Carrier IQ Logging Software Found on Many Mobile Phones

[PlipPlop]

Sure, you listed problems that the iPhone has had. But to claim they are the worst, seems like you would need to compare them to everyone else.

I would say opening a pdf and having your phone destroyed/rewritten is about as bad as security holes come. Most people dont expect a pdf to ruin your phone.

The proximity sensor making your phone unable to make a call is also a major fault which 5 mins of testing would have uncovered. I assume Apple would have had at least 50 people testing the new iphone/ios and none of them noticed the widly reported battery problems? Strange things

 

[BaldiMac]

And they (Manufactures and carriers) could of said no and not agreed to it. Google would be require to honor any agreement they had in place before hand.

Possibly, but then they would miss out on early access to the Android source code and possible new versions or functionality in the proprietary Google apps.

 

[diamond.g]

I don't think you understand the relationships and agreements google has with the OEMS.

Just because Android is open source does not mean Google does not have the means to control what these companies are doing with it.





You could not be more wrong. Google has agreements with these companies outside of the open source licenses.

----------



LOL.

You really do not understand the way Android and Google works as it relates to smartphones at all.

You are so caught up in the idea of "Open Source" you do not understand ANY of the other issues at work.

Source?

 

[BaldiMac]

I would say opening a pdf and having your phone destroyed/rewritten is about as bad as security holes come. Most people dont expect a pdf to ruin your phone.

The proximity sensor making your phone unable to make a call is also a major fault which 5 mins of testing would have uncovered. I assume Apple would have had at least 50 people testing the new iphone/ios and none of them noticed the widly reported battery problems? Strange things

Again, you neglected to compare Apple's quality control to all of the other phones being made.

 

[gkpm]

I would say opening a pdf and having your phone destroyed/rewritten is about as bad as security holes come. Most people dont expect a pdf to ruin your phone.

Do people on Android expect a web page to read the contents of their SD cards and upload it to a server?

http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/

Then have the issue patched by Google, only for it to be exploited again?

Apple hardly has an exclusive on security issues. Also not on hardware problems, see recent volume bug on the Galaxy Nexus.

 

[Oletros]

Possibly, but then they would miss out on early access to the Android source code and possible new versions or functionality in the proprietary Google apps.

Off topic, perhaps I have to clarify my position.

I'm talking only about the Android compatibility when I say Google can't enforce vetting apps.

 

[Oletros]

Do people on Android expect opening a web page to read the contents of their SD cards and upload it to a server?

http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/

Then have the issue patched by Google, only for it to be exploited again?

Apple hardly has an exclusive on security issues. Also not on hardware problems.

As I don't understand why the OP talks about holes in iOS as is irrelevant and say nothing bad about Apple, comparing the PDF bug with this is hilarious

 

[PlipPlop]

Again, you neglected to compare Apple's quality control to all of the other phones being made.

Ok then, its worse than any other phone?

 

[Oletros]

This is good news

http://www.theverge.com/2011/12/1/2603142/senator-al-franken-asks-carrier-iq-exactly-what-its-doing

 

[Primejimbo]

Don't all android phones have removable batteries? That was always a big knock against the iPhone early on, no replaceable/removable battery. So maybe Android users can remove their batteries before the data gets sent.

Nope, the new Razr doesn't have a removable battery

 

[echo2011]

This is good news

http://www.theverge.com/2011/12/1/2603142/senator-al-franken-asks-carrier-iq-exactly-what-its-doing

Good to see some action being taken so quickly, interesting how the article states that there's been no response from Carrier IQ. The Carrier IQ think tank must all be huddled up right about now.

 

[gkpm]

As I don't understand why the OP talks about holes in iOS as is irrelevant and say nothing bad about Apple, comparing the PDF bug with this is hilarious

You want to see hilarious? For me it's this one:

"Setting the time and date to 03:14:08 19/01/2038 crashes the device and stops it from booting, effectively bricking it"

http://code.google.com/p/android/issues/detail?id=16899

Take care if leaving one of the affected Droids unattended, there's some evil people out there.

 

[ILikeTurtles]

Don't get upset if on a technology site, you have people that are technically minded and tinkerers at heart. Also, when did we "choose" a company exactly ? I bought some Apple products, I didn't choose Apple. If tomorrow Apple stops making products in certain segments that are useful to me, I will switch to whatever new company makes these new products. Not every product in my house is Apple, heck, there's some Apple stuff I wouldn't buy, opting for the competition instead*.

I don't choose companies, I choose products. Why do some people around here insist on making product buying a lifestyle decision ?

----------

Hate to break it to ya - but when you choose iPhone (or whatever product) you're buying Apple. They go hand-in-hand. You can refuse to acknowledge this, but that doesn't make it not true.

