T Nation

Android Phone/Carrier IQ


#1

Saw this, and figured it worth posting if anyone here has an android phone(I don't).

http://gizmodo.com/5864418/carrier-iq-speaks-and-of-course-it-denies-all-wrongdoing


#2

It's not that bad. Many carriers (Verizon, for example), don't have it on any of their handsets (Android included). Apple had it on their iPhones until recently (still removing traces of it).

It's not on any of the Google Nexus handsets either.

Also, if you've rooted your Android or installed a custom ROM, it's likely not on there either.

BB, Nokia and Microsoft are pretty much the only ones who don't, past or present, have it on their phones.


#3

After watching the video, reading the articles and comments, I've concluded this isn't a big deal.

The kid in the video found evidence that info is sent from your phone to Carrier IQ every time you send a text, press a button, etc and automatically assumed they were spying on his emails or something. Carrier IQ came out and said that they aren't recording the information you send, only whether or not it was sent successfully.

I know fuck all about technology, but this looks to me like a piece of sensationalist journalism meant to scare people (who know fuck all about technology).


#4

Fixed that for you lol


#5

That's what I thought at first too, but after reading this I am not so sure:

http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/carrieriq-part2/

All of the logs are uploaded to the CIQ portal and linked up to a equipment ID and subscriber ID - the data recorded is NOT anonymous. It also records all keystrokes, even encrypted information. It then loads it up on the CIQ portal for anyone with access to it to check out. The guy posted a screenshot of their portal on his website as well as their training manuals for accessing that information.

Apparently people with access to the CIQ portal can even read your text messages (according to CIQ's marketing director).

However, CIQ browsing around your info is not the real problem, but rather the following:

"If a bad actor discovered a vulnerability or used malware, he could potentially exploit that opportunity to become a "CIQ Operator" leaving many users helpless against the extensive collection and misuse of their own information and no way to stop it. With so much moving code across the operating system, I would say the chances of malware looking here isn't that far-fetched."

i.e. people can develop malware to take over the CIQ app and steal all your information, people could hack into the CIQ servers and take tons of sensitive information, etc.


#6

Man, it just keeps getting better and better for Android.

HAHA.