So since Carrier IQ is tracking everything on your smart phone..

[Anonemous]

http://www.theverge.com/2011/11/30/2601695/carrier-iq-controversy

So what happens now? Does Sprint/AT&T get hit with a big privacy lawsuit?

 

[Newbian]

So a choice between that or a pro-life phone:

http://www.washingtonpost.com/blogs...ro-life-robot/2011/12/01/gIQAOeWfHO_blog.html

 

[Anonemous]

So a choice between that or a pro-life phone:

http://www.washingtonpost.com/blogs...ro-life-robot/2011/12/01/gIQAOeWfHO_blog.html

Apple:
We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

Sounds like they just switched to another program to log your passwords.

 

[Exterous]

Sounds like they just switched to another program to log your passwords.

Probably siri

 

[MarkXIX]

Time to finally load that cyanogen mod firmware on my Android phone I guess.

 

[zzuupp]

So a choice between that or a pro-life phone:

http://www.washingtonpost.com/blogs...ro-life-robot/2011/12/01/gIQAOeWfHO_blog.html

or both:

http://www.washingtonpost.com/business/technology/what-is-carrier-iq/2011/12/01/gIQApql1GO_story.html

This article mentions that Carrier IQ has been found on Iphones, but can be disable by users from a menu.

 

[Anonemous]

Kinda scary that they have these keyloggers in 140M phones which record key taps and messages. Kinda sux if you just gave them your banking/cc/or any vital passwords.

 

[IceBergSLiM]

Kinda scary that they have these keyloggers in 140M phones which record key taps and messages. Kinda sux if you just gave them your banking/cc/or any vital passwords.

The company categorically denies capturing what you just described in a press release so I suppose if it turns out they are doing what you describe, major class action lawsuits?

 

[Anonemous]

http://www.engadget.com/2011/12/03/...poses-no-threat-to-user-privacy-bac/#comments

So they say they only log keystrokes with certain tags... that's reassuring. /not

During a recent interview with the Register, Carrier IQ VP of marketing Andrew Coward acknowledged that his company's mobile software logs keystrokes, intercepts text messages and gathers geographic data, but insisted that the overwhelming majority of this information is discarded almost as soon as it comes in, thereby posing virtually no threat to user privacy.

 

[Bateluer]

The company categorically denies capturing what you just described in a press release so I suppose if it turns out they are doing what you describe, major class action lawsuits?

You have only their word on that. What is not in doubt, though, is that they have the ability to do it.

FYI, there's a big class action suit going through.

http://www.androidpolice.com/2011/1...-and-carrieriq-in-a-new-class-action-lawsuit/

Led by law firms from Delaware and New Jersey - Sianni & Straite LLP, Eichen Crutchlow Zaslow & McElroy LLP, and Keefe Bartels L.L.C. - the lawsuit "asserts that three cell phone providers (T-Mobile, Sprint and AT&T) and four manufacturers of cell phones (HTC, Motorola, Apple and Samsung) violated the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act." CarrierIQ is not named in that quote, but it is listed in the press release's title, so don't worry - the whole gang is included.

Lot of money involved in that.

 

[Crono]

So since Carrier IQ is tracking everything on your smart phone..

They aren't.

<- Windows Phone user

 

[Ichinisan]

I watched the researcher's video. The background service polls the keys, probably so it can respond to a secret key combination / sequence. It doesn't necessarily log them (but it could).

Watched this too:
http://www.youtube.com/watch?v=0KRsBkOEXhI

 

[Anonemous]

You have only their word on that. What is not in doubt, though, is that they have the ability to do it.

FYI, there's a big class action suit going through.

http://www.androidpolice.com/2011/1...-and-carrieriq-in-a-new-class-action-lawsuit/



Lot of money involved in that.

It also makes you wonder what Verizon/Microsoft are using to also log their users.

 

[lothar]

Posting the same thing I posted in Mobile Devices & Gadgets...

It also makes you wonder what Verizon/Microsoft are using to also log their users.

I've tried the Carrier IQ test app, it didn't find anything on my international Galaxy S2 and I'm running TouchWiz stock.
There are a lot of reports from people that Carrier IQ isn't present on the regular AT&T Galaxy S2 version as well, but many say that it is present on the SkyRocket LTE.

I doubt CarrierIQ is unique. If Verizon, Microsoft, Google Nexus, and others aren’t using CarrierIQ, they may well be using a similar product with a different name. Or maybe they do the same thing, but in-house.
Luckily for me, I'm one of those overly paranoid people that hasn't installed "mobile banking" apps or accessed my bank's website on my smartphone yet.

Since my international Galaxy S2 doesn't have Carrier IQ installed and since I'm already overly paranoid to begin with, it looks like I have nothing to be worried about.

 

[blackangst1]

Or just flash a ROM that has it removed 🙂

 

[Leros]

Lawsuit: http://www.businessweek.com/news/20...tomers-over-carrier-iq-tracking-software.html

 

[Anonemous]

Carrier IQ blames manufacturers for its insecure log files

http://www.theverge.com/2011/12/3/2...blity-insecure-log-files-blames-manufacturers

 

[Ichinisan]

Carrier IQ blames manufacturers for its insecure log files

http://www.theverge.com/2011/12/3/2...blity-insecure-log-files-blames-manufacturers

I'm really irritated by the idiot interviewer calling it a "log file" in Eckhart's video. Eckhart enabled a debugger so he could see what notifications the background process was responding to. It's NOT a "log file." USB debugging is a feature of Android that the phone manufacturer could disable.

The idiot interviewer says that: "If the CIQ software can see this, then that means any other software with the right permissions can see it." What?! "Any other software with the right permissions" CAN see it...whether-or-not you have CIQ on your system!

While I'd rather have the option to disable this shit on my phone, I fucking hate FUD hysteria.

 

[0roo0roo]

Yea watched the youtube videos on this, pretty heinous behavior. Kind of what you'd expect if you were a chinese citizen using a government phone..

 

[Ichinisan]

Yea watched the youtube videos on this, pretty heinous behavior. Kind of what you'd expect if you were a chinese citizen using a government phone..

Not sure if serious.

The YouTube video just shows that the background service responds to keypresses. Not very compelling evidence of "heinous" intent.

A similar debugger would show that my ATI drivers monitor my keypresses for keyboard shortcuts (and I never use ATI's shortcuts).

 

[paperfist]

I thought the Federal Wiretap Act didn't protect you when the data is being stored by a 3rd party?

 

[Ichinisan]

As I posted before, they seem pretty customer-service-oriented to me:
http://www.youtube.com/watch?v=0KRsBkOEXhI

We don't even know how most manufacturers and carriers choose to implement it. Anyway, most of the FUD comes from web sites that assume the USB debugger is a "plain-text log" and a "vulnerability."

*ugh