When Your Smartphone Tracks Your Every Keypress, Message And Location

Posted by

Carrier IQ
It is a potential nightmare situation – where your phone tracks every keypress, message and location (even when you disable GPS location services). A nightmare, yes. But it is with us already.

A researcher named Trevor Eckhart found that a logging software from a company named Carrier IQ is installed on a number smartphones from multiple manufacturers and carriers, and it tracks every keypress, message and location and sends this information out – all without the user’s knowledge.

Trevor’s research using his Android-running HTC EVO 4G smartphone led to the discovery of this software from Carrier IQ.

You can watch the video of his demonstration below:

Carrier IQ claims that the information collected is to help improve the user experience on mobile devices.

Who Is Guilty?

Carrier IQ is not built into any mobile OS, but is installed at the point of customisation or manufacture by either the carrier or device manufacturer.

HTC have come out to say that they run an opt-in system and have no direct involvement in installing Carrier IQ ion their devices. They point at the carriers.

Microsoft have boldly stated that Carrier IQ is not installed on any Windows Phone. See tweet by Microsoft’s Joe Belfiore.

Apple, who have been recently hit by a privacy storm, have stated that they stopped supporting Carrier IQ in iOS 5, and would completely remove it in future updates.

Through its Blackberry Advisor, Mark Sohm, RIM has stated that it does not pre-install the CarrierIQ application on BlackBerry smartphones and has never done so or authorised its installation.

TechCrunch says:

Eckhart’s original report has shown that Carrier IQ has been discovered on HTC and Samsung devices, and that CarrierIQ counts Sprint among their domestic carrier clients. AT&T also appears to use Carrier IQ on their devices: a member of the XDA-dev forums called AT&T and was told that Carrier IQ is indeed preloaded on the HTC Vivid. Other carriers, including Verizon, Vodafone, and O2 have all denied that they use Carrier IQ on their devices.

Nokia and RIM were also among the companies that Eckhart claimed CarrierIQ provided their “mobile intelligence” services to, but they have vociferously denied the connection. The Verge also reports that the three devices in Google’s Nexus line are free of the logging service, so Nexus devotees can rest easy.

RIM has responded that “If the CarrierIQ application is present on a BlackBerry smartphone, it does not mean that the CarrierIQ application has “hacked” the BlackBerry platform. It means that either the BlackBerry smartphone user or the user’s BlackBerry Enterprise Server admin explicitly installed the application and authorized it to run“.

The whole Carrier IQ scandal seems to be a US-only issue, so not everyone in the world has to worry about it. Of course, if your phone was imported from the US, especially if branded by one of the fingered carriers, chances are that you are in the picture too.

Stay In the Know

If you use an Android phone – and it is rooted or you are willing to root it – you can run a quick check to find out if Carrier IQ is installed on your phone.

Download Eckhart’s free Logging Test app. Once installed, hit ‘CIQ Checks’ to run the test.

Wrapping Up

If manufacturers and carriers need user feedback, it should be an opt-in system, not something that runs hidden in the system. Also, exactly who is the info sent to, and what is it used for? How safe are the users from exposure?

Questions. Questions.

The US justice department has shown interest in this, and talks of lawsuits are already in the air. This can get very messy, but in my opinion, the public has a right to know what is going on.

This will certainly get more interesting. Comments welcome!

15 comments

  1. for us in nigeria where most high-end phones are not locked onto any carrier, do we still stand the risk of being prone to that attack?? i doubt.. i also stand to be corrected

  2. My thanks goes to Trevor Eckhart. May God Bless him. May he live long to expose more nefarious actions by our so-called money loving and despotic carriers!

    Fortespy, Do not be deceived. Nigeria is a crazy countries. If the carriers are doing it who would know here? Who would even care? As long as the Reglators are settled, anything goes here. It’s only because there’s righteous indignation on this in the US that’s why this inimical practise is being curbed. However, just stop and think! This practise has been going on for a very very long time without any of our knowledge. Maybe if it was discovered by a researcher in Nigeria, we’d know how deep this very rabbit hole goes!

    By the Way, I heard Carrier IQ THREATEND Trevor Eckhart with legal actions initially to intimidate him, hoping to kill the exposure! But then providence took over and the whole sordid details is out for the whole world to see. Independently verifiable! It is not an issue of someone crying wolf! The wolf is actually out there for all to see. Trevor Eckhart is a one man crusader! I hope he wins the Time “Man of the Year” for this year or the nobel price next year. This was indeed a Herculean discovery of astronomic proportion!

  3. Sure as Mr. Mobility said, this ought to be an opt in thing. I mean, even if they are not collecting sensitive user data, constant logging and sending of user activities would eventually amount to some significant bandwidth which cost has to be borne by the user.

    I mean it is unfair that the user is not aware of activities going on on his phone that would increase his cost of using the phone. And I’m now thinking how much this could have contributed the the data usage in Android and iOS devices.

  4. For the majority of people here (Nigeria)- like stated in the post, this is of no security consequence. Not unless you are GEJ, or something..

