Developer finds hidden smartphone logging app

By Shawn Knight · 48 replies
Nov 30, 2011
Post New Reply
  1. I would like to know the relationship between federal government agencies and this firm.
  2. This is big. We are such slaves to big brother. We don't realize it until someone like you uncover their sneaky tactics.
  3. This isn't about the government monitoring you. This isn't about routine OS logging. This isn't about Occupy Wall Street (?!)

    This is about your confidential data being transmitted wirelessly in CLEARTEXT! Your PIN might just as well be flashed on a big public screen as you type it at the ATM.

    It's one thing for a carrier to log usage information to provide better service. It's one thing for the NSA to tap your communications for "national security".

    It's something else, something IRRESPONSIBLE and hopefully actionable, for a provider to put a back door on your portable networked device such that your keystrokes, ids and passwords are visible to any criminal with a wireless sniffer.

    Why would anyone think this isn't a problem? Would you let your doctor or lawyer post your medical/legal info on a public bulletin board? Would you forgive your maid for leaving her copy of your housekey lying around for anybody to duplicate? Are you the kind of person whose password is "password"?

    Your confidential info may not be strictly private. But that doesn't give your carrier the right to expose it to the public at large. If companies are people, then they too carry "personal responsibility".

    Hold them to it.
  4. The transmission in the clear of keystroke data for a supposedly encrypted https session is spooky and of course ripe for identity theft. Even more scary is that hackers know know about the Carrier IQ app being present on millions of smartphones. I predict that hackers will create a new class of malware which uses the Carrier IQ app to steal your identity, money, and pretty much everything else about your life.
  5. I do believe there are many reasons to be concerned about privacy, but I don't think this is one of them. There's no proof that any of this information being logged is transmitted in any way, and the legal consequences of doing so will be so catastrophic that I don't believe any comm company will be willing to do it.
  6. I have worked in mobile phone development for 20 years, and this comes as no surprise to me.

    Network operators (carriers) want to know how devices behave on their networks to optimize performance (to improve the end-user experience). In some cases, this includes the desire to log user behavior to be able to debug issues if there are problems. I know of at least one Chinese carrier who mandated a specification to collect this kind of data. They also collect data on application usage to be able to 'up-sell' other applications, and help with marketing. The carriers request this information from the handset manufacturer, such as HTC, and they must comply if they want to sell the handsets to that carrier. That forces HTC, and other handset manufacturers, to find software providers like Carrier IQ to provide solutions.

    I haven't seen this kind of situation come up in the US however, because the carriers, handset manufacturers and 3rd party software providers are all very much aware of the privacy laws in the US. I have been involved in dozens of projects that would have been easily solved by collecting key presses, and all kinds of other user-input data, but we were never allowed to do that do to the strict privacy concerns. That is not the case in China though.

    What might have happened here is that HTC is using some of the same software builds for Asian markets for handsets that are going to the US, by mistake. I would be very surprised if they did this on purpose, because when I meet with all the US carriers and handset manufacturers (Nokia, Motorola, HTC, etc - everyone), and get into detailed technical discussions, they/we always agree not to log user input data. It's a huge legal risk, and no-one I know would do it.

    This leads me to think that it must have been a mistake, not a planned event.

    As far as the NSA/CIA conspiracy theory comments, that's not true. Government agencies can get all the data they need from the network-side, and can unscramble & decode everything. All encryption technology is provided to the government long before the phones hit the market, so they have the ability to intercept everything within the network whenever they want. This has been the case since phones first started in the last 80's. But the point is that they don't do it unless they have a legal right to do it (that is a separate debate). The government don't need to know what keys are pressed on a phone by getting a device-side logging client to send them a file. They can reverse-engineer pretty much everything from the network-side without getting into the device.

    My policy is to not do banking from my mobile phone. Better safe than sorry.
  7. Per Hansson

    Per Hansson TS Server Guru Posts: 1,959   +217

    Very well said, I echo your thoughts exactly as I read these user comments...
  8. We all wanted smart phone, yeah, you too wanted one; admit it. But what we all never pay attention to is that we pay our own money and trade in our liberty and civil right with these devices.

