http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/

Link contains a video but here's a snippet from the article:



An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.


In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software.

http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/

Link contains a video but here's a snippet from the article:

Yep and Carrier IQ is suing him for finding this out (and subsequently showing how to remove it from the kernels of various phones, the first of which was the 3vo). They tried their big brother tactics with him legally, but the Electronic Freedom Frontier took up his case and now CIQ is starting to back down. - LOL fuckers.

Reminds me of the time I interviewed with a marketing company a year back. They mentioned the product to get extreme marketing data from groups of ppl. I said "where do you guys get this data? Surveys?" fuckers looked at each other and barely nodded :pctoss

So is rooting the phone and installing a rom the only way to get rid of this shit?

So is rooting the phone and installing a rom the only way to get rid of this shit?

I *THINK* so. I know he created an app called logging test and if I remember from the XDATV episode I saw, I think the app can block (but not remove) this. You might want to go ask. He goes by TrevE on XDA, you could probably PM him.

here is the xdatv episode about the app (http://www.xda-developers.com/android/logging-test-by-treve-sassibob-review/)

Lol smartphones getting outsmarted

Mark of the Beast tbh

lol its on the iphone as well
http://news.cnet.com/8301-13506_3-57334575-17/carrier-iq-tracking-iphone-customers-too-hacker-says/?tag=mncol;txt

I thought carriers couldn't alter iOS anyway or form so it being on iOS is shady as fuck.

HTC is blaming the carriers on this one:

http://gizmodo.com/5864318/htc-blames-the-carriers-for-the-carrier-iq-spying-mess-on-htc-phones


HTC has reached out to us with an official statement on why Carrier IQ aka the hidden software lurking and spying on you (http://gizmodo.com/5864220/what-is-carrier-iq) was on HTC phones. According to them, it's not HTC's fault at all! It's the stupid US carriers who require Carrier IQ. Here's the official word:
"Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we'd advise them to contact their carrier.
It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application."
Smart of HTC distancing itself from this mess and shifting blame.

Here's another article that further explains why all of this is so fucked up and what it is.

http://gizmodo.com/5864220/what-is-carrier-iq

What Is Carrier IQ?

Holy data privacy scandal! Over the last week the news that Carrier IQ has been tracking millions of smartphone users (http://gizmodo.com/5863849/your-android-phone-is-secretly-recording-everything-you-do?tag=carrieriq&########) without their knowledge has ballooned into a full-blown clusternut. Carrier IQ, huh? Sounds nefarious. But what exactly does it do? And why should you care?

Carrier IQ is a third-party metrics service...

Smartphone manufacturers and carriers alike are dying to know how you use their products in the real world. They want this information to help them to study performance, make business decisions, and improve products. Carrier IQ is an "embedded analytics company" that serves that information up to its clients on a silver, snooping platter.

…that, unbeknownst to customers, possibly installed software on millions of Android, BlackBerry, and iOS handsets...

Until yesterday, most people probably didn't even realize they had Carrier IQ installed on their phones. The software isn't part of Android, iOS, or BlackBerry OS. It's installed independently by either your carrier or your phone manufacturer. A rolling counter on the Carrier IQ website claims more than 140 million devices. But which ones? It's not entirely clear at this time, although several companies have stepped forward to say they don't have the software (http://gizmodo.com/5864116/these-are-the-phones-were-pretty-sure-dont-have-carrier-iq). It's off by default in iOS (http://gizmodo.com/5864107/yes-your-iphone-is-tracking-you-with-carrieriq-too) but activates, in a limited way, when you put your phone in Diagnostics mode. Android owners can also test their handsets (http://gizmodo.com/5864123/you-can-test-your-android-for-carrier-iq-sort-of) to see if they're affected.

…to collect swaths of "performance data"...

