We have seen many security loop holes in Android related to either malware, apps, custom carrier modifications. Now, 25 year old Android developer Trevor Eckhart has discovered an interesting piece of software that comes pre-installed on most Android, Blackberry and Nokia phones.
It records everything you do from your phone. It can even grab your passwords and queries! Worse!
The below embedded video recorded by Trevor shows how it works. The spying software called Carrier IQ (developed by www.carrieriq.com) secretly logs everything a user does with his phone including text messages, encrypted web searches, phone calls, location and you name as well!
Carrier IQ as described on their website is a software meant to monitor user’s experience with a phone so that carriers and manufacturers can do quality control.
This 17 minute long video is lengthy but interesting. Fast forward to 8:45 for the actual scene. A unique identifier is logged depending on the user key stroke. Once connected to WiFi or 3G, Carrier IQ will send all the logged data to its servers. This may include all your important information.
We’re not looking at texts. We’re counting things. How many texts did you send and how many failed. That’s the level of metrics that are being gathered.
But the video clearly demonstrates this is not true.
Unfortunately, there is nothing much you can do to avoid it. You cannot uninstall or stop the service. On Android phones, the only choice is to root your phone and replace the OS with your own custom without this software pre-installed.
Now it looks like the late Steve Jobs was right. Back few months ago, when security researchers found iPhones running iOS 4 firmware were tracking location, during the whole debacle, one such user sent an email to Apple asking for answers. If he didn’t get them soon, he said, he’d switch to Droid; they don’t track him. Steve’s answer: “Oh yes they do”.