Trevor Eckart posted this video showing Carrier IQ in action.
Millions of Android phones are running software written by Carrier IQ that tracks every keystroke, has full privileges, and can't be stopped. Even keystrokes over Secure HTTP are tracked.
Researcher Trevor Eckart first called Carrier IQ a "rootkit" since it hides from the operating system and can't be turned off. Carrier IQ, rather than explaining their program, threatened Echkart with a cease-and-desist letter. Once the
Reports are flying around the Web now that Carrier IQ's app functions like an illegal wiretap, and may violate the privacy of every phone user. Reasons the legal firestorm may be severe? Carrier IQ tracks the phone location, even when location services are turned off. Over 141 million phones have this Carrier IQ app that promises carriers "accurate, real-time data direct from the source – your customers' handsets." Further, they claim, "we are the only company embedding diagnostic software in millions of subscribers' phones."
Cue the lawyers!
Can’t wait for the class action lawsuit to happen!skeelosta on forbes.com
Remember when people were up in arms about how much location data iPhones stored locally?
This is 1000 times worse.mcritz on news.ycombinator.com
If this is proven true, then its very serious, not least because of the scale of it. If that is the case, its time for a massive class action to utterly destroy their company and send a clear warning to others.Asgard on theregister.co.uk
It is the presence of a keylogger, which (at the very least) is echoing keystrokes, that is the problem. Whether they 'send' everything or only parts of it, or whether the data is anonymized, aggregated etc is a whole other discussion.hackoder on news.ycombinator.com
Privacy? What's that?
My Sprint Galaxy SII 4G pretends to let you kill the application but 'top' shows that it's still running. Nice trick. Maybe I'll have a chat with Sprint.Kevin McMurtrie on theregister.co.uk
Tempest in a teacup
However, what this video shows does not yet constitute a serious violation of privacy, as the logs that you are seeing are on-device only and I see no evidence that the information is shared with anybody.bscotth on forbes.com
If I've got an issue, then I'm happy for my phone to dump everything to a log to enable debugging - but I want a nice icon to indicate it's running, another one to turn it on and off, one to review what it wants to send and finally a 'send' button.goldcd on theregister.co.uk
That's data like phone location, applications used, etc. Very bad yes, keylogger reporting your password, no.EwanToo on news.ycombinator.com
What Carrier IQ forgot to mention is they embed their software in customer phones, whether the customers want it or not. And the customers can't turn it off.