Yikes Android peeps.

[SpaceGhost]

Over the last couple of days, there has been a significant amount of press over the findings of Trevor Eckhart who exposed the presence of extensive logging software found on many Android, BlackBerry and Nokia phones. A video showing the extent of the logging was posted and is summarized by PCWorld. The software is called "IQRD" by a company called Carrier IQ.:

After connecting his HTC device to his computer, Trevor found that IQRD is secretly logging every single button that he taps on the phone--even on the touchscreen number pad. IQRD is also shown to be logging text messages.

 

In the video, Eckhart shows that Carrier IQ is also logging Web searches. While this doesn't sound all that bad by itself, it suggests that Carrier IQ is logging what happens during an HTTPS connection which is supposed to be encrypted information. Additionally, it can do this over a Wi-Fi connection with no 3G, so even if your phone service is disconnected, IQRD still logs the information.

 

It doesn't seem entirely clear what information is transmitted and used, though the presence of the software itself has generated many privacy concerns. Eckhart noted in his original findings that on his Android HTC phone, there was no way to turn off logging. He also notes that the Carrier IQ application is embedded so deeply that it can't be fully removed without rebuilding the phone from source code. Forbes is suggesting that the company may have even violated wiretapping laws based on its actions. Carrier IQ maintains that its actions are aimed at device performance only.

 

Tonight iPhone developer @chpwn reported on Carrier IQ references in Apple's iOS as well, though its logging seems to be much more in line with Carrier IQ's official statements about device performance. (The references were first spotted by Intell on our own forums). Chpwn reports:

Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely.

 

The information logged for iOS seems limited to phone call activity and location (if Location Services are enabled). Also unlike the implementation found on Eckhart's HTC, iOS users can opt out of these diagnostics by simply going to Settings -> General -> About -> Diagnostics & Usage -> Don't Send. The actually logged diagnostic data appears to be fully accessible for perusal in that same setting menu.

 

TUAW describes the iOS findings as "probably benign" and consistent with expected network performance diagnostics.

 

http://www.macrumors.com/2011/12/01/carrier-iq-keylogging-software-found-on-many-mobile-phones/

[Not Brian]

http://s3.amazonaws.com/kym-assets/photos/images/original/000/154/912/berneydidnotread.gif?1318992465

[1fast5gp]

Rooted andriod users can remove carrier IQ. So basically, get a iphone or root your android.

[copperhead]

The carriers are sanctioning this. More reason to root and run android built from source code, which at least I have the choice to do

[CRed05]

Nexus phones don't have it, that includes the Xoom tablet.

[morabu]

ROOT YOUR PHONE!

then, you have the say as to what runs on YOUR shit.

No CIQ for me

[CRed05]

root and run android built from source code

 

Words in bold being the key.

[oh8sti]

why do i need to modify a phone to make it work?

[CRed05]

why do i need to modify a phone to make it work?

 

because iphone

[87GT]

why do i need to modify a phone to make it work?

 

WHY DO I NEED TO MODIFY A SUV TO GO FASTER ? :dumb:

[SpaceGhost]

This wasn't intended as a Knock against Android, just spreading the word.

[oh8sti]

Who is modifying an SUV to go faster?

[SpaceGhost]

In the wake of significant publicity about Carrier IQ, the mobile phone logging software that is able to transmit data back to carriers, Apple has now issued a statement to AllThingsD noting that the company stopped supporting Carrier IQ with iOS 5 on most of its products and that it will completely remove traces of the software in a future software update.

We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

 

Early evidence had suggested that Carrier IQ has been able to capture significantly more information, including keystrokes and other extremely sensitive information, on Android than on iOS.

 

 

Research into Carrier IQ's functionality on iOS has indicated that any transmission of information has been limited to phone call and location information, but Apple's statement today suggests that the company has even stopped using that information via Carrier IQ, although it does collect its own anonymized and encrypted information from devices unless users have turned off the diagnostics reporting functionality.

