Carrier IQ Logging Software Found on Many Mobile Phones

[wikus]

Then you've chose the wrong company. That isn't Apple's philosophy anymore, and because of that, it has allowed them to make products which are insanely popular.

I never understood people who continue to hang around banging on about this sort of stuff that is just inherently against Apple's stance. Apple aren't trying to be this way, nor want to be this way, just be happy with the platform you have.

It has nothing to do with being on a technology site.

I like Mac OS X, therefor I have a Macbook Pro and Mac Pro.

I *strongly* dislike Apple's mobile devices and iOS, therefor I have an HTC Glacier with a highly customized Android ROM.

My complaints are valid, it only gives apple more reason to give users *choice*. If iOS was as customizable as Android, I'd use it.

 

[davidjearly]

So some clarification,

A closer look at the video seems to show that it's not really "keylogging", as originally indicated in the title.

- It's recording received text messages
- It's recording urls that you visit (https://www.google.com?query=my+search+term")
- It's recording physical button presses (home button etc...)
- It's recording virtual numeric keypad presses

As far as I can tell it's not recording every virtual keyboard press.

sorry for the confusion,

arn

You were only 50% away from being correct though!

Either way, it's ridiculous and a breach of privacy.

 

[SandynJosh]

So some clarification,

A closer look at the video seems to show that it's not really "keylogging", as originally indicated in the title.

- It's recording received text messages
- It's recording urls that you visit (https://www.google.com?query=my+search+term")
- It's recording physical button presses (home button etc...)
- It's recording virtual numeric keypad presses

As far as I can tell it's not recording every virtual keyboard press.

sorry for the confusion,

arn

It's logging a lot more than that Arn. Check out the video on CNET at

http://news.cnet.com/8301-13506_3-5...essages/?part=rss&tag=feed&subj=News-Security

This bad boy is phoning home a lot more then it needs to. I won't be surprised to learn that this company, Carrier IQ is a front for a much larger company that lives and breaths gathering potential customer data....now, whooo could that be???

 

[Oletros]

This bad boy is phoning home a lot more then it needs to. I won't be surprised to learn that this company, Carrier IQ is a front for a much larger company that lives and breaths gathering potential customer data....now, whooo could that be???

Conspiracy theories?

 

[ChazUK]

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)

All that matters to me is:

There is no CIQ on stock Android.
There is no CIQ on my Nexus phones.
There is no CIQ on AOSP builds of Android (like Cyanogenmod on my ZTE Blade)

The real fury should be directed at Sprint (Verizon have said they don't use CIQ), HTC, Samsung and CIQ themselves. Their monitoring software has no place monitoring half of what it does. The plain text SMS logs and HTTPS logging is absolutely appalling.

I hope that the full truth comes out over every aspect of what this software is doing comes out and who is using it.

All that matters is that they are screwing people while saying they are fluffy and pointing fingers at Apple.

Talk about droid-aid ....

By "they" I assume you mean Sprint, Samsung and HTC for including this crap on their phones?

 

[ChazUK]

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)

Another WIN for the Android platform. My HTC is flashed with a custom ROM without any of that horse-hockey.

Open source FTW.

Only in the the most delusional Android fan dreams can it be called a win that someone would have to root a phone and flash the ROM to remove a legally questionable rootkit sanctioned by the service provider and OEM.

Seriously. Some of us want a phone, not a weekend hobby.

If it wasn't for Android's open nature, it's doubtful if we'd even know that this was going on as bad as it seems to be.

In that respect, it is a win that it enabled people to find out how bad it is.

 

[kalsta]

My complaints are valid, it only gives apple more reason to give users *choice*. If iOS was as customizable as Android, I'd use it.

The other poster's comments were valid too. Apple has a design philosophy, and has done for many years. It's not about taking away choices from people for the heck of it, but it IS about making things simpler for most users by making certain choices for them, and simplifying the front end. I mean really, no one should have to choose whether they want their private communication logged or not. Since no one would willingly choose this, it's a perfect example of something the user should never, ever have to worry about. The fact that you have worried about it is hardly a win for Android. Rather, it's an admission of a problem that should never have existed in the first place.

 

[Jerome Morrow]

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)



By "they" I assume you mean Sprint, Samsung and HTC for including this crap on their phones?

Including Google. If Google said this is not going to happen on our OS it wouldn't, don't you think?

----------

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 4.0.1; en-gb; Galaxy Nexus Build/ITL41D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30)



If it wasn't for Android's open nature, it's doubtful if we'd even know that this was going on as bad as it seems to be.

In that respect, it is a win that it enabled people to find out how bad it is.

Nice rationalisation.

 

[SiPat]

This CarrierIQ software seems to be doing a lot more yet there is no feeding frenzy like when Apple was collecting data on transmission towers. Certain websites (*net) went ******* and really distorted certain facts in the Apple incident yet seem to be quiet when it comes to Android handsets with CarrierIQ pre-installed.

 

[Oletros]

If Google said this is not going to happen on our OS it wouldn't, don't you think?

