
      Quote Originally Posted by Orby View Post
      SMS/MMS communications are generally protected by the Wiretap Act (Title III of the Omnibus Crime Control and Safe Streets Act of 1968, 18 U.S.C. §§ 2510-2522) insofar as the carrier has no right to intercept or read the communications outside of ensuring integrity of their communications service (and it gets a whole lot messier with the PATRIOT Act and the required disclosures, but that's another story).

      This is a third party grabbing the contents of the communications... as in neither the sender or recipient of the message nor the carrier transmitting the communication. There is a reasonable expectation of privacy that the communication will only be read by its intended recipient. It's a pretty big deal, IMO.
      Cool. That's how it should be.

      No awd_ice on iPods at least. I'm glad Apple isn't obsessed.

      Now watch something like this be on dumb phones.
    1. j.eck.art.3d's Avatar
      j.eck.art.3d -
      Quote Originally Posted by rel1215 View Post
      considering the fact that apple has never let carriers load up their phones w/ crapware, i'd say that google and its manufacturing partners do have something to do with this. android is a HUGE part of the smartphone market. with that comes a ton of power, and they don't use any of that power EVER to keep this crap off their devices and out of customers lives.
      Actually, according to Chpwn, a VERY reliable source IMO. iOS had Carrier IQ in it all the way through at least 3.1. Here is his tweet: https://twitter.com/chpwn/status/142047833648922625
      So, yeah... Apple is just as guilty. And don't fool yourself, I am sure apple didn't remove it from subsequent releases because they all of a sudden had a change of heart and felt it was wrong to track EVERYTHING their customers do. With Apple's track record, they probably wanted to stop sharing the info with/paying for the licensing of Carrier IQ and developed their own proprietary "crapware" that perhaps people haven't found *yet* all in the name of making even more money in an even more closed OS.

      EDIT: apparently, Carrier IQ *is* still in iOS (at least through 5.0). According to Chpwn it *appears* to be a stripped down, less intrusive version of it though. Read his full write up here: http://t.co/u80iPlwr
    1. sziklassy's Avatar
      sziklassy -
      Another reason to run custom Android installations.
    1. duromega's Avatar
      duromega -
      Quote Originally Posted by Cellular View Post
      Lol people think apple doesn't do this. Every company does this it's called data mining...even though android does it illegally apple just makes you press "i agree" lol

      User: what I am not going to let you chop off my b**ls!

      Apple: you agreed!
      I saw something like this in a south park episode LMAO
    1. Atari800's Avatar
      Atari800 -
      If you read the chpwn articles, apple did have this but stripped down . It was/is more of the debug routine (enable/disable in settings).
      This as debug routine (and controllable) makes sense. Info going to 3rd party company does not.

      I wonder if adding this to your phones /etc/host file would stop it?
      127.0.0.1 carrieriq.com

      It won't stop it collecting but prevent it from sending
    1. Colby21's Avatar
      Colby21 -
      Quote Originally Posted by rel1215 View Post
      considering the fact that apple has never let carriers load up their phones w/ crapware, i'd say that google and its manufacturing partners do have something to do with this. android is a HUGE part of the smartphone market. with that comes a ton of power, and they don't use any of that power EVER to keep this crap off their devices and out of customers lives.

      Here's a quote from chpwn, the person responsible for finding this "crapware" in apple's phones... which you claim to be factual information that they didn't do that... (wonder where you got your facts from buddy..)

      "...the blame here really belongs with the US carriers who obviously demanded this."

      so stfu.
    1. PatrickGSR94's Avatar
      PatrickGSR94 -
      Makes me glad I don't have an Android or RIM phone!
    1. jOnGarrett's Avatar
      jOnGarrett -
      Quote Originally Posted by BenderRodriguez View Post
      So this is all about Androids and not Apple products at all?

      Yes I read the article
      its ON the iPhone too. Carrier IQ Shows Up In iOS But Isn't Quite As Nasty As It Is On Android And Other Smartphones | Redmond Pie. Chpwn has discovered it.
    1. PatrickGSR94's Avatar
      PatrickGSR94 -
      Yeah it's only used on the iPhone when it's in diagnostic mode, which is off by default. And even when it's on, it's only logging technical data for diagnostic purposes.
    1. dsg's Avatar
      dsg -
      I've found some more information here
    1. jOnGarrett's Avatar
      jOnGarrett -
      Quote Originally Posted by Anthony Bouchard View Post
      Android in trouble? ..HUH WHERE?! *Puts on Speedos*

      I much prefer the applications that are preloaded onto my iPhone much more than what I read about in this article.
      Carrier IQ is on your iphone too. enjoy.