
Secret app on millions of phones logs key taps  - thomasjoulin
http://www.theregister.co.uk/2011/11/30/smartphone_spying_app
======
DevX101
There are a handful of comments here giving CarrierIQ the benefit of the
doubt, because the video did not show CarrierIQ sending the logged data over
the network.

If you're still inclined to give them the benefit of the doubt, just read the
CarrierIQ website. Their ENTIRE BUSINESS MODEL is based on collecting data
about mobile phone users!! Here's a choice excerptI found on their website
after browsing their site for 30 seconds[1]:

 _Carrier IQ's Mobile Service Intelligence Platform (MSIP)...receives raw data
(known as Metrics) from phones and converts them into reliable, repeatable
Measures which feed into analytic applications._

Or you can read this comment from a discussion last week where a CarrierIQ
recruiter told an HN member that they collect 10s of gigabytes of data PER
DAY.[2]

These guys are indeed collecting RAW DATA from actions on your phone. There
are tremendous opportunities for abuse here, should CarrierIQ decide to do so.
CarrierIQ in blatant violation of privacy norms and could do enormous damage
to national security of many countries, conduct corporate espionage, or simply
violate the citizens' expectation of privacy when using their phone.

This is dangerous and should be stopped immediately.

1\. <http://www.carrieriq.com/overview/mobileservice/index.htm> 2\.
<http://news.ycombinator.com/item?id=3264264>

~~~
jgrahamc
They say they are installed on > 148.3M phones. If we imagine that they are
gathering 10GB per day then that's about 76 bytes per phone, if it's 90GB (the
upper limit before the recruiter would have been shouting about terabytes)
then it's 680 bytes. It's more likely to be in the middle (because otherwise
the recruiter would have rounded up) so you are talking 100s of bytes per
phone per day. I don't think it's realistic that they are sending all my URLs,
all my keystrokes etc. in a few hundred bytes.

~~~
DevX101
Whether they are sending a full log report of my actions TODAY is beside the
main point.

I do however know two things. 1) That their local software processes almost
every key stroke made. 2) And that they do send at least some portion of this
data back to their servers.

At this point it would be trivial for them to send my private information
TOMORROW if they decided to do so. I don't know that they don't have a
subroutine to begin sending all of my SMS back to their servers if they decide
to so for profit or under government coercion.

If they have no plans of using my Google searches, they shouldn't process it
in the first place.

~~~
tptacek
This is, of course, an attitude that is going to "deftly" shoot down any new
fact or analysis brought into the discussion.

Your starting point was that they were _collecting_ † data that could
jeopardize _national security_ ††. You clearly based that argument on the idea
that their own recruiter mentioned "10s of gigabytes a day".

Now, in true message board geek fashion, you're going to steadily move the
goalposts. What? They're not collecting messages? Well then they're processing
messages! They shouldn't be doing that either!

The problem with this tactic --- make a spectacularly unsupported assertion
and then back off it in a series of non-concession-concessions --- is that you
cease to be credible. Is this what you really think? Or will you re-harden
your position if e.g. it becomes clear that they're not even seeing the
keycodes of the keypresses, but rather using an API that _could conceivably_
allow them to get them.

† _Your word._

†† _Ibid._

~~~
white_devil
Here's a thread full of you vehemently defending/rationalizing police state
-like behaviour: <http://news.ycombinator.com/item?id=2802917>

Now you're defending/rationalizing whatever disgusting bullshit Carrier IQ is
up to.

What's wrong with you?

Just like we didn't have _absolute_ proof that Aaron's indictment was
politically motivated, we can't be _absolutely_ sure that Carrier IQ is a
company full of shit and devoid of morals.

But it's blindingly obvious that both are _very, very likely_.

In case you're just blissfully unaware of how full of shit the world actually
is, here's a report on your justice system fraudulently, systematically
signing away people's homes: [http://www.rollingstone.com/politics/news/matt-
taibbi-courts...](http://www.rollingstone.com/politics/news/matt-taibbi-
courts-helping-banks-screw-over-homeowners-20101110?print=true)

~~~
fluidcruft
Government contracts can have that effect.