 

U.S. Senator Al Franken has requested that Carrier IQ explain just what information the software is recording and transmitting and how that information is shared with carriers and potentially other parties. Earlier this year, Franken spearheaded the government inquiry into location tracking concerns related to Apple's iOS and Google's Android platforms.

 

http://www.macrumors.com/2011/12/01/apple-stopped-supporting-carrier-iq-in-ios-5-complete-removal-coming-in-future/

[Mr. Jones]

Yup, not here either...

 

:dumb:

[copperhead]

http://www.macrumors.com/2011/12/01/apple-stopped-supporting-carrier-iq-in-ios-5-complete-removal-coming-in-future/

 

So apple is guilty of using it too, until everyone got caught. At least with android there are ways around it until the manufacturers do the right thing and remove it from future updates

[carl1647545492]

Thats why don't surf for pron on the phone,you can't pin that rubber fetish on me

[SpaceGhost]

So apple is guilty of using it too, until everyone got caught. At least with android there are ways around it until the manufacturers do the right thing and remove it from future updates

 

If you read it, on iOS it was not tracking anything near what it was tracking on Android phones. In fact I can turn it off completely in iOS settings, and now iOS will not even have it at all going forward. That thing was recording every singe keystroke on android.

 

After connecting his HTC device to his computer, Trevor found that IQRD is secretly logging every single button that he taps on the phone--even on the touchscreen number pad. IQRD is also shown to be logging text messages.

 

The information logged for iOS seems limited to phone call activity and location (if Location Services are enabled). Also unlike the implementation found on Eckhart's HTC, iOS users can opt out of these diagnostics by simply going to Settings -> General -> About -> Diagnostics & Usage -> Don't Send. The actually logged diagnostic data appears to be fully accessible for perusal in that same setting menu.

[V8 Beast]

Google is the devil!

[10phone2]

How about if your that worried about a phone tracking you then you shouldn't be doing whats causing your worries. As soon as phones got a GPS it was a no brainer that this would happen. Due to the "fight on terrorism", everything online and phones is tracable.

[87GT]

Android users

How To Check If You Have Carrier IQ, Without Rooting Your Handset

 

http://gizmodo.com/5864451/how-to-check-if-you-have-carrier-iq-without-rooting-your-handset

[87GT]

Who is modifying an SUV to go faster?

 

You have an SUV in your sig and it is not stock :gabe:

[jeffro]

http://www.computerworld.com/s/article/9222332/FAQ_Behind_the_Carrier_IQ_rootkit_controversy_?taxonomyId=84

 

Earlier this month, Trevor Eckhart, a 25-year-old security researcher from Connecticut published details of research he had done showing how Carrier IQ software can be easily tweaked to conduct surreptitious and highly intrusive tracking of Android, BlackBerry and other smartphone users.

 

bullshit, its already tweaked out of the box according to that youtube video. Someones trying to cover up.

[CRed05]

This shit always gets blown out so far out of proportion, I doubt this is any different.

 

Carrier IQ released a long statement about how this is all pretty much bullshit, they do not track any personal information. Which I can believe, why would any company give any shits about what you're texting? The amount of data that is being stored is so great that it just isn't worth it to them just to find that one text that you send that one time about how much you really want a blender for christmas, so that they can sell that information to Acme Blender Co.

 

Should that shit even be on there? Fuck no, but you have greedy carriers and manufacturers to blame for that. Google just keeps proving to me over and over that they are the "do no evil" company that they've build a reputation for being. Which is why you won't see any of this crap on they're Nexus devices.

 

Apple is trying to play the "well it's on there, but it's only tracking non-personal info", they're just as guilty/innocent as any of the other companies who allowed it to be on there.

[copperhead]

If you read it,.

 

why would I go and do a thing like that?

[SpaceGhost]

why would I go and do a thing like that?

 

Good point.