Android "Security"

Started by Tacitus, Dec 01, 2011, 07:31:19

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Tacitus

Anybody using an Android phone might be advised to read up about a business called Carrier IQ and their "Media Alert" programme.  Wired reports on it here:
http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/

You can read more about it here:  http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/

Basically this software appears to report everything you're doing on your phone even down to keystroke logging. 

John Gruber nails it here:  http://daringfireball.net/2011/12/translation_carrier_iq

The really interesting question is why we're not hearing anything about this in the media.  Remember when Apple were caught logging mobile mast locations?  That was nothing compared to this and yet nobody is making a fuss.

[EDIT]  Looks like it might be on iPhones as well - see the comments on the following:

http://www.macrumors.com/2011/12/01/carrier-iq-keylogging-software-found-on-many-mobile-phones/

Steve

Thanks Tac I guess this news is pretty recent  and I think people will make a fuss, certainly the logging of SMS message contents goes way beyond any monitoring of network performance. I think people need clear statements about these logging processes and what ends up where!
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Tacitus

Quote from: Steve on Dec 01, 2011, 08:31:18
I think people need clear statements about these logging processes and what ends up where!

I agree.  There does seem some doubt as to what the iOS implementation does exactly, always assuming this software is actually installed on iPhones.  One version suggests it can be disabled under Settings -> General -> About -> Diagnostics & Usage -> Don't Send   This implies that it might be restricted to network monitoring rather than anything evil although "Diagnostics and Usage" does not appear under IOS3 prefs - at least not that I can find on my iphone 3G.

Unless you do some serious hacking you'll never know it's there.

Steve

Apple have given an update today

http://www.macrumors.com/2011/12/01/apple-stopped-supporting-carrier-iq-in-ios-5-complete-removal-coming-in-future/

'We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.'
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Simon

Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

.Griff.

Doesn't this only affect US providers?

Steve

You may well be correct Griff, the UK providers deny that they collect any diagnostic data although in this blog they don't deny Carrier IQ's presence. Google do not add CarrierIQ to Android

http://www.zdnet.com/blog/btl/which-phones-networks-run-carrier-iq-mobile-tracking-software/64500
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Glenn

Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Glenn on Dec 02, 2011, 07:50:51
According to the Guardian's report, no UK network uses it.

http://www.guardian.co.uk/technology/2011/dec/01/carrier-iq-uk-mobile-networks?newsfeed=true
I think ther will be lots of denial, as who wants to admit to using it, you could then just watch your customer base shrink...
Damned, if you do damned if you don't

Simon

They've all been busy switching it off.  :whistle:
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Steve

Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Steve

Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Ray

Thanks, Steve, I now know that it's not installed on my HTC Desire phone. :thumb:
Ray
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Technical Ben

Seems more an American standard. Both in the reason (to sell all sorts of customer data/usage reports/statistics) and to enforce companies policies (carriers over there are even more control freaks). Still rather poor form.
I use to have a signature, then it all changed to chip and pin.