~~~
tptacek
I wouldn't know. But the idea that you can't even fathom how someone might
have a different point of view from you and not be bought off by the
government is telling.

~~~
fluidcruft
I actually concur with your arguments. But I guess you're hell bent on making
an ass of you and me.

------
cbs
Its much easier to invade privacy in the name of providing a better product
than to actually figure out what the customer wants. Collecting huge swaths of
data allows product to be tweaked to find a local maximum of profitability.
Its an easier and safer alternative than to actually understand one's own
product from a consumer perspective.

I fear this is where we're going in all corners of tech. Even moreso because
we're already quickly eroding at any expectation that one should provide
privacy to their users. All the while users are ignorant enough about tech in
general and have no idea that their privacy can and is flying out the door.
Software exists in such a way that the lay user can't ever understand the
boundaries or capabilities of software to do things that they are completely
unaware of. The numbers of people who do understand what is going on is so
small that they are neither a significant portion of the market, nor a
"reasonable person" in the eyes of courts.

Privacy will be dead before anyone even notices.

------
runjake
It should be noted that there's no evidence (yet) of what is sent to other
entities, only what is captured by the software on the device.

This is bad enough, though. But, let's keep our head about this and calmly
demand an explanation from HTC. Why them? Because they signed the binaries
with their certificate, presumably at the request of carriers, but HTC is the
first in line.

And don't believe the response from CarrierIQ. Just prior to that response,
they still had very informative high resolution screenshots of their "Device
Analyzer" product which showed a scary level of data mining of end user
devices. They were probably great eye candy for their customers (carriers),
but creepy for anyone valuing their privacy.

I agree that this information is likely for improved QoS, but what can (has)
it been mis-used for? Employees can't be trusted, and the government can't be
trusted. An end user can't even opt out of it.

Edit: According to Google Image Search, others are mirroring some of the prior
shots. Note that nothing is anonymized in the least (nevermind that
anonymizing data is practically a myth).

I'll try and tack the URLs below.

[http://androidsecuritytest.com/wp-
content/uploads/2011/11/ci...](http://androidsecuritytest.com/wp-
content/uploads/2011/11/ciqdevicelist.png)

[http://www.xda-developers.com/wp-
content/uploads/2011/11/met...](http://www.xda-developers.com/wp-
content/uploads/2011/11/metrics.png?139d23)

[http://androidsecuritytest.com/wp-
content/uploads/2011/11/me...](http://androidsecuritytest.com/wp-
content/uploads/2011/11/metric_categories1.png)

[http://androidsecuritytest.com/wp-
content/uploads/2011/11/tr...](http://androidsecuritytest.com/wp-
content/uploads/2011/11/trigger_references.png)

[http://androidsecuritytest.com/wp-
content/uploads/2011/11/CI...](http://androidsecuritytest.com/wp-
content/uploads/2011/11/CIQoverview.png)

[http://androidsecuritytest.com/wp-
content/uploads/2011/11/si...](http://androidsecuritytest.com/wp-
content/uploads/2011/11/singledevice.png)

[http://www.carrieriq.com/overview/IQInsightDeviceAnalyzer/De...](http://www.carrieriq.com/overview/IQInsightDeviceAnalyzer/DeviceAnalyzer.datasheet.pdf)

This one doesn't need to be big to get the jist:

[http://www.carrieriq.com/overview/IQInsightServiceAnalyzer/i...](http://www.carrieriq.com/overview/IQInsightServiceAnalyzer/image001.jpg)

~~~
revscat
To be fair, the response from CarrierIQ implies that this is the case:

"In an interview last week, Carrier IQ VP of Marketing Andrew Coward rejected
claims the software posed a privacy threat because it never captured key
presses.

“Our technology is not real time,” he said at the time. "It's not constantly
reporting back. It's gathering information up and is usually transmitted in
small doses.”

Note that last clause there.

~~~
CaptainZapp
And why exactly, should I believe Mr. Coward?

Besides: Reading weasel words like 'usually' in corporate statements just
makes me shudder.

~~~
rationalbeaver
I'm not sure why I would care to defend him, but it seems that his claim that
the data is not real time can be verified by the first image in the parent
comment's list. In that shot there's a column listing the 'Upload Reason'. The
reasons include "Scheduled" and "Archive full", which seems to indicate that
the software reports back at set times unless the user was particularly active
and the data file hit some size limit.

There's also a third upload reason in that image which has it's own disturbing
implications: "SMS_PullRequest_CS".

