 |
 |
I did see that, but like the article says it doesn't have access to user processes like the Android implementations (debug analysis of rooted devices verified this) and you can disable it with a simple checkbox. This kind of implementation doesn't bother me from a security standpoint since hey, network statistics and phone logs are useful when you're dealing with coverage problems or device issues. The scope of how the software hooks in to the OS on the Android platform is much more concerning to me. -----Original Message----- From: Kwiatkowski, Nicholas Sent: Tuesday, December 06, 2011 9:19 AM To: Graff, Dave; [log in to unmask] Subject: RE: [MSUNAG] App on Millions of Android Phones logging key Taps? Dave, Unfortunately, CarrierIQ software has also been found on Apple's iPhone devices as well... http://arstechnica.com/tech-policy/news/2011/12/apple-carrier-iq-still-on-iphone-4-but-we-dont-read-your-e-mail-and-texts.ars It will be interesting where all this ends up. There were four different (some overlapping) class-action lawsuits that were filed within the last week in federal court over this. -Nick Kwiatkowski MSU Telecom Systems -----Original Message----- From: David Graff [mailto:[log in to unmask]] Sent: Tuesday, December 06, 2011 9:14 AM To: [log in to unmask] Subject: Re: [MSUNAG] App on Millions of Android Phones logging key Taps? I've done a lot of digging on this in the last week or two, and here's the basic rundown: CarrierIQ is a company that provides quality of service monitoring software for cell phones. This software has a whole suite of abilities that range from recording signal levels to uploading logs to tracking GPS locations to recording every single keypress/SMS/email/anything else that goes in and out of the device. Your mobile carrier licenses the software in partnership with the vendor and builds a custom agent for your phone around CarrierIQ's code. Ideally they would only use the portions that can collect anonymous usage data (signal levels, device error logs, etc) and give you a way to opt out if you so choose. What really happened is that the whole CarrierIQ package in it's obtrusive glory was installed by HTC on this device, meaning it intercepts everything down to the keypress. You then have to trust that the data, although being intercepted, isn't actually being logged and transmitted. Considering every single phone vendor's complete inability to write good, secure software (Motoblur, TouchWiz, SenseUI I'm looking at you), it is a huge leap of faith for us to also trust that they have installed CarrierIQ "right" that won't result in personal data being logged or data leakage to other apps installed on the system. Especially went you can't disable it short of rooting and re-flashing. If you are going the Android route, I would strongly advise that you get one of the Google Nexus phones which doesn't have any of this garbage vendor/carrier customization on it. Or get an iPhone. On Wed, 30 Nov 2011 17:01:43 +0000, Al Puzzuoli <[log in to unmask]> wrote: >Just saw this. Not sure how big of a deal it will be yet, but worth >keeping an eye on: >http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/ > > >Al Puzzuoli >Michigan State University >Information Technologist http://www.rcpd.msu.edu >Resource Center for Persons with Disabilities 517-884-1915 120 Bessey >Hall East Lansing, MI 48824-1033