Do you ever do anything on your Android smartphone that you would like to be secure and private? You know, like banking, sending a text message to a friend or loved one, accessing secure web pages, or calling someone? If you do any of that, the U.S. mobile carriers have embedded software on Android devices that can grab every keystroke, see every app you launch, and even view the content of the secure web pages you access even when you are in Wifi mode with mobile 3G/4G turned off!
Though I’d been peripherally aware of a kid named Trevor Eckhart who’d come across what he calls a “rootkit” on Android phones, I was stunned to see this Wired article explaining it and was even more appalled when I watched Trevor’s 17 minute video (embedded below).
I’ve been observing the continuing acceleration in governmental intelligence gathering since 2006 (see, “Massive, sweeping surveillance on *all* you do“) and the U.S. National Security Agency’s warrantless wiretapping, but watching this video gave me one of those “Oh. My. God.” moments this morning.
Wired said this at the start of their article:
The Android developer who raised the ire of a mobile-phone monitoring company last week is on the attack again, producing a video of how the Carrier IQ software secretly installed on millions of mobile phones reports most everything a user does on a phone.
Though the software is installed on most modern Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until 25-year-old Trevor Eckhart of Connecticut analyzed its workings, revealing that the software secretly chronicles a user’s phone experience – ostensibly so carriers and phone manufacturers can do quality control.
But now he’s released a video actually showing the logging of text messages, encrypted web searches and, well, you name it.
CarrierIQ, now busted, has backed off of their cease-and-desist (PDF) and pointed out that they’re not really doing anything with the data. It’s all to help out the carriers managing their networks. Aha…that’s what the guy said when the cops popped his trunk and found lockpicking and glass cutting apparatus along with a black ski mask and latex gloves. “Really officers, I don’t use that stuff for breaking and entering.”
The Register also wrote about this and it’s a great read…but do that and make sure you also watch the video below. Yes, it’s a bit geeky and long, but the first few minutes explains the issue and about the 15 minute mark he shows what’s happening.
Action? Raise a stink by contacting your Congressperson. Join what continues to prove is our only tech-savvy defense against the assault on our Constitution and Bill of Rights when it comes to technology: the Electronic Frontier Foundation. Tweet about it using the hashtag: #CIQ.
Glad I have an iPhone 4S since it doesn’t have this embedded software on it…until we find out otherwise.