------
kevin_jacobs
As a WP7 user, I emailed HTC yesterday asking whether or not this software (or
similar products) are used on their WP7 devices. Here's the response I got:

"Dear Kevin Jacobs,

I understand you would like more information about the Carrier IQ software, or
any software of this nature on your device. I understand your concerns about
this issue and protecting my privacy is definitely one of my top priorities as
well.

We have not had any reports of any kind of software like this on any Windows
Phone 7 device. This type of software has been used on Android devices, but
since Microsoft developed this operating system I am sure they did not include
any software of this kind.

Let me know if I have successfully answered your question, please click here
to complete this.

To send a reply to this message, please click here.

Sincerely,

Kathleen

HTC"

~~~
freehunter
>I am sure they did not include any software of this kind.

While I am a WP7 owner, I find this to be a little presumptuous. Microsoft may
not have included _this specific_ software, but how does HTC know they didn't
include anything like it? I don't believe Microsoft gives handset makers the
source code for the software. I know they don't allow them to customize it.
Perhaps HTC has not installed anything like it or been allowed to install
anything like it, but how would HTC know if MS did it themselves?

~~~
ugh
If they knew they wouldn’t be hedging. They don’t know, they just think it’s
very unlikely. What this tells you is that HTC (claims they) didn’t do
anything with WP7 phones.

------
jgrahamc
Does it really?

[http://blog.jgc.org/2011/11/getting-little-tired-of-
security...](http://blog.jgc.org/2011/11/getting-little-tired-of-
security.html)

There's no evidence that it sends this information to the company and no
evidence that it actually logs it. Only that APIs are called containing it.

~~~
law
The part about logging/transmitting personal info is a red herring. The _real_
issue is failing to provide an opportunity for users to assent to the
installation of this software on their device. It makes no difference to me
whether data is being logged or transmitted over a network. However, I'm
terrified that a phone manufacturer would install a very hidden program with
root-like privileges, offering a single point of failure. A malicious user
could potentially exploit this program's vulnerabilities to access everything
on your phone.

~~~
Fluxx
IMO, this is a slippery slope argument. The actual phone OS, which is
certainly "logging key presses" is also an opportunity for exploitation via
vulnerabilities. I fail to see how software is a special case? Additionally,
the carriers are certainly storing and tracking your movement and location,
and storing your SMS (how else do you suddenly get them when you turn your
phone on after your plane lands?)

I think the subtle difference here is that we as consumers have a implicit
understanding that the OS and the carriers must store and handle our data in
order to provide the services to us that they do. We must trust them if we use
their devices and networks.

That trust is given because the data sensitivity is proportional to the
disclosure and scrutiny of the providers. The phone, its OS and who provides
the network inherently have access to all your data, a _huge_ responsibility,
so no attempts are made to hide or obfuscate who those companies are and what
they're doing. You know Samsung makes your phone, it runs on android and you
use the Verizon network. CarrierIQ seems to have access to all the same data
your OS and carrier has, yet their presence is not made transparent/known to
the user of the phone.

That said, it's not clear to me what CarrierIQ's integration is like? Is it
purely a software framework Android uses to log and store metrics for the
carriers? Is it a 3rd party app installed by the carrier to help them store
user metrics? How antonymous is CarrierIQ with the data? Do CarrierIQ
engineers see your data or is it just for the carriers? Until that's clear,
it's anyone's guess.

------
mcritz
Remember when people were up in arms about how much location data iPhones
stored locally?

This is 1000 times worse.

~~~
nicwest
I have a horribly naive and defiantly uninformed question:

this was detected on an android device which is a fairly open platform when
compared to the iPhone/Windows phones in terms of software transparency,
correct? Is there any way to know for certain that Apple/MS aren't doing this
exact same/similar sort of thing?

~~~
masklinn
> Is there any way to know for certain that Apple/MS aren't doing this exact
> same/similar sort of thing?

You can't really ever know things "for certain", but considering the number of
jailbroken iOS devices in researcher hands it's likely this would have been
discovered.

