Android "Security"

[Tacitus]

Anybody using an Android phone might be advised to read up about a business called Carrier IQ and their "Media Alert" programme.  Wired reports on it here:
http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/

You can read more about it here:  http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/

Basically this software appears to report everything you're doing on your phone even down to keystroke logging. 

John Gruber nails it here:  http://daringfireball.net/2011/12/translation_carrier_iq

The really interesting question is why we're not hearing anything about this in the media.  Remember when Apple were caught logging mobile mast locations?  That was nothing compared to this and yet nobody is making a fuss.

[EDIT]  Looks like it might be on iPhones as well - see the comments on the following:

http://www.macrumors.com/2011/12/01/carrier-iq-keylogging-software-found-on-many-mobile-phones/

[Steve]

Thanks Tac I guess this news is pretty recent  and I think people will make a fuss, certainly the logging of SMS message contents goes way beyond any monitoring of network performance. I think people need clear statements about these logging processes and what ends up where!

[Tacitus]

I think people need clear statements about these logging processes and what ends up where!

I agree.  There does seem some doubt as to what the iOS implementation does exactly, always assuming this software is actually installed on iPhones.  One version suggests it can be disabled under Settings -> General -> About -> Diagnostics & Usage -> Don't Send   This implies that it might be restricted to network monitoring rather than anything evil although "Diagnostics and Usage" does not appear under IOS3 prefs - at least not that I can find on my iphone 3G.

Unless you do some serious hacking you'll never know it's there.

[Steve]

Apple have given an update today

http://www.macrumors.com/2011/12/01/apple-stopped-supporting-carrier-iq-in-ios-5-complete-removal-coming-in-future/

'We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.'

[Simon]

 

[.Griff.]

Doesn't this only affect US providers?

[Steve]

You may well be correct Griff, the UK providers deny that they collect any diagnostic data although in this blog they don't deny Carrier IQ's presence. Google do not add CarrierIQ to Android

http://www.zdnet.com/blog/btl/which-phones-networks-run-carrier-iq-mobile-tracking-software/64500

[Glenn]

According to the Guardian's report, no UK network uses it.

http://www.guardian.co.uk/technology/2011/dec/01/carrier-iq-uk-mobile-networks?newsfeed=true

[Gary]

According to the Guardian's report, no UK network uses it.

http://www.guardian.co.uk/technology/2011/dec/01/carrier-iq-uk-mobile-networks?newsfeed=true

I think ther will be lots of denial, as who wants to admit to using it, you could then just watch your customer base shrink...

[Simon]

They've all been busy switching it off. 

[Steve]

Amusing stab at the mobile providers.


http://www.zdnet.co.uk/news/security-management/2011/12/02/carrier-iq-gives-the-game-away-40094567/

[Steve]

This is for Android phones

http://www.bgr.com/2011/12/06/how-to-find-out-if-carrier-iq-is-installed-on-your-phone-in-one-tap/

[Ray]

Thanks, Steve, I now know that it's not installed on my HTC Desire phone.

[Technical Ben]

Seems more an American standard. Both in the reason (to sell all sorts of customer data/usage reports/statistics) and to enforce companies policies (carriers over there are even more control freaks). Still rather poor form.