Secret Data and Keystroke-Logging Software Revealed on Millions of Smartphones
- Posted on November 30, 2011 at 12:42pm by
Liz Klimas
- Print »
- Email »
Most of us don’t know exactly what software is installed on our phones when we purchase them. All that seems to matter is that it works. But when Android developer Trevor Eckhart found software installed on many popular mobile devices that logs every single one of your keystrokes — phone numbers dialed, text messages, encrypted web searches, etc. — people started to listen.
Last week, Wired reported that Eckhart had found a program called Carrier IQ installed rather secretly on smartphones; its a program that can track almost anything happening on your mobile phone. Carrier IQ threatened Eckhart, who had posted research and manuals on his website, saying he was in breach of copyright law and could face financial charges. But Eckhart didn’t back down.
In fact, Eckhart has released a new video and research showing Carrier IQ at work on a phone, according to Wired. The company’s website says the program is used to give “manufacturer’s unprecedented insight into their customer’s mobile experience.” Wired states that Carrier IQ said the software is used to gather “information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life” — not logging keystrokes.
But Eckhart‘s demonstration shows otherwise:
Now, as Eckhart notes in the video, his demonstration is shown on an HTC phone but he mentions he’s seen such software on other phones like Android, Blackberry, Nokia and more. Eckhart describes the software on his website as a “rootkit“ that is ”enabling someone continued privileged access to our computers“ and is ”hidden in nearly every part of our phones.”
Here's how Carrier IQ works according to the company website. (Image: Carrier IQ)
Wired and Eckhart are unsure of how this software is covered under a privacy policy.
“If HTC’s privacy policy doesn’t cover the information collected by Carrier IQ, it’s unclear whose privacy policy does,” Eckhart wrote on his website. “Carrier IQ has a minimal privacy policy (http://carrieriq.com/company/
Eckhart writes, “An application should never be this hard to fully remove for security reasons — especially out of contract — when it serves no good purpose for the user, and its use should be opt-in ONLY.”
Last week, Wired reported that the Electronic Frontier Foundation came to Eckhart‘s rescue when he was threatened with legal action by Carrier IQ:
“I’m mirroring the stuff so other people are able to read this and verify my research,” he said. “I’m just a little guy. I’m not doing anything malicious.”
The company is demanding Eckhart retract (.pdf) his “rootkit” characterization of the software, which is employed by most major carriers, Eckhart said.
The EFF says Eckhart’s posting of the files is protected by fair use under the Copyright Act for criticism, commentary, news reporting and research, and that all of Carrier IQ’s claims and demands are “baseless.” (.pdf)
[...]
Marcia Hofmann, an EFF senior staff attorney, said the civil rights group has concluded that “Carrier IQ’s real goal is to suppress Eckhart’s research and prevent others from verifying his findings.”
Wired had the opportunity to interview Carrier IQ’s marketing manager Andrew Coward who said the company should have control of distributing materials. Coward did acknowledge that if they wanted to look at text messages the probably could, but that wasn’t the point of the program, which is designed for metric analysis.
Afterward, Carrier IQ released a message of apology to Eckhart, CNET reported:
“Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart,” the company said in response to the EFF’s letter. “We sincerely appreciate and respect EFF’s work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.”
It did use this apology as another opportunity to say that the company does not use the software to record keystrokes, provide tracking tools, inspect or report content of communications, or provide real-time data to any customer.
Sprint admitted to CNET that it was a Carrier IQ customer but sides with the software company in that it doesn’t use the data to spy on customers but to “understand device performance.”
