Devices and Spyware

We’ve gone through a number of freakouts regarding smartphones and the tracking possibilities they provide (intentionally or otherwise). In the past the location tracking for both iOS and Android caused some uproar, for instance, and over the holiday there were reports that malls were tracking users. And tracking location is a weird and rather creepy thing to do, aside from those users willing to broadcast where they are at all times.

So to learn that there’s an app out there that tracks far more in-depth details about you and your device tends to ramp up the paranoia. The fact the app is nearly invisible by design, is not opt-in, reports back to your carrier and phone manufacturer, and can’t be removed or turned off without rooting your phone is downright fucked up. And yet it’s quite real. Carrier IQ has been discovered on Android and Blackberry devices which caused a lot of smug bullshit from iPhone users… until it was found on the iPhone too.

What really gets you is the video, though. The Android dev who found it had Carrier IQ jump all over him and order a cease and desist, claiming he was blowing it out of proportions. Then he recorded a video showing the output of the application on a screen. Recording everything. Every keystroke, app usage, WiFi details, all of it. 

Since then the attention to it has ramped up even further. Several manufacturers and developers have issued denials. Nokia claims it’s not on their devices. Verizon issued a blanket statement that it’s not installed on any of their phones, including some HTC devices, in spite of it being discovered mostly on HTC devices. I think we’re still waiting to hear from Sprint, whose device was first discovered reporting data.

Interestingly, a commenter on Gizmodo claimed to be a former engineer with an unspecified carrier that used Carrier IQ. He said it was activated only to gather troubleshooting details, it was anonymized, and it was installed on so few devices as to be useless to them. And as an IT admin, it makes a certain amount of sense to be able to have some troubleshooting data along those lines. But I say in response that 1) really, people should be made aware that it’s there and be able to opt in, 2) I’m skeptical that keylogging is needed for troubleshooting, and 3) his suggestion (he admits his time with it may have been a trial phase) that there were only 20,000 or so users with it installed seems quite at odds with Carrier IQ’s boast that they have it installed on over 100 million handsets.

I root my phones. I never did so out of fear of spyware, but to get all of Verizon’s pre-installed crapware off of there. But rooting now being the only way to get rid of crap like this is an increasing concern. I’m wondering how it will end up. I suspect everyone will settle down, apologies will go out, and it’ll still be quietly on phones.