------
cookiecaper
I think this is a good case study in support of "never trust an internet-
connected electronic device directly from a vendor". There should be a
universal policy to unlock, root, or blow away any software that exists and
replace it with "known good" software, like CyanogenMod, Ubuntu, or a new copy
of Windows.

~~~
dredmorbius
Two out of three ain't bad.

------
qqqqqq
I am surprised the internet took this long to respond, considering that the HN
discussion on this was started almost a week ago[1][2]. That said, after
watching the video I'm all kinds of sceptical about the dude's claim.

[1] <http://news.ycombinator.com/item?id=3263955> [2]
<http://news.ycombinator.com/item?id=3273416>

------
sdizdar
Can somebody clarify this story for me? What are the facts here?

* Did they implemented key-logger? Yes/No

* Do they write keys into some local log? Yes/No

* If they have key-logger, then why do they have key-logger? (Company statement - please)

* If they write key strokes to some log file, is that log file related to logs which are send to "mother ship"?

------
DrManhattan
From a Wired article on this: "it cannot be turned off without rooting the
phone and replacing the operating system. And even if you stop paying for
wireless service from your carrier and decide to just use Wi-Fi, your device
still reports to Carrier IQ."

------
thedjpetersen
First of all, it is excellent to see this type of hacking and reverse
engineering.

This is rather brash. I am surprised to see this on a such an open platform as
Android. Even as some of the comments are suggesting they are not sending the
data in non crash situations, keeping it logged is rather brazen.

On the flip side though, I have to wonder how would one determine crash
behavior before the phone crashes? It seems to me that the phone would need to
preemptively log some behavior that would then be indicative as to what caused
the crash.

------
vm
CarrierIQ provides a valuable service for all us. They relay data that
optimizes carrier networks, so that we can call, text, get data, etc more
reliably.

The problem this thread highlights is poor marketing and transparency. No one
at CarrierIQ gives a damn what we text. Breaking those basic privacy tenants
would destroy their business, which seems to be going nicely if their software
is on >100M devices.

The company just does a crappy job explaining what their technology does and
how it helps consumers. Uncertainty around our private information spooks
people, which leads to distrust and conspiracy theories. Let this be a
valuable lesson for entrepreneurs who touch consumer data, even B2B solutions.

Gmail and Bluekai provide excellent counter-examples of ways to squash these
concerns: -Gmail -remember the ruckus about Google reading your email for ads?
Google publicly explained this and now no one cares. -Bluekai -the company
tracks data for online ads. Touch subject. But they're transparent and lay
everything out on their website, including an opt-out:
<http://bluekai.com/consumers.php>

CarrierIQ clearly needs to address these issues. Let's call on them to do
that. In the meantime, take a moment to imagine how much more we'd hate
carriers if reception was even spottier (cough...AT&T iphone...)

~~~
seanp2k2
>"CarrierIQ provides a valuable service for all us. They relay data that
optimizes carrier networks, so that we can call, text, get data, etc more
reliably." Considering how crappy call quality and SMS (which was designed to
be used to send control messages to phones) reliability are and how expensive
data is, it seems like they're doing a pretty bad job of it. Also, there is no
reason to do this client-side since this can all be done at the carrier
infrastructure level -- and already is.

>"The problem this thread highlights is poor marketing and transparency. No
one at CarrierIQ gives a damn what we text." Warrantless wiretapping is
illegal. I'm not sure what more to say here.

>"Breaking those basic privacy tenants would destroy their business, which
seems to be going nicely if their software is on >100M devices." unless you
can't [as a non-techie] remove their software or opt out, which you can't.

>"The company just does a crappy job explaining what their technology does and
how it helps consumers. Uncertainty around our private information spooks
people, which leads to distrust and conspiracy theories."
<http://www.echelon2.org/wiki/Palantir> OK. I don't believe you since there
are lots of documented reasons to not trust anyone with data like this. Also,
why did they send a CnD letter to the guy and threaten him if they're not
doing anything bad?

>"Let this be a valuable lesson for entrepreneurs who touch consumer data,
even B2B solutions." Yes, installing rootkits on hundreds of millions of
devices without user consent, then trying to gag the security researcher who
outs you is pretty damn bad form.

>"CarrierIQ clearly needs to address these issues. Let's call on them to do
that. In the meantime, take a moment to imagine how much more we'd hate
carriers if reception was even spottier (cough...AT&T iphone...)" No, people
already hate carriers, and there is no explanation that will make installing
keyloggers on hundreds of millions of cellphones acceptable, ever. As I
already said, carriers have had the power to gather the data they need to
improve their networks at the infrastructure level (towers record MEIDs / EIDs
/ IMEIs already and this data would be easier to collect there) for years, and
they already do use that to "improve" their networks.