Popular Stories
Paper Details Obama Admin’s Alleged Secret Note Sent to Iran: If Israel Attacks, We Won’t Get Involved 584 Comments
‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 413 Comments
This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 411 Comments
Roseanne Barr: Most Billionaires ‘Violent Pedophiles’ & ‘Heartless’ Cocaine Addicts 374 Comments
President Obama Issues Major ‘Green Energy’ Executive Order 368 Comments
Faith
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 411 Comments
Pakistani Muslim Cleric Accused of Framing Disabled Christian Girl in Koran-Burning Case Read More- ‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 413 Comments
Meet the Controversial German Imam Accused of Brutally Beating His Wife & Pushing Sharia Law Read More
‘Self-Proclaimed Messiah’ & Unification Church Leader the Rev. Sun Myung Moon Has Died — Here’s His Life Story Read More
Business
- President Obama Issues Major ‘Green Energy’ Executive Order 368 Comments
- Germany’s Upcoming Court Ruling Will be Huge for the EU Read More
Ford Looks to Beat Toyota for Best-Selling Car in 2012 With This Model 151 Comments
Bernanke & QE3: Here’s What You Need to Know Read More- ‘Extortion’: Why Did the Labor Department ‘Drop the Hammer’ on Oregon Farmers? 302 Comments
Technology
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 411 Comments
‘TaserDrone’: Hackers Weaponize Quadcopter With Actual ‘Shocking’ Technology Read More
Ever Heard of the Wild ‘Burning Man’ Festival in the Middle of the Nev. Desert? Here’s Your Primer Read More
Stanford Develops Technology ‘Better Than Steroids’ for Athlete Recovery Read More
Have You Pretended to Know What ‘the Cloud’ Is? You’re Not Alone Read More
Submitting your tip... please wait!
Comments (102)
Wiseone1w
Posted on November 30, 2011 at 1:36pmI looked at the removal options. If you remove the software, you void the warranty on your phone. I guess the adage, “if you don‘t want it broadcast on the five o’clock news don’t do it on your computer” needs to be amended to include your phone.
Report Post »GhostOfJefferson
Posted on November 30, 2011 at 2:03pmThere’s nothing wrong with voiding the warranty. If you’re adept enough to remove the OS and replace it on a cell/texter, you don’t need some 18 year old “Geek Squad” kid to fix your phone in the first place, hence, who needs a warranty in that situation?
I routinely void the warranties on all of my things, usually within minutes of legally owning them. It’s the only way to fly. :)
Report Post »Who would Jesus bomb?
Posted on November 30, 2011 at 3:44pmYes, it‘s like the stupid piece of tape on old pos gateway computers that if it’s broken it voids the warranty. Too bad if you want to upgrade the RAM or pop a NIC in it. I usually could get the thing open without breaking the tape, not that I was too worried about it.
Report Post »KevINtampa
Posted on November 30, 2011 at 4:19pmI voided my warranty within a month of getting my EVO 4g. Custom ROMs rule, especially the ones you build yourself.
I gotta believe that this data is being farmed like one would not believe; fusion centers nw make even MORE sense.
Report Post »turkey13
Posted on November 30, 2011 at 4:44pmI don‘t have to worry since I don’t have a smart phone and no one wants to check out my slow dial up computer. What everyone should be worried about is Congress stopping it’s members from using inside info to get rich. Can you imagine all the empty seats if they do this. Only an idiot would spend 50 million $$$ to run for an office that just pays $120,000.00 a year. The fringe benefits are why people run. If they stop them we will have only a few people after 2 elections.
Report Post »next1776
Posted on November 30, 2011 at 11:38pmWith a little research and brilliant work by some android developers, all of the manufacturer and carrier “spyware” can be removed. Fortunately with android being an open OS, the smart guys can get in and help you make your device, “yours” again. Simple procedure. All of the carriers and manufacturers track this stuff, so switching around really does no good. Just make sure you get a device you can manipulate, and its not an apple by the way…
Report Post »The Truth Will Set You Free
Posted on December 1, 2011 at 12:59pmIt is on iOS devices too!
Report Post »http://9to5mac.com/2011/12/01/carrier-iq-is-on-some-ios-devices-but-doesnt-appear-as-nefarious-as-other-on-platforms/
term limits for congress
Posted on December 1, 2011 at 1:28pmI have the same phone/mobile device/operating system shown in the video. I do not have these two CIQ applications.
