OK - disclaimer out of the way.
I'll start with the bottom line: If you're using a non-Nokia Android device on AT&T or Sprint (not Verizon), or you're using a Blackberry - your phone could be recording and sending absolutely everything you do on your phone from web searches, to SMS, to application use, to continuous real-time tracking and storing/sending the information back to your carrier.
That's because some handset makers (including Apple - more on that in a minute) and some carriers use a piece of software called Carrier IQ that sets at the deepest levels of the operating system (also known as a "rootkit"). This handy-dandy piece of spyware software intercepts every single keystroke, button push, search string, URL, SMS message, email and (potentially) every voice call - before the operating system even displays it to the user.
Don't believe it? To quote an article on Gizmodo:
This video, recorded by 25-year-old Android developer Trevor Eckhart, shows how it works. This is bad. Really bad.
Here's that video - scroll ahead to about the 9:00 mark for the real interesting stuff:
WTH? Ummmm.... "cool." Now, as one might expect, the carriers are insisting that they are only using this data for "diagnostics" - when applications crash, or calls are dropped, etc.
Yeah, sure.
Being in the software industry for as long as I have, I get the fact that it's helpful to get the machine state if something goes horribly wrong - in order to trap for it in future releases and help the application(s) to get better and more resilient over time.
And, although iPhones also have Carrier IQ on them - it has been discovered that Apple really does only use it for that purpose. And, unlike the Android systems - you can easily turn it off by going to Settings -> Location Services -> System Services and setting the "Diagnostics & Usage" to "OFF". By the way - the default setting for this is OFF! (more information)
Personally, I have no problems with companies wanting to improve the stability of their operating system and/or application (although I have my "Diagnostics & Usage" set to OFF on my iPhone).
The thing I have a problem with - is that you as the user are never notified that your phone is spying on you. And that you can't opt-out of this type of information being transmitted/used (on non-Apple devices). And that you can't even stop the service from running in the first place - even when you press the "Hard Stop" kill switch.
Since this video came to light only 4 days ago - it has caused an absolute firestorm of controversy - to the degree that both the US and German governments are getting involved to see what (if any) privacy laws have been broken.
Now, I'm not really big into conspiracy theories - but in my mind just having this software on 141 MILLION devices begs the question: what happens when some hacker figures out a way to exploit this program? What if they already have? What if this software has been exploited by law enforcement (the "hush, hush" kind) for surveillance or illegal wiretapping?
I'm just sayin'... if you're using a wireless device running Android either buy a Nokia device, switch to Verizon, or just buy an iPhone and be done with it.
UPDATE #1 (02-DEC-2011 9:29am): - Ummmmm... you know that whole "illegal wiretap" stuff that I put in there? Well, it turns out that WikiLeaks just released 287 files on surveillance products from 160 companies designed to get around those pesky privacy laws. Allowing "remote forensics" including keylogging, screenshot captures and much more. DOH!
No comments:
Post a Comment