    What is funny is that they always make us believ that whatever they do , they are doing it for us, our safety and National security. They tap into our fear and animocity towards vilains ( vilains that keep them in business, thier capitals you can say) to creat laws that they would latter use again us.

    The only way out of this pravicy infringments is for the masses to boycott any careers found coniding with these institutionalized mass murderer of our civil liberty. We are made to believe and chant out that we are the freer nation on the face of the plannet...Lol.
  9. fimbles

    fimbles TS Evangelist Posts: 1,185   +208

  10. You have no privacy on your cellphone at all.
  11. treetops

    treetops TS Evangelist Posts: 2,073   +219

    I bet this company has been black mailing for awhile. They probably stopped getting paid and made what they have been doing for cell phone companies public. They probably use this software for security and data gathering. Probably mainly for marketing, even down to how they think a presidential candidate should comb his hair. Free polls!
  12. This company and the ones who sold these handsets with the knowledge of this, should all be sued.... & immediatly.

    Secondly, the public cannot have this type of "sub-marketing" going on, without their approval. This is 100% illegal..!

    Otherwise... lets put this "root kit" into HTC's office computers... so the public can see what their doing..?
  13. Yet its so easy to turn it off... What are you all yapin about, the problem is not that you're being tracked but that you're so stupid to be tracked. I really have to emphasize _STUPID_ here!
  14. MilwaukeeMike

    MilwaukeeMike TS Evangelist Posts: 2,890   +1,224

    think about it... is it really 1984, big brother watching you, and all that scary if you have to read about it on a tech website to know it's happening?

    In 1984 they had a 'TV' with a camera on it so they could watch you watch the propeganda on the TV. The biggest thing I've learned here is American's propensity to grossly exaggerate.
  15. Windows Phone 7 devices are the only ones without this installed. :)
  16. ...And iOS devices (iPhone, iPad).
  17. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,742   +421

    Not enabled in iOS by default.

    Now compare the comments on this story to the comments on the story about Apple tracking your location:

    That was only your location, not everything you were doing. Very few posters in this article have the outrage displayed in the Apple story.
  18. MilwaukeeMike

    MilwaukeeMike TS Evangelist Posts: 2,890   +1,224

    I'm surprised at how many people think this is oppression and an example of the govt watching you. From the story on Information week quoting a lawyer who weighed in...

    "Carrier IQ, prepare for a multi-million $ class action lawsuit. Maybe a criminal case too? Federal wiretapping is a 5-year felony"

    The govt isn't doing this!!!!
  19. PinothyJ

    PinothyJ TS Guru Posts: 460   +22

    This is no where even remotely like nineteen eighty-four but we cannot all be educated…
  20. tonylukac

    tonylukac TS Evangelist Posts: 1,374   +69

    Another ironic thing is the customer pays for this with his $80 a month phone bill. Prepaid phones have no such tracking and cost a lot less.
  21. "China could be leveraging electronic exports to spy on the US."

    This article goes hand in hand with the above Techspot article and the below reference from an earlier Guest poster on this thread.

    "What might have happened here is that HTC is using some of the same software builds for Asian markets for handsets that are going to the US, by mistake. I would be very surprised if they did this on purpose"
  22. Relic

    Relic TechSpot Chancellor Posts: 1,379   +16

    Heh, ya noticed that too.
  23. JudaZ

    JudaZ TS Enthusiast Posts: 284

    Actually no Nokia phone has ever had this installed ... the article is incorrect.

    Nokia categorically denied this as soon as it surfaced...
  24. Okay, so you all keep track but when I call wondering about lost information from my phone why is it I'm always told there's nothing more you all can do about it? Apparently there is...if you keep track of all my information, I'd appreciate it if you would send back my songs or videos if they accidently get lost or deleted. I find it to be an invasion of our privacy that you are doing this and feel that 1) you should require our permission before montioring, 2) allow us to pick what is monitored, and 3) allow us to get the information that you hold back. It may come in handy for lost programs, divorces (messages containing infidelity), and former numbers we once deleted. But once again I say ask us! It should be the people that help pay your bills that should be given the choice.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...