Developer finds hidden smartphone logging app

By on November 30, 2011, 6:30 PM

A security researcher by the name of Trevor Eckhart has uncovered a hidden application installed on many popular smartphones that logs nearly everything the user does. Eckhart has posted a 17-minute video on YouTube that shows how the software tracks text messages, Google searches, phone numbers and more.

In the video, Eckhart details the process on his HTC EVO 3D but the software is present on other handsets from manufacturers like RIM and Nokia. The app is called HTC IQ Agent on the EVO 3D and it’s impossible to stop the application from running in the app settings on HTC Android devices. The video shows how the application tracks button presses and even SMS text messages. Furthermore, HTC IQ Agent logs browser searches, even if you are using encryption methods like https. With https, anything after the domain name should be encrypted – it’s not in this case.

Eckhart calls Carrier IQ a rootkit on his blog, which is a term for a piece of software that is installed without the user’s knowledge and is typically used for malicious purposes.

The developer has been in a legal battle with Carrier IQ for some time now. The company sent him a cease and desist letter earlier this month claiming that he violated copyright laws when he published training manuals on his blog. Digital rights group Electronic Frontier Foundation came to Eckhart’s defense and Carrier IQ eventually retracted the legal threat. The group feels that Eckhart has “raised substantial privacy concerns” regarding software that many consumers don’t know about.

Carrier IQ bills themselves as "the leading provider of Mobile Service Intelligence Solutions to the Wireless Industry." A ticker on the company's website shows over 141 million handsets have been deployed running their software. A PDF published on November 16 claims the company does not record keystorkes or provide tracking tools. After watching Eckhart's video, however, it's difficult to believe such a statement. What do you think?

User Comments: 48

Got something to say? Post a comment
Burty117 Burty117, TechSpot Chancellor, said:

What do they gain by tracking what you do on your phone? I hope the iPhone doesn't have anything similar installed :s

Guest said:

OH MY GOD! I used my cell phone and you won't believe what happened! 30 days later i got a bill and the people who i got my cellphone from KNEW everyone i had called!!!!! They new what time I called at, for how long i talked for, and EVEN KNEW if it was long distance or not!!!

WHERE IS MY PRIVACY!!!!?????????????!!!!!!!!!!!

Ranger1st Ranger1st said:

so.. how much does homeland security LOVE this company ...

Guest said:

Don't kid yourselves, Qualcomm and other mobile chipset makers incorporate the ability to turn on your phone remotely and listen to your conversations as part of the modem firmware. The NSA uses it to check for disgruntled citizens and other potential "protestors" or "insurgents".

Carrier IQ is most probably filthy with NSA and CIA operatives, just like any other US company in certain industries important to "national security".

Don't forget the state governments: CIA plants in Every Single state. Just in case they need to check your driver's license info for strictly clerical reasons... you know.

Kibaruk Kibaruk, TechSpot Paladin, said:

Burty117 said:

What do they gain by tracking what you do on your phone? I hope the iPhone doesn't have anything similar installed :s

So... what would they get out of tracking the one thing you take everywhere and do almost everything on that includes a gps system... what could they gain from it... what... what... what... I still can't think of a single reason why sorry mate

RH00D RH00D said:

I believe it was stated in an Ars Technica article that the iPhone has no Carrier IQ on it. Although, they didn't deny the possibility that Apple itself could be tracking similar things through their own software built into iOS.

kamz999 said:

Just getting closer and closer to the new world order...

Guest said:

I believe the point here is that the tracking software can log your user names and passwords. Like, for instance, the ones you use to access your bank accounts. Or, if that isn't scary enough for you, they could break into your facebook account.

Good luck keeping your privacy and your money.

Guest said:

Ooohhhhhh, but they do! Why would you think they don't?

Guest said:

It has just been found on the iphone

Guest said:

I wonder if the same sort of hidden programs may have been installed in Laptop computers! Any thoughts? Anyone?