    The only issue of concern, as enunciated by Harry Echemco, is the additional, surreptitious data consumption costs. That can be really annoying as you’re money is being wasted without you’re consent / knowledge.

    The installation of this sort of invidious / insidious traking software should be considered amoral, immoral and illegal – and challenged in a court of law..

  5. Another thought..

    Could it truly be that one of the reasons why Android and iOS suck data so mercilessly is because of something like this?

    Asking this because the volume of data reportedly guzzled by these two OSes makes one wonder just what is being downloade / uploaded to/from this genre of phone – on continuing bases

  6. Exactly. Was shocked when i learnt of a lady whose android device alledgedly used up 25mb at night….while she ws sleeping (think i read that on this blog….nt sure).
    Also true, in Nigeria the regulators dont care enough bout such threats…i bet GEJ prob doesnt even use a bb for security reasons.

  7. I also saw it in a tech blog somewhere that it is part of Apple’s Privacy Agreement that your iPhone can take pictures of your evironment with its camera and also save the phone’s location coordinates as a database file in the file system without the owner’s knowledge or approval. This info would then be sent to the Apple server on a regular periodic basis. It was also proved that such info can be hacked and used by third parties

  8. This is the news of the Decade.

    Trevor Eckhart deserves some thumbs up.

    We now know where all the data goes.

    Been following up on this news and it looks like; even the creator of this app is not aware of the capabilities of the app.

    This is why I love America, we already have 2class action lawsuits against Carrier IQ and some manufacturers. For the records Android is the worst hit here as Apple as made comments that they no longer support the app in most iOS5 devices and will discontinue it going 4ward. WP7 says, we don’t have it at all.

    Carrier IQ has even made comments that we have to blame manufactures too that they themselves (Carrier IQ) are not even aware of some capabilities of the app.

    My question now is……………

    Who knows what else is hidden? Are there other apps like this?

    Well, Android remains a lovely OS and I am with Android for better for worse.

    So I think the best thing for every Android owner is to confirm if Carrier IQ is on their Device at all.

    Trust developers, there are now several Apps for that most are Free.

    There is even one with a name u can never miss ‘Carrier IQ Detector’
    https://market.android.com/details?id=com.lookout.carrieriqdetector&feature=related_apps#?t=W251bGwsMSwxLDEwOSwiY29tLmxvb2tvdXQuY2FycmllcmlxZGV0ZWN0b3IiXQ

    Please lets know if you have CIQ on your phone in the comments.

    One last thing, I would have loved to here Steve Jobs comments on this issue.

  9. Gentlemen, my take on this issue is very simple, the world changed after September 11. Western governments have been developing tools that can be used to spy on their citizens. These involve tracking and logging our conversations. Mobile networks have been helping to make this possible.

    Also social networks like facebook do the same thing. Yes I have said it, all the members (except me lol) of this forum, are members of facebook, as a result they have your pictures, they know your names and they know what you ‘like’. They have a copy of all the conversations you have been making since you joined. They know your friends and they know your birthdays. Many of these tools are built into these new devices. Thanks to the GPS on our phones, they even know where you are.

    Nothing will come out of this case, they will only get a better program to do what they want. Welcome to the world of ‘big brother’. Get use to it, they are watching

  10. I still believe that data consumption is the least to worry about in this IQ palaver! We should just pause to appreciate the gravity of the security and privacy breach. Those carriers could read and know your every keystroke, tap, SMS, email, credit card information, porn sites visited, surreptitious calls to babes,…. To name a few! Let’s pause a moment to consider. They have you in the palm of their hands. They could make or break you! Destroy almost anyone.

    I’m not trying to lay a conspiracy theory here. Butwhat I’m saying is that Privacy is so much Under-rated unwittingly by almost everyone. We share a lot on Facebook and Google intentionally. While others secretly gets our data right by our faces without us knowing. They are all worth a lot to the right company or “person”. With these days of Hackers, you can Imagine if these carrier information falls to the hands of a perverted individual?

    Finally, do not think our carriers are exempted. They may have queued into this IQ schemes and also fleecing our private information. Even if not, is there any thing stopping AT&t or HTC, Apple Samsung from getting our private information even if we are in Nigeria? Let’s not be so sure. Let’s not downplay the significance of Carrier IQ. In the US, Litigations against Carriers and most phone Manufacturers have begun to flow!

    Once more, we need to thank Trevor Eckhart for bringing this to light. For spending his own resources, time and effort to expose this Gestapo antics by a group of despotic capitalist companies!

    In a nutshell, If one must participate in Any form of trial or if you say you claim as a company that only wish to improve the “user experience” at least give your customers the option to opt in. At least the Android or Apple device is not free. It was bought with hard earned money. So we demand our privacy!

    I say OCCUPY CARRIER IQ!

  11. Greatest Fear.

    They are all worth a lot to the right company or “person”. With these days of Hackers, you can Imagine if these carrier information falls to the hands of a perverted individual?

Have Your Say

Your email address will not be published. Required fields are marked *

Discussions are moderated for civility