The Android Tax
Once again, Gruber absolutely nails it.
------------------------------------------------
Rootkit, Eh?
Thursday, 1 December 2011
Thom Holwerda, OSNews, headline: CarrierIQ Rootkit Found on Android, iOS
Really?
On iOS the setting is off by default, plainly labeled, and even when turned on, apparently only logs (a) location data and (b) when a phone call was active. And it doesnt even log location data if Location Services are disabled a setting which, again, is plainly labeled and easy to find.
According to Trevor Eckhart, on HTC Android phones, the Carrier IQ daemon logs the following: every number you press in the phone dialer, every key you type on the keyboard, every SMS message you receive, every URL you open in the web browser, every app you open, all media playback, and your location. There is no visible sign that this is running, the process is hidden from the process viewer, and there is no way to turn it off.
From that information, Holwerda chooses the headline CarrierIQ Rootkit Found on Android, iOS. [UPDATE: The headline has since been changed to CarrierIQ Rootkit Found on Android.]
As a sidenote, it amuses me to no end how someone like John Gruber has mysteriously and quite suddenly adopted the its the carriers fault!-mantra now that iOS has also been found to include CarrierIQ. Which is ironic, since it appears that Apple is the only one including CarrierIQ (slightly butchered, but still) within the operating system itself, whereas on Android, its a carrier thing.
I could point out that describing the Carrier IQ-related logging on iOS as a slightly butchered version of whats been found on HTC Android phones is an absurd instance of false equivalence, but thats self-evident. I enjoy a debate regarding my work and any perceived biases in it, and Id like to think that OSNews is a reasonable source with a different perspective, which is why Im responding to this. But I worry here that Im trying to reason with the unreasonable.
How could my stance on Carrier IQ suddenly change when Id never written about it before yesterday? Ive gone back and re-read everything Ive written about it thus far (here, here, and here), and I cant find a single word where I place blame anywhere other than in the hands of the carriers. (Which, as the story continues to unfold, looks to be exactly where the blame should be placed.) I didnt even crack an Android is open joke.
Whats important here is not merely the presence of anything related to Carrier IQ. Whats important is the surreptitious logging and collection of sensitive private data. It is certainly interesting that Apple is using Carrier IQ services to log anything at all, and worthy of investigation. But to date, weve learned nothing scandalous, misleading, or unclear about what Apple is doing in this regard. Theres not a shred of evidence that Apple is now or ever was using Carrier IQ for anything other than collecting only and exactly the sort of data Apple says, plainly, that it collects when the user chooses explicitly to allow it.
Apple has a clearly-worded diagnostics collection privacy policy, which you can read on the device in Settings → General → About → Diagnostics & Usage → About Diagnostics and Privacy. Im hosting a copy of it here so everyone can read it. Its short and utterly reasonable.
The worst that can be said of Apple in this saga is that theyre guilty by association that Apple used, for innocuous purposes, the services of a company that others have used for nefarious purposes. To put this in the same boat as Android devices which ship from the factory with secret keyloggers installed is absurd.*★
http://daringfireball.net/
----------------------------------------------
But hey, it's "open", or whatever . . .