Anybody using an Android phone might be advised to read up about a business called Carrier IQ and their "Media Alert" programme. Wired reports on it here:
http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/ (http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/)
You can read more about it here: http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/ (http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/)
Basically this software appears to report everything you're doing on your phone even down to keystroke logging.
John Gruber nails it here: http://daringfireball.net/2011/12/translation_carrier_iq (http://daringfireball.net/2011/12/translation_carrier_iq)
The really interesting question is why we're not hearing anything about this in the media. Remember when Apple were caught logging mobile mast locations? That was nothing compared to this and yet nobody is making a fuss.
[EDIT] Looks like it might be on iPhones as well - see the comments on the following:
http://www.macrumors.com/2011/12/01/carrier-iq-keylogging-software-found-on-many-mobile-phones/ (http://www.macrumors.com/2011/12/01/carrier-iq-keylogging-software-found-on-many-mobile-phones/)
Thanks Tac I guess this news is pretty recent and I think people will make a fuss, certainly the logging of SMS message contents goes way beyond any monitoring of network performance. I think people need clear statements about these logging processes and what ends up where!
Quote from: Steve on Dec 01, 2011, 08:31:18
I think people need clear statements about these logging processes and what ends up where!
I agree. There does seem some doubt as to what the iOS implementation does exactly, always assuming this software is actually installed on iPhones. One version suggests it can be disabled under Settings -> General -> About -> Diagnostics & Usage -> Don't Send This implies that it might be restricted to network monitoring rather than anything evil although "Diagnostics and Usage" does not appear under IOS3 prefs - at least not that I can find on my iphone 3G.
Unless you do some serious hacking you'll never know it's there.
Apple have given an update today
http://www.macrumors.com/2011/12/01/apple-stopped-supporting-carrier-iq-in-ios-5-complete-removal-coming-in-future/
'We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.'
:thumb:
Doesn't this only affect US providers?
You may well be correct Griff, the UK providers deny that they collect any diagnostic data although in this blog they don't deny Carrier IQ's presence. Google do not add CarrierIQ to Android
http://www.zdnet.com/blog/btl/which-phones-networks-run-carrier-iq-mobile-tracking-software/64500
According to the Guardian's report, no UK network uses it.
http://www.guardian.co.uk/technology/2011/dec/01/carrier-iq-uk-mobile-networks?newsfeed=true
Quote from: Glenn on Dec 02, 2011, 07:50:51
According to the Guardian's report, no UK network uses it.
http://www.guardian.co.uk/technology/2011/dec/01/carrier-iq-uk-mobile-networks?newsfeed=true
I think ther will be lots of denial, as who wants to admit to using it, you could then just watch your customer base shrink...
They've all been busy switching it off. :whistle:
Amusing stab at the mobile providers.
http://www.zdnet.co.uk/news/security-management/2011/12/02/carrier-iq-gives-the-game-away-40094567/
This is for Android phones
http://www.bgr.com/2011/12/06/how-to-find-out-if-carrier-iq-is-installed-on-your-phone-in-one-tap/
Thanks, Steve, I now know that it's not installed on my HTC Desire phone. :thumb:
Seems more an American standard. Both in the reason (to sell all sorts of customer data/usage reports/statistics) and to enforce companies policies (carriers over there are even more control freaks). Still rather poor form.