Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Dev Demonstrates CarrierIQ Phone Logging Software On Video

Posted by Soulskill on from the hand-in-cookie-jar dept.

Token_Internet_Girl writes with a followup to last week's news about Android developer Trevor Eckhart, who was researching software from CarrierIQ, installed on millions of cellphones, that secretly logged a variety of user information — from button presses to text message contents to browsing data. CarrierIQ tried to silence Eckhart, but later backtracked. Now, Eckhart has posted a video demonstration of CarrierIQ's logging software. From the article: "The company denies its software logs keystrokes. Eckhart’s 17-minute video clearly undercuts that claim. ... The video shows the software logging Eckhart's online search of 'hello world.' That's despite Eckhart using the HTTPS version of Google, which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google. ...the video shows the software logging each number as Eckhart fingers the dialer. 'Every button you press in the dialer before you call,' he says on the video, 'it already gets sent off to the IQ application.'"

8 of 322 comments (clear)

  1. Can't someone sue the carriers? by Anonymous Coward · · Score: 5, Insightful

    There is an asymmetry in the system as it works right now. Which private customers have the will, time, and money to sue companies that illegally wiretap their customers? Isn't there anything that can be done against this? (Of, I'm talking about action against CarrierIQ but about action against the carriers that use their software.)

    1. Re:Can't someone sue the carriers? by fsckmnky · · Score: 5, Insightful

      companies that illegally wiretap their customers

      Therein lies the rub. In order to use your cellphone/smartphone, you have to sign the carriers agreement, and in the carriers agreement, there is undoubtedly a clause where you give them permission to collect your data and use it as they see fit. This makes the data collection legal, not illegal, as you agreed to it.

      Nothing short of privacy regulation specifically forbidding carriers to use this information, or at the very least, allowing you to specify that you would like your data to remain private, will prevent this practice from being standard, as the monetary incentive is to collect the data. Corporations have an obligation to protect and grow shareholder value, no matter how many advertisements they run claiming "We care about our customers."

    2. Re:Can't someone sue the carriers? by Theophany · · Score: 5, Insightful

      A contractual agreement to something deemed illegal does not overrule the law.

      If a judge found the activity to be unlawful, which I suspect is where the core of the issue rests, then whether or not there was a contractual agreement is irrelevant. I see no reason for a carrier's data collection policy to include keylogging everything a customer does outside of extenuating circumstance (suspected terrorist or something).

    3. Re:Can't someone sue the carriers? by Goaway · · Score: 5, Insightful

      So, a third party had to make this spy app for the carriers because Google was not spying enough on users for their taste. And your conclusion is that Google is evil.

  2. Caught in a lie then. by Nursie · · Score: 5, Insightful

    That's just nasty. First try to silence the researcher, then try to deny what's going on when you've already been caught.

    The question is, will this have any effect? Will carriers stop shipping this stuff ? Will consumers care?

    My guess is no, they'll just try to hide it better in future.

  3. Re:Conspiracy theories aside... by Fri13 · · Score: 5, Insightful

    Seems like none of phones sold in EU comes with this preinstalled.

    Think about it. EU would rip every carrier, phone manufacturer and software company in pieces if such privacy abusing would rise.
    Not even any end user license would protect those companies at all.

  4. Credit card number exposure by SlashRAH · · Score: 5, Insightful

    When somebody installs a skimmer on an ATM or fuel pump, there are criminal penalties for (attempted) fraud. How is this software any different?

  5. Not PCI compliant by kooky45 · · Score: 5, Insightful

    I believe this rules out all Android devices with CarrerIQ agents from being used to handle payment card numbers. There's no obvious mention on CarrerIQ's website of PCI compliance or how they protect the user's data. It probably also contravenes SOX, HIPAA and and host of other industry regulations. Bye bye lots of commercial use of Android handsets, especially Blackberry.