EFF: Some Facts About Carrier IQ (opens in new tab)

(eff.org)

115 pointsTomek_14y ago9 comments

9 comments

Not meaning to be the nitpicking guy, but there's a typo in the title. It should read "EFF", not "EEF".

"Unfortunately, our current belief is that the layer-4 logging that has been observed, which goes to Android system logs, is in fact being inadvertantly transmitted to some third parties and otherwise made available to other applications on the device.

This happens when crash reporting tools collect copies of the system logs for debugging purposes. The recipients of such transmissions are unlikely to have anticipated receiving keystrokes, text messages, URLs or location information through such channels, but that can in fact happen on some of the phones to which Carrier IQ has been ported.

What this means is that keystrokes, text message content and other very sensitive information is in fact being transmitted from some phones on which Carrier IQ is installed to third parties."

TeMPOraL14y ago

How come we haven't noticed this before? That is, some of those logs were probably sent at some point to somebody who didn't exactly expect this kind of data. I'm surprised nobody found out sooner.

nkassis14y ago

people rarely read error logs?

2 more replies

interlagos14y ago

The Android crash report functionality does send logs to Google, however Google does not forward these to third-party developers.

Third-party apps can request READ_LOG manifest permissions and directly monitor the log, but that is an incredibly rarely used permission that tends to raise flags.

napierzaza14y ago

Well, Richard Stallman was right. But I wonder if he or anyone ever thought that it went so far. When they save "installed on every phone" does that mean every phone in existence? In the USA?

Symmetry14y ago

No. Verizon doesn't use Carrier IQ at all, and as far as I can tell T-Mobile only deploys it on BlackBerrys. If I had an Android device on AT&T or Sprint, though, I'd want to install Cyanogenmod.

Here's a link to a piece of software that can detect CarrierIQ on your phone: https://market.android.com/details?id=org.projectvoodoo.simp...

j / k navigate · click thread line to collapse