My phone is with AT&T (as opposed to Sprint, which is shown in the video).
Or, maybe I just can’t see them because they are now really, really stealth. Hmmm…
Report Post »LLATPOH
Posted on November 30, 2011 at 1:32pmComms 101, kids. Any information you transmit can be collected by a party that may or may not be the intended recipient.
That’s not a sign of the times. That has been and always will be one of the primary rules of communication.
Report Post »GhostOfJefferson
Posted on November 30, 2011 at 1:58pmVery true. We can spend the live long day debating what should and should not be on devices we voluntarily buy and use, without the slightest *inkling* of how it works, but the bottom line is, don’t trust others to ensure your own privacy. That’s just the bottom line of it all. Shoulda woulda coulda doesn’t get you squat.
Report Post »Freedomtothink
Posted on November 30, 2011 at 1:31pmWhatever happened to the idea of having a phone to call and talk to people? The more fancy crap they put on our phones the more they can control our daily lives. People are becoming so dependent on their phones and clouds that they won’t be able to function on a day-to-day basis without them.
Report Post »smokeyridgerunner
Posted on November 30, 2011 at 1:55pmSprint this the company to target and we the people should use another carrier, and if this does not stop it pick another phone company and stop using their service.
Report Post »beckinista
Posted on November 30, 2011 at 3:18pm@SmokeyRidgeRunner … and if ALL the carriers us this stuff???
Report Post »ZAP
Posted on November 30, 2011 at 1:30pmBig brother is alive and well
Report Post »Wiseone1w
Posted on November 30, 2011 at 1:37pmLong live big brother! Hail big brother! (Is the TV off yet? I am tired of being watched….)
Report Post »AxelPhantom
Posted on November 30, 2011 at 1:30pmThree words; Class action suit
Report Post »chips1
Posted on November 30, 2011 at 1:30pm“I’m going to tape this gun to your head. Oh, I guess we could pull the trigger if we wanted, but that wasn’t the purpose.” Dem’s talking point!!!
Report Post »MichaelP633
Posted on November 30, 2011 at 1:29pmSo how do you know if you have it?
Report Post »How do you get rid of it?
GhostOfJefferson
Posted on November 30, 2011 at 1:37pmYou probably don’t.
You put the phone down, turn it off, and walk outside into the bright sunny day, untracked.
Report Post »chips1
Posted on November 30, 2011 at 1:37pmYou have it. To get rid of it you need a $900 government hammer.
Report Post »Moody4u
Posted on November 30, 2011 at 1:24pmThey watch every keystroke even these ones.
Report Post »chips1
Posted on November 30, 2011 at 1:32pm(&^$#@#&*%$*()#!@*U(^^*&^&*(*&&^($%$$&#($#%^^$&@! That’s all I have to say about that.
Report Post »Who would Jesus bomb?
Posted on November 30, 2011 at 3:48pmHave you seen the link in your browser luring you to click on it – it says “send your keystrokes to google”. They probably have a way to log your keystrokes even if you’re smart enough not to click on it. I know most people don’t click it, but think how many people do. Hey Google, you listening? Log this: Great seach engine. Too bad you’re a bunch of commies, go F yuhself!
Report Post »FaithfulFriend
Posted on November 30, 2011 at 1:22pmExcellent work Trevor!! IQ should be nicknamed “unabomber”.
Report Post »randy
Posted on November 30, 2011 at 1:22pmOh that’s great. use your credit card and smart phones record your credit card info.
Report Post »If it is on your phone, whatcha wanna bet it;s on your pc and macs also?
GhostOfJefferson
Posted on November 30, 2011 at 1:32pmGo to the store in person. Use cash. Ta da.
We’re putting chains on ourselves that control freaks are having a hey day with. They don’t want us to realize that the chains pop right off of us if we just put down the freaking devices that we slavishly allow to dominate our lives, both social and physical.