Guest said:

well, any OS has logging capabilities including audit logs. So it is not a big deal. However I agree that the logs should not display sensitive info such as passwords in clear or entire https URLs in clear. So as long as these logs are not sent to anybody outside I do not see other security or privacy concerns.

Guest said:

Most of you are totally missing the point! https: is supposed to be encrypted. Because it is not doing any banking, email, or other password based communication is open for theft if found out. This is much worse than worrying about govt listening. Analytics are fine, but keystroke recording is crazy wicked.

Guest said:

LOL china

I dont see any smart phones by Motorola.

Guest said:

Some (I used the word some) of these Occupy Wall Street-ers are just a > boil on the worst part of society's ***!

Quote of the day >

Protester "ahhhhhh yehhhh, I think everyone should have some technology"

Reporter> "So you think everyone should have an iPad or cellphone?"..."I see you have one there in your hand"

Protester> "Yee yea yea....everyone should have an iPhone and iPad"

Reporter >"Can I have yours and will you share it with everyone here?"

Protester> "No way dude (it was lady a reporter)....personal property IS NOT private property and whatnot"



Be very careful what you wish for protesters! Think about what you are asking your government to do > GIVE EVERYBODY A TRACKING and money TRANSACTING/payment device to keep track of your dumb ***.

"The easiest way to get someone(s) to do exactly what you want them to to make them think they have no other choice...or to make them think it was their idea"

These sheep are walking themselves to the slaughter

by Steven L. Goff - 11 days ago - 4 answers - 130 views

Guest said:

The real "1984".

Guest said:

Big Brother is here and has been for a long time. We were forewarned in the Bible that in the last days you would not be able to buy or sell without the mark of the beast. Computers, everything that is electronic in nature with the ability to make calculations, are in the hands of nearly everyperson at least every family on this earth. NWO is watching us all the time, maybe right now some person is already getting ready to grab the power of all the nations to make people worship him. Oh yeah, I am just a religious nut!

Guest said:

news older than the hills.

Guest said:

Google sucks.

Guest said:

I've head of this remote monitoring before as well. It seems plausible to a point, but you'd think you'd see more battery drain when its off. It also brings up liability questions if for instance the phone is off because the signals could interfere with medical equipment... I'm guessing they SHOULD need a warrant or at least one of those damnable NS letters to activate the firmware call backs. Would probably mean it wouldn't be detectable unless one was the subject of said warrant. I guess the moral of the story is you should either hold your "suspect" meetings in a faraday cage or just pull the battery from the phone... I don't care how sneaky they are no power is a no go and in modern ultra sleek phones there just isn't a whole lot of room for secondary back spy batteries/capacitors. Also a secondary lesson would be monitor your phones RF output in the aforementioned faraday cage (to avoid environmental interference) while its off, if you see any changes in activity the FEDs are on to you. :-P

Naplesmark said:

What do they gain..are you kidding me. this is big brother at its best. Forget about battery drain. When you turn on the phone everything will catch up, you will never realize. This truly is 1984....

Guest said:

This is just an example of what happens when you do not protect your civil liberties. All of these measures are a result of laws passed to protect us from terrorism. It is illegal for them to root around your house or even listen to your phone calls without a warrant. But it probably isn't illegal for them to obtain the same information through these types of apps without a warrant. Hell we will probably start getting speeding tickets from them tracking our phones while we drive. (To protect the children from unsafe drivers of course.)

Guest said:

I would like to know the relationship between federal government agencies and this firm.


Guest said:

This is big. We are such slaves to big brother. We don't realize it until someone like you uncover their sneaky tactics.

Guest said:

This isn't about the government monitoring you. This isn't about routine OS logging. This isn't about Occupy Wall Street (?!)

This is about your confidential data being transmitted wirelessly in CLEARTEXT! Your PIN might just as well be flashed on a big public screen as you type it at the ATM.

It's one thing for a carrier to log usage information to provide better service. It's one thing for the NSA to tap your communications for "national security".

It's something else, something IRRESPONSIBLE and hopefully actionable, for a provider to put a back door on your portable networked device such that your keystrokes, ids and passwords are visible to any criminal with a wireless sniffer.

