Android, Symbian, and BlackBerry handsets secretly record everything you do.
Locationgate looks like Apple tried to sneak a few gummy bears from the candy section at the supermarket compared to this. Fast forward to the nine minute mark in the video above for what Gizmodo calls “the damning sequence.”
The culprit is a piece of software called Carrier IQ. It lurks in the deep recesses of nearly every modern Android, Symbian, and BlackBerry phone and literally records everything you do. The program even circumvents web encryption to grab passwords and Google queries. Manufacturers and carriers are the ones installing this software and using this data to provide “a better user experience.” With no way to opt-out this is essentially forced surveillance.
The video above, recorded by 25-year-old Android developer Trevor Eckhart, displays where Carrier IQ lurks and information it gathers. The company who develops the spyware describes it as “the only embedded analytics company to support millions of devices simultaneously, we give wireless Carriers and Handset Manufacturers unprecedented insight into their customers’ mobile experience.”
Users google queries, passwords, location, and access to their bank accounts would presumably qualify as “unprecedented insight.”
The software is installed on nearly every Android phone as well as Blackberry and Nokia (Symbian) smartphones. Whether the phone is purchased on contract or off contract is irrelevant, Carrier IQ’s software is there. Users are never notified in any fashion that Carrier IQ is running let alone asked to opt-in or opt-out. It’s installed in your Android phone at the deepest level, recording everything you do and operating under a cloak of invisibility.
Carrier IQ has issued a statement denying the accusations stating “While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools.”
The video clearly shows this is not true. Keystrokes submit unique key codes to Carrier iQ allowing them to identify what you are doing on the phone. User’s actions on the web are encrypted, but Carrier IQ sits between the browser and the user so everything the user does Carrier IQ Grabs and submits in plain text. Carrier IQ even ignores requests by the user to disallow applications from knowing the user's location logging the user’s location anyway. User's incoming text messages are actually logged by Carrier IQ before the user receives them. Information over HTTPS while browsing isn't even safe.
There is no easy way to remove the spyware, no notification that is running and 99.9% of cell phone users don’t possess the programming skills to deactivate it. Eckhart, a developer, even finds the spyware difficult to remove. Eckhart asks “Why is this no opt-in and why is it so hard to fully remove?”
This is a question Carrier IQ, every carrier, and every handset manufacturer need to answer immediately. They should have answered it yesterday by never installing the spyware. This is illegal. A violation of Android, Symbian and BlackBerry users’ rights and a gigantic black eye for carriers and Android handset manufacturers everywhere. Many outside the iOS community scoffed at Apple’s Locationgate scandal, and many manufacturers and carriers took action with their own phones to disable “location tracking.” Either that was a bold-faced lie, or carriers and handset makers operate their companies with both eyes closed and hands over their ears.
While this doesn’t affect iDevice users directly, the fact something like this could go on for so long unabated is disgusting. Expect more on this soon.
The Story has been updated to emphasize the fact the Carrier IQ software is not solely installed on Android. The article mentioned this, but needed to be more clearly stated. Also, this isn't just an Android, Symbian or BlackBerry issue, it is a carrier issue. Regardless of whether you use an iPhone, Android handset, BlackBerry or Nokia phone everyone subscribes to the same large carriers. Don't think for a second these same people didn't try to negotiate with Apple to get the Carrier IQ Spyware on your iPhone. To assume otherwise is naive.
This is an issue of consumer privacy and violation of trust and applicable law. It extends far beyond whatever fanboyish boundaries iOS, Android and others love to erect. At best this is a woefully negligant oversite by an enormous number of people and at worst its a conscious effort between carriers, handset manufacturers and Carrier IQ to deceive their consumers.
As always your feedback and discussion is welcome and appreciated. Without it violations of consumer rights would go unchanged.
, Threat Level
, Android Security Test