Back in April, Apple had a bit of a PR problem when it was discovered that iPhones were storing a cache of data on which GPS locations that handset had visited in an unencrypted file. The whole thing was just a bug, but the controversy was dubbed LocationGate, and Apple even had to testify in front of the Senate about the matter.
The whole fiasco even prompted an email from Steve Jobs, which dropped something of a bombshell: he said Apple doesn’t track anyone’s location, but that Android tracked everyone.
At the time, there wasn’t a lot of proof to back up Steve’s assertion, but as it often does, time has proven Steve Jobs right. Android phones do track you. In fact, software that comes pre-installed on millions of Android, BlackBerry and Nokia phones log everything you do with your device, and sends them off secretly to its own servers.
25-year-old Android developer Trevor Eckhart has discovered a piece of software that comes installed on most Android, BlackBerry and Nokia phones called Carrier IQ secretly logs everything a user does with his or her phone, including text messages, encrypted web searches, phone calls, location and, well, you name it.
What is Carrier IQ? Ostensibly, it is software meant to monitor a user’s experience with a phone so that carriers and phone manufacturers can do quality control. However, Eckhart calls the software a “rootkit,” which prompted Carrier IQ to threaten him with a huge lawsuit and deny that its software logs keystrokes.
To see how invasive Carrier IQ is, a video posted by Eckhart shows that the software not only intercepts encrypted web searches, but logs each number as he dials it, and even received or sent text messages.
Once logged, Carrier IQ then sends all of this data to its own servers. That’s incredible. One privately held company that almost no one has ever heard of has the complete logs of every email, phone call, web search and text message ever sent or received by millions of Android, Blackberry and Nokia users.
Absolutely insane. Even worse? There’s no way to opt out of the Carrier IQ “service.” On Android phones, your only choice is to root your phone and replace the operating system with one without the software pre-installed.
This is absolutely insane. Apple was practically crucified over LocationGate, which was just a cache of GPS locations stored on users’ home machines. Meanwhile, almost every Android phone out there is reading people’s emails and logging their passwords, while no one bats an eye.
[via Threat Level].