Report Post »LLATPOH
Posted on November 30, 2011 at 1:39pmSo true, Ghost.
Report Post »gzinecker
Posted on December 6, 2011 at 12:34pmIf keylogger software was on your computer, that would be disastrous. Also, I am not sure how that would be possible, unless you got yourself a virus of some sort, as that is what keylogging software is: a virus. If you have one, they can be simple to remove, if you know how. Just lock up your port forwarding, make sure there are no nefarious processes running, and bam! done.
Report Post »Rowgue
Posted on November 30, 2011 at 1:18pmLOL yeah people are concerned about the security of their phones. That’s why they jailbreak their iphones with tools they find on random websites. People aren‘t nearly as concerned with any of this stuff as they pretend to be once it’s discovered.
Report Post »Constitutional Cowboy
Posted on November 30, 2011 at 1:18pmDid you wonder why cellphone carriers GIVE the phones away? Hmmmmmmm?
Report Post »GhostOfJefferson
Posted on November 30, 2011 at 1:15pmI’ll keep saying it folks. The key to retaining a lot of your freedom in today’s world is to not tie yourself down to 24/7 electronics. Put down the phones and texters. Log off the computers. Not one person besides maybe your neighbor will then know you’re sitting on your front porch watching a sunset. I promise you, it’s quite liberating.
Report Post »Gonzo
Posted on November 30, 2011 at 2:53pmGreat observation but, it‘s a bit ironic that you’re typing this sentiment on your computer Ghost.
Report Post »Free2speakRN
Posted on November 30, 2011 at 1:12pmThey install everything except, reason to trust.
Report Post »Stoic one
Posted on November 30, 2011 at 1:09pmand if the gov’t says: ‘we want all info on x ph #’ ; the cell provider will comply.
Report Post »SpankDaMonkey
Posted on November 30, 2011 at 1:09pm.
My fellow Blazers I am asking for your help & support. The moderator said I have to change my name, Glenn said on his show this morning, that he does not sensor people. Well what the Hell is this? So if ya’ll want me to change my name from SpankDaMonkey to something else, Let’s have a Vote….
Do go behind my back like a little kid and tattle on me I’m a grown Monkey I can take it.
Let’s Vote Free Speech for SpankDaMonkey………………
Report Post »Mannax
Posted on November 30, 2011 at 1:16pmI fail to see what is bad about your name, that is unless you look at the world through a perverted filter.
Report Post »Secessionista
Posted on November 30, 2011 at 1:21pmBest of luck!
Report Post »Wiseone1w
Posted on November 30, 2011 at 1:23pmI am all in favor of you changing your name. Only a person with a sophomoric view of the world would find any humor or merit in a vulgar moniker. I suggest that you also avoid things like chokedachikin, strokedaworm, and petdaferret.
Report Post »Drakkhanlord
Posted on November 30, 2011 at 1:24pmkeep the name
Report Post »The Sergeant Major
Posted on November 30, 2011 at 1:25pmWhat’s the problem? Who’s the village window licker here? Keep your name!
Report Post »Rowgue
Posted on November 30, 2011 at 1:25pmStupid childish screen names do distract from actual constructive conversation and personally I would never have chosen a screen name like that.
Having said that though, there are at least two dozen other screen names that are way more over the line than yours, but I’ve not seen anyone inform them that their names must be changed.
Report Post »FaithfulFriend
Posted on November 30, 2011 at 1:25pmCouldn’t care less, but you‘re touch’in my monkey so let’s just get that straight.
Report Post »FaithfulFriend
Posted on November 30, 2011 at 1:27pmNot touch’in I meant to type. Geewhiz Wally.
Report Post »LibTardHater
Posted on November 30, 2011 at 1:31pmI vote “SAVEDAMONKEY”!!! Obviously the moderator has spent way too much time dating Miss Michigan(a.k.a. Mrs. Thumb and her 4 daughters) and finds your screen name hits too close to home.