 

[kdarling]

Good to see some action being taken so quickly, interesting how the article states that there's been no response from Carrier IQ. The Carrier IQ think tank must all be huddled up right about now.

As I posted in another thread yesterday, CarrierIQ put a note on their website that they do not collect such info. If people took five seconds to look them up, they'd see that.

I guess CarrierIQ doesn't realize yet how many naive, lazy people there are in this world who believe anything they read on the 'net.

As I also posted in HUGE LETTERS in post #189, just because an app blindly logs something, does not mean it's getting sent anywhere outside the device.

The idiot who started all this brouhaha, over most likely nothing, must be new to log files. This reminds of all the times that someone claimed that Apple had "the patent on multitouch" and other rubbish. Tech reporting has really gone downhill these days.

 

[gkpm]

I guess CarrierIQ doesn't realize yet how many naive, lazy people there are in this world who believe anything they read on the 'net.

Is that why the very first thing they tried to do was sue the guy who found it, until EFF intervened?

Not the best handling of the situation IMHO.

As I also posted in HUGE LETTERS in post #189, just because an app blindly logs something, does not mean it's getting sent anywhere outside the device.

Doesn't mean it's not sent either. If Carrier IQ are really clean about this it should be easy enough to prove.

Can you explain why their Android software needed to receive all those events, including keypresses? Debug or not it seems a bit too much.

This reminds of all the times that someone claimed that Apple had "the patent on multitouch" and other rubbish. Tech reporting has really gone downhill these days.

Love how all your posts have to include some completely unrelated potshot at Apple.

 

[echo2011]

Apologies if this has already been posted, from a user link posted on theverge:

http://www.forbes.com/sites/andygre...one-rootkit-firm-carrier-iq/?partner=yahootix

 

[wikus]

Another WIN for the Android platform. My HTC is flashed with a custom ROM without any of that horse-hockey.

Open source FTW.

wow, my comment gets 22 negative rankings. i guess nobody understands the benefits of aftermarket ROMS. well, its not surprising, not like there can be much done with a closed down iphone.

this same comment of using aftermarket roms is the highest ranked on engadget (a very pro apple blog).

guess the macrumors members STILL have trouble admitting to their limitations.

 

[echo2011]

wow, my comment gets 22 negative rankings. i guess nobody understands the benefits of aftermarket ROMS. well, its not surprising, not like there can be much done with a closed down iphone.

this same comment of using aftermarket roms is the highest ranked on engadget (a very pro apple blog).

guess the macrumors members STILL have trouble admitting to their limitations.

Not all members have trouble admitting the limitations...I'm one of them, I really dislike how the iPhone is locked down, and all the control issues Apple has...in the long run I really like the device, so I accept it as it is...I always have the choice to jailbreak if I want. I've tried a couple Android phones and liked them to, just settled with an iPhone is all.

 

[wikus]

Not all members have trouble admitting the limitations...I'm one of them, I really dislike how the iPhone is locked down, and all the control issues Apple has...in the long run I really like the device, so I accept it as it is...I always have the choice to jailbreak if I want. I've tried a couple Android phones and liked them to, just settled with an iPhone is all.

I think people would rather obsess over a brand they feel gives them identity rather than admit the flaws of the company's product theyre so attached to.

the reality is, its pathetic. i dont hold HTC to any lower or higher standard than I do for apple, or any other companys.

 

[Swift]

You don't need to be a conspiracy theorist to accept that every major tech company - Amazon, Apple, Google, Microsoft, etc - collects information on their users from the devices they distribute. In fact, this is quite obvious in almost every respect.

1. This seems to be a lot more intrusive, at least potentially, than the kind of dynamics that any of these companies do. Google tracks you to show you the kind of ads that might work with you. Amazon sets a cookie so it can recommend products you might like. Every time I check into the Apple Store, I have to sign in, so I can use my credit card. Nothing like a keylogger there.

2. This isn't the manufacturers; this is the networks that have the ability to look into literally, everything you do, including your passwords. Whether they use it or not, who knows? But the free and open Android has allowed this crap to go on. So far, it seems that what is logged in the Apple version is what you need to know for network diagnosis and such, though I'm sure we'll hear more in the coming days that may change my mind.

Accusations should be made on evidence, not on simple paranoia. You're the one that's naive.

----------

wow, my comment gets 22 negative rankings. i guess nobody understands the benefits of aftermarket ROMS. well, its not surprising, not like there can be much done with a closed down iphone.

this same comment of using aftermarket roms is the highest ranked on engadget (a very pro apple blog).

guess the macrumors members STILL have trouble admitting to their limitations.

If you don't think that your statement is an enormous fanboy's position on the "Android platform"...

If you're a good enough hacker to use custom ROMs, fine. if that's the only way to avoid this privacy-invading crap on Android, that's NOT an argument FOR Android, it's an argument AGAINST it. You shouldn't have to belong to some hacker society to be secure; that should be right out of the box.