No, you're wrong, they can't prevent it

 

[ChazUK]

Including Google. If Google said this is not going to happen on our OS it wouldn't, don't you think?

It's an open source OS which can be used for anything.

A Linux based computer could be built and used to distribute malware and to control botnets. That does not make Linux inherantly evil does it?

I do hope that those companies involved do get their arses kicked don't get me wrong but being open does have its good points and its bad points.

 

[Jerome Morrow]

This CarrierIQ software seems to be doing a lot more yet there is no feeding frenzy like when Apple was collecting data on transmission towers. Certain websites (*net) went ******* and really distorted certain facts in the Apple incident yet seem to be quiet when it comes to Android handsets with CarrierIQ pre-installed.

Indeed. When Apple wasn't doing anything wrong everyone went mental, because Apple was logging cell towers for perfectly normal reasons. It was spinned to the point where Apple was accused of spying on people.

----------

It's an open source OS which can be used for anything.

So what? You still can and should attache some requirements especially in cases like this.

First you say it's great that it's open source and it enebaled to find this and then you say it's open source anyone can do what they want. Make up your mind.

 

[Oletros]

So what? You still can and should attache some requirements especially in cases like this.

You don't know so much about open source licenses, do you?

First you say it's great that it's open source and it enebaled to find this and then you say it's open source anyone can do what they want. Make up your mind.

and the contradiction is exactly where?

 

[wikus]

So what? You still can and should attache some requirements especially in cases like this.

First you say it's great that it's open source and it enebaled to find this and then you say it's open source anyone can do what they want. Make up your mind.

Alright then lets have it closed source like everything else is with apple and not have a clue of whats going on, or a way to relatively easily change that.

The cons dont outweight the pros in the case of linux/android/open source.

Blame the carriers and the manufacturers.

 

[Piggie]

Between the Malware on Android and now this, is the open source really worth it?

Whilst of course, none of this it's good. Some will see it as a price worth paying for freedom.

Do you want to live in the free world, where you can go and do as you want, but you might get run over, might get aids, may get food poisoning, might not be able to get a good job etc etc.

Of do you want to like in a safe zoo. You are locked in so no-one can get in to harm you, all your foods are prepared, and your life and what you can and can't do is controlled by others with your best interests at heart?

Is having some bad things possibly happen from time to time a price worth paying for your freedom?

 

[ChazUK]

So what? You still can and should attache some requirements especially in cases like this.

First you say it's great that it's open source and it enebaled to find this and then you say it's open source anyone can do what they want. Make up your mind.

Does this help at all?.

Good open source aspects:
It exposed this issue.
It enables people to remove the crap.
It is not included as a part of stock AOSP Android.
Users can see in detail what is going on on their hardware.

Bad open source aspects:
It enabled HTC, Sprint, Samsung to do this.

Does that clear up what I am saying?

 

[MCP-511]

Logging that much information would seem to have a negative impact on performance in my opinion, not to mention wasted space on the device itself.

 

[VulchR]

Does this help at all?.

Good open source aspects:
It exposed this issue.
It enables people to remove the crap.
It is not included as a part of stock AOSP Android.
Users can see in detail what is going on on their hardware.

Bad open source aspects:
It enabled HTC, Sprint, Samsung to do this.

Does that clear up what I am saying?

Although I am no fan of Android, I think ChazUK seems to be making reasonable points. Also, it is true that choices are limited in iOS. Sure, one can turn off sending diagnostics to Apple, but one cannot clear the diagnostic messages from your iPhone, which means that if somebody has physical access to your phone there is a small but nonzero privacy threat.

The real issue here is the crass violation of privacy and consumer trust by companies, not the particular mobile OS. If laws have been broken, then somebody should go to jail. If not, then laws should be made to protect our privacy from money-grubbing companies with no moral compass.

EDIT: And by the way, can we now call this CIQgate?

 

[locust76]

Whilst of course, none of this it's good. Some will see it as a price worth paying for freedom.

Do you want to live in the free world, where you can go and do as you want, but you might get run over, might get aids, may get food poisoning, might not be able to get a good job etc etc.

Of do you want to like in a safe zoo. You are locked in so no-one can get in to harm you, all your foods are prepared, and your life and what you can and can't do is controlled by others with your best interests at heart?

Is having some bad things possibly happen from time to time a price worth paying for your freedom?

Because that's an appropriate analogy...

 

[ranReloaded]

The Definition Of Open™

 

[KnightWRX]

Then you've chose the wrong company. That isn't Apple's philosophy anymore, and because of that, it has allowed them to make products which are insanely popular.

I never understood people who continue to hang around banging on about this sort of stuff that is just inherently against Apple's stance. Apple aren't trying to be this way, nor want to be this way, just be happy with the platform you have.

It has nothing to do with being on a technology site.