Why would anyone think this isn't a problem? Would you let your doctor or lawyer post your medical/legal info on a public bulletin board? Would you forgive your maid for leaving her copy of your housekey lying around for anybody to duplicate? Are you the kind of person whose password is "password"?

Your confidential info may not be strictly private. But that doesn't give your carrier the right to expose it to the public at large. If companies are people, then they too carry "personal responsibility".

Hold them to it.

Guest said:

The transmission in the clear of keystroke data for a supposedly encrypted https session is spooky and of course ripe for identity theft. Even more scary is that hackers know know about the Carrier IQ app being present on millions of smartphones. I predict that hackers will create a new class of malware which uses the Carrier IQ app to steal your identity, money, and pretty much everything else about your life.

Guest said:

I do believe there are many reasons to be concerned about privacy, but I don't think this is one of them. There's no proof that any of this information being logged is transmitted in any way, and the legal consequences of doing so will be so catastrophic that I don't believe any comm company will be willing to do it.

Guest said:

I have worked in mobile phone development for 20 years, and this comes as no surprise to me.

Network operators (carriers) want to know how devices behave on their networks to optimize performance (to improve the end-user experience). In some cases, this includes the desire to log user behavior to be able to debug issues if there are problems. I know of at least one Chinese carrier who mandated a specification to collect this kind of data. They also collect data on application usage to be able to 'up-sell' other applications, and help with marketing. The carriers request this information from the handset manufacturer, such as HTC, and they must comply if they want to sell the handsets to that carrier. That forces HTC, and other handset manufacturers, to find software providers like Carrier IQ to provide solutions.

I haven't seen this kind of situation come up in the US however, because the carriers, handset manufacturers and 3rd party software providers are all very much aware of the privacy laws in the US. I have been involved in dozens of projects that would have been easily solved by collecting key presses, and all kinds of other user-input data, but we were never allowed to do that do to the strict privacy concerns. That is not the case in China though.

What might have happened here is that HTC is using some of the same software builds for Asian markets for handsets that are going to the US, by mistake. I would be very surprised if they did this on purpose, because when I meet with all the US carriers and handset manufacturers (Nokia, Motorola, HTC, etc - everyone), and get into detailed technical discussions, they/we always agree not to log user input data. It's a huge legal risk, and no-one I know would do it.

This leads me to think that it must have been a mistake, not a planned event.

As far as the NSA/CIA conspiracy theory comments, that's not true. Government agencies can get all the data they need from the network-side, and can unscramble & decode everything. All encryption technology is provided to the government long before the phones hit the market, so they have the ability to intercept everything within the network whenever they want. This has been the case since phones first started in the last 80's. But the point is that they don't do it unless they have a legal right to do it (that is a separate debate). The government don't need to know what keys are pressed on a phone by getting a device-side logging client to send them a file. They can reverse-engineer pretty much everything from the network-side without getting into the device.

My policy is to not do banking from my mobile phone. Better safe than sorry.

Per Hansson Per Hansson, TS Server Guru, said:

Guest said:

Why would anyone think this isn't a problem? Would you let your doctor or lawyer post your medical/legal info on a public bulletin board? Would you forgive your maid for leaving her copy of your housekey lying around for anybody to duplicate? Are you the kind of person whose password is "password"?

Very well said, I echo your thoughts exactly as I read these user comments...

Guest said:

We all wanted smart phone, yeah, you too wanted one; admit it. But what we all never pay attention to is that we pay our own money and trade in our liberty and civil right with these devices.

What is funny is that they always make us believ that whatever they do , they are doing it for us, our safety and National security. They tap into our fear and animocity towards vilains ( vilains that keep them in business, thier capitals you can say) to creat laws that they would latter use again us.

The only way out of this pravicy infringments is for the masses to boycott any careers found coniding with these institutionalized mass murderer of our civil liberty. We are made to believe and chant out that we are the freer nation on the face of the plannet...Lol.

fimbles fimbles said:

Yups its in the iphone ios too.