 

[wikus]

If you don't think that your statement is an enormous fanboy's position on the "Android platform"...

If you're a good enough hacker to use custom ROMs, fine. if that's the only way to avoid this privacy-invading crap on Android, that's NOT an argument FOR Android, it's an argument AGAINST it. You shouldn't have to belong to some hacker society to be secure; that should be right out of the box.

So, ROMs should be discredited?

Whats the iPhone got going for it?

----------

Hate to break it to ya - but when you choose iPhone (or whatever product) you're buying Apple. They go hand-in-hand. You can refuse to acknowledge this, but that doesn't make it not true.

Really?

I bought an HTC Android phone for its features, I didn't care for the brand. The same goes for when I buy and when I don't buy Apple products.

Youre putting ideas into people's heads that have no place being. Your rationale does not apply to others.

 

[louis Fashion]

Minority Report

Many companies are ripping off your personal info, and not paying YOU for the data. Besides Verizon and the other evil doers, Google etc.,
have you ever considered that TransUnion and all the other credit rating companies make money by providing YOUR credit score to their various clients?

They also have the gall to ask you to give them money to let you "monitor" your credit profile.

I think all these companies should pay you for your info. Want my credit info?Pay me. Want to monitor my web activity? Pay me.

I log into rollsRoyce dot com at least three times a day just to keep them guessing.

----------

Nope, the new Razr doesn't have a removable battery

From what I hear, I does not have much of a battery at all!!!

 

[Mad-B-One]

You don't need to be a conspiracy theorist to accept that every major tech company - Amazon, Apple, Google, Microsoft, etc - collects information on their users from the devices they distribute. In fact, this is quite obvious in almost every respect.

Yea and then there is the European Union. You do that there and will pay about $1Bn if you purposefully track personal information without consumers consent and additionally violating privacy laws strictly regulated by making carriers - not device or software producers - log and store that kind of information for a fix amount of time only be accessed by government agencies on court requests. In other words: If Apple does what you suggest and any level prosecutor in the European Union (which is per capita 1.5x the population of USA in case people wonder) would just jump on it and fine the heck out of Apple. This might just happen with Google now if that is true about Android devices. Google Street View e.g. is strictly limited in Germany because of privacy concerns. Just thinking about it, Android devices might even be banned for a while, who knows? Brussels' regulators did pretty harsh things in the past when they found clearly stated rules violated.

 

[franswa za]

Maybe you should try reading the article again OR may be following the story on other websites before posting asinine comments.

heeha!

----------

"SIRI please long my keystroke" "I can't do that Dave" "SIRI please open the pod bay doors" "I can't do that Dave" "SIRI your a jack ass!" "SIRI" "SIRI"

haha u r funny!

good boy!

 

[mallwitt]

As a long time Mac Rumors lurker, I do have to thank all of you for making these discussions so entertaining. I read through all the comments (unfiltered even for the posters I loathe), because amid all the hyperbole, fanboism, and pretzelled logic, a real sense of the issue emerges. It's almost like truth by gladiatorial combat.

I do have to say that some of the lengths people here go to try and prove their point! Why, it's like some of you think that if you just keep arguing the other person is going to give in and say you are right (hint: That never works and if you want proof read the forums). I'm not even going to get into Apple as a lifestyle choice; 'Freedom' vs 'Walled garden' and what control can be exercised over 'Open souce' (which is really a study in what the definition of 'open' means [much like 'is' is]). Use what works for you, bam.

So, thanks for posting. It's illuminating (and I love the chance to eat popcorn).


Details as I get them so far:

1 The Carrier IQ software is found on RIM, Symbian, Android, and iOS phones. Windows Phones are an unknown.

2 The CIQ software appears to be found only on phones with a Verizon and Sprint Pedegree.

3 The Android CIQ seems to be very poorly integrated and is logging every 'key' press (virtual or physical), but is not logging every screen motion.

4 The iOS implementation seems to be limited to simple usage pattern data and is not capable of recording keystrokes or other user input.

5 There is no 'opt-out' on Android

7 Custom Android ROMs do not contain the Carrier IQ software, and it is unclear if the same Android phone on a different carrier contain the software.

8 It is unclear what data is actually being sent to Carrier IQ's servers, despite what is being logged. On iOS the potential information is limited by what the program is logging in the first place. On Android, since the logged data pool is so much larger, the potential for compromised data is larger.

9 Even if the large amount of data that is logged on Android is not transmitted, there are security concerns about what can be recovered from the phone with physical access, and how much a security threat this poses to Android users. iOS appears to be immune from this as the gathering of this information can be turned off (usage and diagnostics).

10 There may be legal implications (HIPPA, wiretapping, UK consumer protection and privacy, etc...) regarding the gathering of user data without consent of the user, even if that data is not transmitted.