Don't get upset if on a technology site, you have people that are technically minded and tinkerers at heart. Also, when did we "choose" a company exactly ? I bought some Apple products, I didn't choose Apple. If tomorrow Apple stops making products in certain segments that are useful to me, I will switch to whatever new company makes these new products. Not every product in my house is Apple, heck, there's some Apple stuff I wouldn't buy, opting for the competition instead*.

I don't choose companies, I choose products. Why do some people around here insist on making product buying a lifestyle decision ?

----------

Keylogging doesn't have anything to do with HTTPS, I do know that, was merely stating that the whole idea behind HTTPS is security and encryption, and this undermines it...

There's 2 ideas behind HTTPS : encrypting the communication channel and identification of the remote endpoint. Securing the local endpoint is your job and has nothing to do with HTTPS. If you truely believe no one can "snoop" on your conversation because it happens to be over HTTPS while having compromised your local endpoint, you don't understand how HTTPS works.

 

[Jerome Morrow]

Does this help at all?.

Good open source aspects:
It exposed this issue.
It enables people to remove the crap.
It is not included as a part of stock AOSP Android.
Users can see in detail what is going on on their hardware.

Bad open source aspects:
It enabled HTC, Sprint, Samsung to do this.

Does that clear up what I am saying?

And if honesty was the best policy this wouldn't be happening in the first place. It's a very nice contradiction. It's open source, so we can find bad stuff (we shouldn't be searching for if people were honest) and then it's open source and everyone has the right to do as they please and we get back to the it's open source and we can look for bad stuff. Nice circle huh? Oh the irony ...

----------

Although I am no fan of Android, I think ChazUK seems to be making reasonable points.

Reasonable points my ass.

 

[ChazUK]

And if honesty was the best policy this wouldn't be happening in the first place. It's a very nice contradiction. It's open source, so we can find bad stuff (we shouldn't be searching for if people were honest) and then it's open source and everyone has the right to do as they please and we get back to the it's open source and we can look for bad stuff. Nice circle huh? Oh the irony ...

----------



Reasonable points my ass.

When did I insinuate that HTC, Samsung, Sprint were beingg "honest"?

This isn't about honesty. This is about exposing some really nasty goings on in our smartphones. Prior to this discovery, i bet very few people knew that CIQ existed in some Android, BlackBerry, Symbian or iOS powered handsets.

Were you privvy to this knowlege before the evil ooen source software enabled TrevE to expose it?

 

[VulchR]

And if honesty was the best policy this wouldn't be happening in the first place. It's a very nice contradiction. It's open source, so we can find bad stuff (we shouldn't be searching for if people were honest) and then it's open source and everyone has the right to do as they please and we get back to the it's open source and we can look for bad stuff. Nice circle huh? Oh the irony ...

----------



Reasonable points my ass.

The point is that this is an issue with a set of companies and not a particular iOS. The simple fact is that this was found on Android because the system could be interrogated easily, and found later in other OS's once it was discovered (or at least that's the way it seems from reading various web sources - please correct me if I am wrong). Clearly Apple, after having been burned on privacy issues, has made sure that their version of CIQware is far less intrusive, and I believe that is the advantage of Apple products: they know who the customer is. And that's why we pay more.

@Jerome: As for your a$$, ....

 

[kalsta]

Whilst of course, none of this it's good. Some will see it as a price worth paying for freedom.

Do you want to live in the free world, where you can go and do as you want, but you might get run over, might get aids, may get food poisoning, might not be able to get a good job etc etc.

Of do you want to like in a safe zoo. You are locked in so no-one can get in to harm you, all your foods are prepared, and your life and what you can and can't do is controlled by others with your best interests at heart?

Is having some bad things possibly happen from time to time a price worth paying for your freedom?

Freedom? Oh good grief. I love it when these discussions turn religious.

First of all, there is no such thing as absolute 'freedom' in society based on your definition. A situation where there is no authority governing what you can and can't do, and no safeguards in place against harm, would be anarchy. In a state of anarchy, people who can't defend themselves lose their freedoms anyway. For a society to function, it has to find the right balance, somewhere between a totalitarian dictatorship and complete anarchy.

But getting back to the very serious topic of mobile handsets for a moment… This black and white distinction between utopian freedom, and a walled in prison, is just as imaginary. Again, there must be a balance—somewhere between a device that enables absolutely no customisation (no choice of which apps are installed, no customisable settings, no choice about anything other than whose number you dial), and a device which requires the user to write the OS from scratch.

So which of the current approaches finds the best balance? You know the beauty of it is, you can decide for yourself and buy the phone that best suits your personal needs!!

Speaking specifically about Apple and the iPhone, here's a quick reality check for you… Compared to the pre-iPhone era, iOS opened up amazing possibilities to customise your mobile device's capabilities once the App Store gained momentum. If you went back in time and showed this to someone a few years ago, they would be amazed at what you can do, and equally amazed that a whole new breed of tech-zealots decry this terrible lack of 'freedom'. If the whole topic of Apple's 'closed' approach gets your blood in a boil, then I have some sad news for you my friend… You've been duped into joining a new religion.