Announcement

Collapse
No announcement yet.

Your Android Phone Is Secretly Recording Everything You Do

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Your Android Phone Is Secretly Recording Everything You Do





    If you have any decently modern Android phone, everything you do is being recorded by hidden software lurking inside. It even circumvents web encryption and grabs everything—including your passwords and Google queries.

    Worse: it's the handset manufacturers and the carriers who—in the name of "making your user experience better"—install this software without any way for you to opt-out. This video, recorded by 25-year-old Android developer Trevor Eckhart, shows how it works. This is bad. Really bad.

    Fast forward to 9:00 for the damning sequence.

    The spying software is developed by a company called Carrier IQ. In their site, the company says they are "the only embedded analytics company to support millions of devices simultaneously, we give Wireless Carriers and Handset Manufacturers unprecedented insight into their customers' mobile experience."

    It seems like a good goal and, indeed, most manufacturers and carriers agree: according to Eckhart, the spyware is included in most Android phones out there. Carrier IQ software is also included in Blackberry and Nokia smartphones, so it probably works exactly the same in those smartphones as well. It doesn't even matter if your telephone was purchased free of carrier contracts. As Eckhart shows in this video, it's always there.

    The problem is that it does a lot more than log anonymous generic data. It grabs everything.
    How does it work?

    Carrier IQ's software is installed in your phone at the deepest level. You don't know it's there. You are never warned this is happening. You can't opt-in and you certainly can't opt-out.

    The commercial spyware sits between the user and the applications in the phone so, no matter how secure and private your apps are, the spyware intercepts anything you do. From your location to your web browsing addresses and passwords to the content of your text messages.

    This even happens using a private Wi-Fi connection instead of the carrier 3G or 4G connection.

    The company denied all this in a public statement (PDF):

    While we look at many aspects of a device's performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools

    But the video clearly demonstrates that this is not true: Keystrokes submit unique key codes to Carrier IQ. Even secure connections are intercepted by the spyware, allowing it to record your moves in the open. These connections to the web are encrypted but, since Carrier IQ's spyware sits between the browser and the user, it grabs it and sends it in plain text.

    The spyware can even log your location, even if the user declines to allow an app to know where it is. The hidden Carrier IQ app ignores your desires, intercepts the data and gets your location anyway.
    What can you do to avoid it?

    Unfortunately, not much. The hidden spyware is always running, and there's no option in any of the menus to deactivate it. Unless you're a grade-A blackbelt hacker, you're out of luck. Even Eckhart, who is a developer, finds it difficult to remove:

    Why is this not opt-in and why is it so hard to fully remove?

    It's an excellent question. One that urgently needs an answer, from Carrier IQ but especially from every handset manufacturer and carrier involved in this situation. [Twitter, Android Security Test, EFF and Carrier IQ via Threat Level]
    .

  • #2
    The courts have made it fairly clear that there is no guarantee of privacy when dealing with wireless technologies. You are broadcasting.

    I get a bit 'tinfoil-hatty' on this subject.
    When the government pays, the government controls.

    Comment


    • #3
      All they're gonna get from me is I like porn

      Comment


      • #4
        Originally posted by aCid View Post
        All they're gonna get from me is I like porn
        ^ This!!!!!

        Comment


        • #5
          I see this each time I am debugging on my device for app development... Yesterday I was working on something and out of the corner of my eye I noticed that the running log (adb logcat) was spewing my GPS coordinates... and to my knowledge the GPS was not on (according to the user interface). Freaking stupid how fast the operating systems are throw out the door and labeled as "safe".
          Tera 4:1 + 4.88's = Slowest rig on here
          Baja-Bob.com

          Comment


          • #6
            Good thing I'm not doing anything...
            Originally posted by Silverback
            Look all you want, she can't find anyone else who treats her as bad as I do, and I keep her self esteem so low, she wouldn't think twice about going anywhere else.

            Comment


            • #7
              It is very interesting to me that carriers have a keylogger installed as a root kit.

              BTW, it also picks up your username and passwords for any website you visit. Even if your logon info is submitted over https. It logs it in plain text.

              Comment


              • #8
                I'm just glad Apple would never do something like that. They wouldn't use a third-party, at least...
                Originally posted by Broncojohnny
                HOORAY ME and FUCK YOU!

                Comment


                • #9
                  Originally posted by Nash B. View Post
                  I'm just glad Apple would never do something like that. They wouldn't use a third-party, at least...

                  LOL. I was about to say..
                  Karussell White - 2010 Genesis Coupe R-Spec 6MT 2.0T -

                  Comment


                  • #10
                    Originally posted by Nash B. View Post
                    I'm just glad Apple would never do something like that. They wouldn't use a third-party, at least...
                    Originally posted by Osiris View Post
                    LOL. I was about to say..
                    I hope you guys are being sarcastic...
                    Originally posted by Silverback
                    Look all you want, she can't find anyone else who treats her as bad as I do, and I keep her self esteem so low, she wouldn't think twice about going anywhere else.

                    Comment


                    • #11
                      Last I read, the iPhone does something similar. Maybe Tony can explain better.
                      Karussell White - 2010 Genesis Coupe R-Spec 6MT 2.0T -

                      Comment


                      • #12
                        Originally posted by Osiris View Post
                        Last I read, the iPhone does something similar. Maybe Tony can explain better.
                        Yes, they are and IIRC they are doing worse or just as bad.
                        Originally posted by Silverback
                        Look all you want, she can't find anyone else who treats her as bad as I do, and I keep her self esteem so low, she wouldn't think twice about going anywhere else.

                        Comment


                        • #13
                          My name is john seamore and I stole this phone 8 months ago!

                          <-- posting from EVO...

                          Comment


                          • #14
                            I like my stupid phone.

                            Stevo
                            Originally posted by SSMAN
                            ...Welcome to the land of "Fuck it". No body cares, and if they do, no body cares.

                            Comment


                            • #15
                              So, if you are not hooked to the internet and you have an older ( 8700C) Blackberry, are you not trackable ?

                              Comment

                              Working...
                              X