Slashdot Mirror

← Back to Stories (view on slashdot.org)

CarrierIQ: Most Phones Ship With "Rootkit"

Posted by Unknown on from the your-keystrokes-may-be-monitored-for-qa-purposes dept.

First time accepted submitter Kompressor writes "According to a developer on the XDA forums, TrevE, many Android, Nokia, and BlackBerry smartphones have software called Carrier IQ that allows your carrier full access into your handset, including keylogging, which apps have been run, URLs that have been loaded in the browser, etc." Since this was submitted, a few more details have come to light. The software was designed to give carriers useful feedback on aggregate usage patterns, but the software runs as root and the privacy implications are pretty severe.

6 of 447 comments (clear)

  1. Re:So by Rootkit · · Score: 5, Informative

    http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/ The bottom of this page has a section about detection including an app to detect hidden UIs.

  2. Re:Really? by Smallpond · · Score: 5, Informative

    " By entering this Agreement, you consent to our data collection, use and sharing practices described in our Privacy Policy available at verizon.com/privacy." -- from Verizon Customer Agreement

    That's why.

  3. Re:but but but... Apple by popoutman · · Score: 5, Informative

    EULAs are not contracts. They are a wishlist by the software writers, and such are part of an honour system. They are not legally binding in sane jurisdictions.

    --
    - This sig deliberately left blank. Nothing to see, move along.
  4. RMS was right by SigmundFloyd · · Score: 5, Informative

    Stallman doesn't sound so crazy now...

    --
    Knowledge is power; knowledge shared is power lost.
  5. Re:Doesn't Matter by gauauu · · Score: 5, Informative

    What Marcos said. Android is not "open source". It's "kinda sorta open to downstream proprietors, but not to end users", which is not open source at all.

    Well, it's not "free" according to GPLv3 (android devices can be Tivo'ised preventing you from running modified code), but anyone can download the android source and modify and rebuild it. If your device supports it (many do), you can run your modified code on your device. I'm not sure how you can say Android isn't open source, as that's pretty much the definition of open-source.

    Now you could argue that it's not "free" as defined by RMS and the FSF, and you'd have a decent argument. But claiming it's not open source is just incorrect.

  6. Re:but but but... Apple by Drakino · · Score: 5, Informative

    You mean the smartphone location fiasco where it was discovered that *gasp* AGPS caches data on phones, including Android, Blackberry, iPhone and WebOS? Yep. Typical internet echo chamber amplification that turned it into an attack point for fanboys who didn't actually do any research.

    Apple did have one legitimate bug in the situation. The cache was in a folder marked for backup to computers, due to it living in the same location as the settings file to toggle what apps can use location data. This was fixed, and the cache was reduced. I personally preferred the old cache time, since it meant my phone found my location when I wanted it to quicker. But they bowed to the pressure from the echo chamber anyhow.