Saw this, and figured it worth posting if anyone here has an android phone(I don’t).
[quote]It hasn’t been a good week for Carrier IQ. First a damning video apparently illustrating the extent of what information the program collects surfaces, then everything goes to shit. Now, the company is facing a Senate investigation for potentially millions of violations of privacy laws. And this is the response? cont’d[quote]
[quote]
Your Android Phone Is Secretly Recording Everything You Do (Updated)
If you have any decently modern Android phone, everything you do is being recorded by hidden software lurking inside. It even circumvents web encryption and grabs everythingâ??including your passwords and Google queries.
Worse: it’s the handset manufacturers and the carriers whoâ??in the name of "making your user experience better"â??install this software without any way for you to opt-out. This video, recorded by 25-year-old Android developer Trevor Eckhart, shows how it works. This is bad. Really bad. cont’d[/quote]
It’s not that bad. Many carriers (Verizon, for example), don’t have it on any of their handsets (Android included). Apple had it on their iPhones until recently (still removing traces of it).
It’s not on any of the Google Nexus handsets either.
Also, if you’ve rooted your Android or installed a custom ROM, it’s likely not on there either.
BB, Nokia and Microsoft are pretty much the only ones who don’t, past or present, have it on their phones.
After watching the video, reading the articles and comments, I’ve concluded this isn’t a big deal.
The kid in the video found evidence that info is sent from your phone to Carrier IQ every time you send a text, press a button, etc and automatically assumed they were spying on his emails or something. Carrier IQ came out and said that they aren’t recording the information you send, only whether or not it was sent successfully.
I know fuck all about technology, but this looks to me like a piece of sensationalist journalism meant to scare people (who know fuck all about technology).
[quote]overstand wrote:
After watching the video, reading the articles and comments, I’ve concluded this isn’t a big deal.
The kid in the video found evidence that info is sent from your phone to Carrier IQ every time you send a text, press a button, etc and automatically assumed they were spying on his emails or something. Carrier IQ came out and said that they aren’t recording the information you send, only whether or not it was sent successfully.
I know fuck all about technology, but this looks to me like a piece of sensationalist journalism meant to scare people (who know fuck all about technology like the OP).
[/quote]
[quote]overstand wrote:
After watching the video, reading the articles and comments, I’ve concluded this isn’t a big deal.
The kid in the video found evidence that info is sent from your phone to Carrier IQ every time you send a text, press a button, etc and automatically assumed they were spying on his emails or something. Carrier IQ came out and said that they aren’t recording the information you send, only whether or not it was sent successfully.
I know fuck all about technology, but this looks to me like a piece of sensationalist journalism meant to scare people (who know fuck all about technology).
[/quote]
That’s what I thought at first too, but after reading this I am not so sure:
All of the logs are uploaded to the CIQ portal and linked up to a equipment ID and subscriber ID - the data recorded is NOT anonymous. It also records all keystrokes, even encrypted information. It then loads it up on the CIQ portal for anyone with access to it to check out. The guy posted a screenshot of their portal on his website as well as their training manuals for accessing that information.
Apparently people with access to the CIQ portal can even read your text messages (according to CIQ’s marketing director).
However, CIQ browsing around your info is not the real problem, but rather the following:
“If a bad actor discovered a vulnerability or used malware, he could potentially exploit that opportunity to become a “CIQ Operator” leaving many users helpless against the extensive collection and misuse of their own information and no way to stop it. With so much moving code across the operating system, I would say the chances of malware looking here isn’t that far-fetched.”
i.e. people can develop malware to take over the CIQ app and steal all your information, people could hack into the CIQ servers and take tons of sensitive information, etc.