Spyware on all Android phones using Carrier IQ software

  • Posted: 01 December 2011 04:28 AM

    This is breaking all over the internet tonight.  It’s damning.  Android customers are having their keystrokes recorded w/software installed at the root level of their phones.  It has the potential to seriously impact the Android platform once this goes viral among users.  Calling Al Franken:  It’s time you restart your congressional inquiry targeting the real offender to user privacy and security.

    Here are the sites covering the story tonight:

    [PED’s site was blocked here by this site—you know where to find him]

    http://www.tuaw.com/2011/11/30/carrier-iq-references-found-in-ios-5-probably-benign/

    http://gizmodo.com/5863849/your-android-phone-is-secretly-recording-everything-you-do

    http://www.macrumors.com/2011/12/01/carrier-iq-keylogging-software-found-on-many-mobile-phones/

         
  • Posted: 01 December 2011 04:39 AM #1

    I’m trying again to post PED’s piece now (inevitably?) dubbed “Carrier IQ-gate”

    No joy.  Why is CNN Money coming up as “blacklisted?”

         
  • Avatar

    Posted: 01 December 2011 05:33 AM #2

    Apple may still need to explain Carrier IQ on its own device, just because of the hyperscrutiny, but assuming this research pans out as true, that’s one of the problems of “open” right there - which we’ve discussed so many times and which apologists just dismiss or overlook.  “Open” to having third party apps layers, extensions, etc. loaded at the behest of carriers and hardware vendors even though the OS provider espouses “choice.”  Look, mobile OS competition is fine, but be honest about your product.  If you want to be truly “open” (free to install whatever you want), why is only the Nexus the “pure” Google phone?

    Signature

    The Summer of AAPL is here.  Enjoy it (responsibly) while it lasts.
    AFB Night Owl Team™
    Thanks, Steve.

         
  • Avatar

    Posted: 01 December 2011 08:55 AM #3

    Here is some info about Carrier IQ in iOS (thanks to Mav):
    Carrier IQ references discovered in Apple’s iOS

    But most interesting is the latest update:

    Update: chpwn notes that initial research indicated that Carrier IQ’s software may only be active when the iPhone is in diagnostic mode. In a blog post, chpwn confirms that, based on his initial testing, Apple has added some form of Carrier IQ software to all versions of iOS, including iOS 5. However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default. Finally, the local logs on iOS seem to store much less information than what has been seen on Android, limited to some call activity and location (if enabled), but not any text from the web browser, SMS, or anywhere else. We’ll let you know when more details arise.

    So it looks that there is no logging during normal iOS use!  grin

         
  • Posted: 01 December 2011 10:48 AM #4

    Bloomberg is reporting CarrierIQ as a security problem across ALL smart phones, not just Android.  If they were reporting honestly they would differentiate between Android and iOS.

         
  • Posted: 01 December 2011 10:59 AM #5

    Zeke - 01 December 2011 02:48 PM

    Bloomberg is reporting CarrierIQ as a security problem across ALL smart phones, not just Android.  If they were reporting honestly they would differentiate between Android and iOS.

    It’s less about honesty and more about laziness and superficiality, whether it’s Bloomberg or CNBC.  Soundbite TV.

         
  • Avatar

    Posted: 01 December 2011 02:44 PM #6

    The main difference is that CIQ cannot be disabled on Android phones and includes a key logger and can capture your passwords. 

    Furthermore, unlike Android, you can completely disable it by going into the “Diagnostics & Usage” and changing the setting from “Automatically Send” to “Don’t Send”.  Even better, according to the researchers, iOS does not send any personal information but only network related info (apparently only: your phone #, what carrier you’re on, and possibly your location or your current cell tower’s location).

    However, disabling it on iOS will also prevent your phone from sending App crash reports to Apple too.

    Signature

    Don’t anthropomorphize computers, they hate that.

         
  • Avatar

    Posted: 01 December 2011 04:28 PM #7

    Apple responds: 

    http://allthingsd.com/20111201/apple-we-stopped-supporting-carrieriq-with-ios-5

    Signature

    The Summer of AAPL is here.  Enjoy it (responsibly) while it lasts.
    AFB Night Owl Team™
    Thanks, Steve.

         
  • Avatar

    Posted: 01 December 2011 04:56 PM #8

    Specifically, here is the quote from Apple:

    We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

    Signature

    Don’t anthropomorphize computers, they hate that.

         
  • Posted: 01 December 2011 10:36 PM #9

    Today, Al Franken wrote a letter to Carrier IQ requesting an explanation.  This should put Google in the crosshairs of the U.S. Senate.

    http://www.appleinsider.com/articles/11/12/01/carrier_iq_data_logging_controversy_prompts_scrutiny_from_us_senate.html

         
  • Avatar

    Posted: 01 December 2011 10:59 PM #10

    Oh, don’t you worry.  Apple will be called in before Congress too. 

    Good thing Apple has a bunch of senior execs to designate to send to these hearings.  Paging Dr. Tribble!

    Signature

    The Summer of AAPL is here.  Enjoy it (responsibly) while it lasts.
    AFB Night Owl Team™
    Thanks, Steve.

         
  • Posted: 03 December 2011 10:51 AM #11

    Well Apple does have some minor involvement which is why they’re being sued along with Sprint and ATT. 

    How much functionality will Android devices lose when they’re forced to abandon it?  If negligible it looks like a major blunder.

         
  • Posted: 03 December 2011 11:45 AM #12

    AndrewLing - 03 December 2011 02:51 PM

    Well Apple does have some minor involvement which is why they’re being sued along with Sprint and ATT. 

    How much functionality will Android devices lose when they’re forced to abandon it?  If negligible it looks like a major blunder.

    The issue isn’t so much functionality but that CIQ would be very difficult to remove from the Android OS, far more so than iOS.

         
  • Avatar

    Posted: 03 December 2011 01:47 PM #13

    CIQ isn’t “installed” on iOS, but Apple reports diagnostics data to it via iOS code.

    Though technically it’s not on most current-gen 3G-enabled devices per Apple, and will soon be fully purged as of the next iOS update.  Also nice to hear that it was an opt-in as least as of iOS 5, which is as you’d expect from Apple.

    Signature

    The Summer of AAPL is here.  Enjoy it (responsibly) while it lasts.
    AFB Night Owl Team™
    Thanks, Steve.