Guest said:

You have no privacy on your cellphone at all.

treetops treetops said:

I bet this company has been black mailing for awhile. They probably stopped getting paid and made what they have been doing for cell phone companies public. They probably use this software for security and data gathering. Probably mainly for marketing, even down to how they think a presidential candidate should comb his hair. Free polls!

Guest said:

This company and the ones who sold these handsets with the knowledge of this, should all be sued.... & immediatly.

Secondly, the public cannot have this type of "sub-marketing" going on, without their approval. This is 100% illegal..!

Otherwise... lets put this "root kit" into HTC's office computers... so the public can see what their doing..?

Guest said:

Yet its so easy to turn it off... What are you all yapin about, the problem is not that you're being tracked but that you're so stupid to be tracked. I really have to emphasize _STUPID_ here!

MilwaukeeMike said:

think about it... is it really 1984, big brother watching you, and all that scary if you have to read about it on a tech website to know it's happening?

In 1984 they had a 'TV' with a camera on it so they could watch you watch the propeganda on the TV. The biggest thing I've learned here is American's propensity to grossly exaggerate.

RH00D RH00D said:

Windows Phone 7 devices are the only ones without this installed.

Guest said:

...And iOS devices (iPhone, iPad).

SNGX1275 SNGX1275, TS Forces Special, said:

From: [link]

Update: chpwn notes that initial research indicated that Carrier IQ's software may only be active when the iPhone is in diagnostic mode. In a blog post, chpwn confirms that, based on his initial testing, Apple has added some form of Carrier IQ software to all versions of iOS, including iOS 5. However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default. Finally, the local logs on iOS seem to store much less information than what has been seen on Android, limited to some call activity and location (if enabled), but not any text from the web browser, SMS, or anywhere else.

Not enabled in iOS by default.

Now compare the comments on this story to the comments on the story about Apple tracking your location: [link]

That was only your location, not everything you were doing. Very few posters in this article have the outrage displayed in the Apple story.

MilwaukeeMike said:

I'm surprised at how many people think this is oppression and an example of the govt watching you. From the story on Information week quoting a lawyer who weighed in...

"Carrier IQ, prepare for a multi-million $ class action lawsuit. Maybe a criminal case too? Federal wiretapping is a 5-year felony"

The govt isn't doing this!!!!

PinothyJ said:

milwaukeemike said:

think about it... is it really 1984, big brother watching you, and all that scary if you have to read about it on a tech website to know it's happening?

In 1984 they had a 'TV' with a camera on it so they could watch you watch the propaganda on the TV. The biggest thing I've learned here is American's propensity to grossly exaggerate.

This is no where even remotely like nineteen eighty-four but we cannot all be educated...

tonylukac said:

Another ironic thing is the customer pays for this with his $80 a month phone bill. Prepaid phones have no such tracking and cost a lot less.

Guest said:

"China could be leveraging electronic exports to spy on the US."

This article goes hand in hand with the above Techspot article and the below reference from an earlier Guest poster on this thread.

"What might have happened here is that HTC is using some of the same software builds for Asian markets for handsets that are going to the US, by mistake. I would be very surprised if they did this on purpose"

Relic Relic, TechSpot Chancellor, said:

RH00D said:

Windows Phone 7 devices are the only ones without this installed.

Heh, ya noticed that too.

JudaZ said:

Actually no Nokia phone has ever had this installed ... the article is incorrect.

Nokia categorically denied this as soon as it surfaced...

Guest said:

Okay, so you all keep track but when I call wondering about lost information from my phone why is it I'm always told there's nothing more you all can do about it? Apparently there is...if you keep track of all my information, I'd appreciate it if you would send back my songs or videos if they accidently get lost or deleted. I find it to be an invasion of our privacy that you are doing this and feel that 1) you should require our permission before montioring, 2) allow us to pick what is monitored, and 3) allow us to get the information that you hold back. It may come in handy for lost programs, divorces (messages containing infidelity), and former numbers we once deleted. But once again I say ask us! It should be the people that help pay your bills that should be given the choice.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.