Report Post »Just sayin…………….
confederacyofdunces
Posted on November 30, 2011 at 1:39pmI have no problem with your name, I often use buttmunkey on other sites.
Report Post »chips1
Posted on November 30, 2011 at 1:43pmHow about DRIVEBO2THEDUNES?
Report Post »82dAirborne
Posted on November 30, 2011 at 1:51pmIt’s fine with me. I don’t understand why there is a “problem” all of a sudden.
Report Post »Henrys_Ghost
Posted on November 30, 2011 at 2:29pmChange it to SPANKEDBYGLENNMODS
Report Post »GollygeeMrwilson
Posted on November 30, 2011 at 2:54pmI think it’s a SWELL name.
Report Post »Gonzo
Posted on November 30, 2011 at 3:13pmI vote for ‘Bulldog”! It’ll go great with your new avatar when you post it Saturday night. :-)
Report Post »CobraBill
Posted on November 30, 2011 at 3:19pmSo now it is really bad to have a monkey on your back?
Report Post »Gay was happy, queer was strange, now monkey is not a primate anymore.
When my monkey acts up I spank it, not like it is child abuse.
EgoBrain
Posted on November 30, 2011 at 3:47pmKeep it. Dang, Blaze.
Report Post »guntotinsquaw
Posted on November 30, 2011 at 5:20pmIt’s your name…but please do me a favor… please slap his wife and tell her ..her a$$ is making the dresses look fat.
Report Post »82dAirborne
Posted on November 30, 2011 at 1:08pmMy little ‘ol Tracphone does everything I need……PHONECALLS!!
Report Post »The Sergeant Major
Posted on November 30, 2011 at 1:27pmA TA 312 on hard wire!! Smoke signals or faces to face?
Report Post »BloodyArtist22
Posted on November 30, 2011 at 1:05pmThis sounds like the Patriot Act in a cell phone. Wow. Rush was right…we need cell phones where we’re able to remove the battery so “they” can’t track us.
Report Post »762x51
Posted on November 30, 2011 at 1:05pmCarries IQ, one more piece of the globalist puzzle and another perp due for a military style assault.
Report Post »Junter
Posted on November 30, 2011 at 1:04pmAny guess how long it will take a hacker to use the Carrier IQ app against phone users? Say redirect data sent to another source?
Heard a presentation not to long ago discussing how easy it is to redirect Automated MS Windows 7 updates to gain unauthorized access to personal computers… Carrier IQ can’t be much harder.
Report Post »rienheart
Posted on November 30, 2011 at 12:58pmStill have my old crappy phone that works just fine, and like being unhip.
Report Post »Lordchamp
Posted on November 30, 2011 at 12:57pmYes, right. We really believe that it’s only used for the purposes you state. If that‘s the case why aren’t customers made aware that the software is on there upfront and out in the open? Honesty? Integrity? Ethical? Moral? All those are things you failed at Carrier IQ.
Report Post »Thighmaster
Posted on November 30, 2011 at 12:57pmI don’t want it, so how do I get rid of it? This sort of thing was predicted many years ago….
Report Post »NDPINDNT
Posted on November 30, 2011 at 1:10pmTake the phone out of your pocket. Gently set it out on the floor. Then smash it with your heel several times and throw it in the garbage. If they can still track it, they go through a lot of trouble finding it at a dump. This really sucks! Our government able to track our every move through these devices.
Report Post »Thundermeister
Posted on November 30, 2011 at 12:52pmFor once, being the owner of the ‘unhip’ Palm Pre doesn’t seem so bad.
Report Post »Gonzo
Posted on November 30, 2011 at 3:17pmFunny how yupies have turned certain types of phones into status symbols isn’t it? I could give a rip about what kind of phone I have as long as I can make a call when I need to.
Report Post »cessna152
Posted on November 30, 2011 at 12:51pmI wonder if rooting then if it is possible to freeze or remove?
Report Post »