What data the software collects depends on what entity installed it on your phone, because Carrier IQ is customized to meet the desires of the client that uses it. In corporate marketing materials, Carrier IQ says that includes relatively benign info like data speed and app usage. But Trevor Eckhart, the developer who first outed Carrier IQ (http://gizmodo.com/5863849/your-android-phone-is-secretly-recording-everything-you-do?tag=carrieriq&########), has demonstrated that the software can log virtually anything you do on your phone: calls, location, even keystrokes. That means it could in theory log all your passwords and credit card numbers when you punch them in.

…which is definitely creepy…

If we've learned anything about privacy from Facebook it's that this level of granular data collection freaks people out even when they know about it. And when you think about what it does when it's done with spying, tracking, logging—pick a term—it's downright sickening. What's being collected and what do they know about me? What are they going to do with that information and who has access? Those are all still open questions.

…and it's possibly illegal…

Well, Carrier IQ has already been hit with a Senate investigation (http://gizmodo.com/5864218/carrieriq-gets-hit-with-senate-investigation), and as Forbes reports, since we didn't know about the service it might actually violate the Wiretap Act (http://www.forbes.com/sites/andygreenberg/2011/11/30/phone-rootkit-carrier-iq-may-have-violated-wiretap-law-in-millions-of-cases/) millions of times over. Is it possible that you signed off on some terms and conditions agreement that had Carrier IQ buried deep? Sure. But it's still not unreasonable to expect a class action lawsuit and other legal action.

...despite Carrier IQ claims that it's actually benign...

According to a statement by Carrier IQ, it's besides the point that they can log keystrokes because the software is "counting and summarizing performance, not recording keystrokes or providing tracking tools."

...which are demonstrably untrue.

The company claims it's not logging keystrokes or anything else, and even if it was, it's all processed before it ever goes back to the clients. But that stance was largely disproven by Eckhart (http://gizmodo.com/5863849/your-android-phone-is-secretly-recording-everything-you-do?tag=carrieriq&########), who demonstrates on film that keystrokes submit unique key codes to Carrier IQ on affected phones, and that even secure connections are vulnerable.

There's going to be a lot more information coming as this story unfolds, but in the meantime: either the carrier/handset manufacturers associated with Carrier IQ didn't know exactly what was going on, or they did and thought they wouldn't get caught. And either way, this is repulsive stuff. Hopefully a reckoning is on its way.

Carriers can't alter iOS, but they can enable/disable settings. (like when you purchase tethering, it gets activated on your phone). Since the software is built into iOS already, they can toggle it on or off. That said, I'm pretty sure sending Carrier IQ data on iOS is controller by a switch in the *users* settings. Settings->General->About->Diagnostics & Usage.

The reason, IIRC, is because Apple got sued for sending that data (and users incurring in data usage charges) in earlier versions of iOS.

I don't like that one bit. It's one thing if you're a stupid customer and install this software without knowing but having the thing built into the operating system is kind of fucked up. They've should of from the beginning tell customers what's going on.

Is this covered in their EULA?

Mine was off when I checked my iPhone.

haha, small win for Nokia user(s), if there are any left in America besides me

haha, small win for Nokia user(s), if there are any left in America besides me

I have read that this has been attached to symbian as well.

i didn't want to tell him that but, yeah pretty much that

dammit

I don't like that one bit. It's one thing if you're a stupid customer and install this software without knowing but having the thing built into the operating system is kind of fucked up. They've should of from the beginning tell customers what's going on.

Is this covered in their EULA?

Considering they're licensing "the software" to you, and "the software" includes all that crap, I would say that it does.

This kind of software predates smartphones too.

tbqh, in the times we live in, I wouldn't be surprised if the inclusion of that kind of software isn't mandated by some obscure natsec order.

Carrier IQ: 'We're as surprised as you'

NEW YORK (CNNMoney) -- The company behind the now-notorious Carrier IQ software that has been found to log every keystroke pressed, website visited and text message sent by 150 million mobile phone users said Friday it was shocked to learn that its software was doing that.

http://money.cnn.com/2011/12/02/tech...source=cnn_bin

Oh shit Skynet took over! They never told it to do that!

I'm not sure why this is just now getting so big. Every ROM i've ever installed on a Sprint phone talked about removing this shit.