Not to spout conspiracy theories everywhere here, but have you /seen/ the FCC
press release about the ATT / T-Mobile merger and how badly ATT misrepresented
facts? [http://www.theverge.com/2011/11/30/2599466/fcc-report-att-
pr...](http://www.theverge.com/2011/11/30/2599466/fcc-report-att-proposal-t-
mobile-highlights) give this a read and then honestly tell me you think that
carriers have all the best intentions.

Companies are supposed to make profits for shareholders, not protect your
privacy or be nice to you. If they can make money by selling your personal
data, they will and they're probably doing just that right now.

------
throwaway30
There are one disturbing thing here:

A handful of comments are saying that is ok because CarrierIQ is probably not
sending all data (probably not in Europe, but probably they do in Saudi
Arabia). This is disturbing because people making these kind of comments are
entrepreneurs and in general great people. It seems like we are loosing our
moral compas in Silly Valley. Fuck. Please please don't do things like this.

------
babebridou
I just checked on my Motorola Atrix. I didn't see any CarrierIQ process, but
the Blur framework is logging tons of stuff on ADB, such as all key inputs for
the autocompletion software or every swipe movement on the home screen, but no
https query appear to be logged at first glance. "Search Intent" terms on the
other hand are logged. I never really trusted Blur because until the latest
few versions of the ADT the LogCat console was messed up with debug messages
from EON & Blur and it was a pain to keep it somewhat static and readable for
my own devs, but these couple reports on keylogging frameworks make me look
twice at my own phone now.

I'd like to run wireshark to check out what's really going out of my phone
when I'm on the wifi - I'm a bit of a novice in that area (network
monitoring), does anyone have any pointers of things to look for?

~~~
adolph
I think in this instance the application Charles would be more helpful than
Wireshark. See the below article for how someone analyzed wifi traffic from
iPad:

<http://waxy.org/2011/02/how_i_indexed_the_daily/>

~~~
babebridou
Thanks for the useful link. Now to enable proxy settings on the Atrix...

Alright. So for now I don't see much "phone-home trouble" but I'm far from the
security expert around here. There _are_ a few http queries (both GET and
POST) made using some plain text OAUTH tokens to the MotoBLUR servers, but as
far as I could notice nothing was really sending much information. Then again,
the first thing you do when you launch blur for the first time is giving it
your twitter/facebook/gmail account login&passwords, so... I'll get what I
deserve here :P

The only "tracking/keylogging" queries I could find were done to
data.flurry.com, and were only tracking (in plain text) my inputs on the
Winamp App, so I call it fair play.

I'm a bit relieved here, thanks again for the tip with Charles. Let's hope
someone with a better expertise than me will definitely rule Motorola out of
that CarrierIQ logging thing, but so far, so good.

------
ck2
This guy needs prison time for lies like these - or at least hauled before
congress:

    
    
      Carrier IQ VP of Marketing Andrew Coward rejected claims the 
      software posed a privacy threat because it never captured key presses.
    
      “Our technology is not real time,” he said at the time. "It's not constantly reporting back. 
      It's gathering information up and is usually transmitted in small doses.”
    
      Coward say[s] that Carrier IQ was a diagnostic tool designed to give network carriers and device manufacturers 
      detailed information about the causes of dropped calls and other performance issues.

------
EwanToo
There is no evidence the data is being logged and sent.

Accessed yes, logged, well nobody has found the log yet, and sent, nobody has
found any network traffic.

It's still bad, but the reports seem to be over-hyped by journalists looking
for a scoop.

~~~
revscat
Irrelevant.

The issues are:

(1) That a vector is there for an untrusted third party to record and report
all keystrokes

(2) It was put there at the insistence of the carriers, and

(3) That there is no way for a user to turn it off without voiding their
warranty.

edit:

(4) This has serious implications for the trustworthiness of Android-based
platforms as we attempt to move towards using NFC for financial transactions.
Who in their right mind would trust Android (or any smartphone, really) as a
debit card after this?

~~~
scott_s
JwanToo, jgrahamc and tptacek are questioning point 1. That is, they're
pointing out reasons why it may _not_ be a vector. We don't have enough
information to know.

------
runjake
If you're worried about Carrier IQ intercepting SMS messages. Don't be. The
carriers have been doing this for a number of years and even share them with
government agencies:

[http://www.schneier.com/blog/archives/2009/11/leaked_911_tex...](http://www.schneier.com/blog/archives/2009/11/leaked_911_text.html)

------
killnine
Why is this whole company and all of it's employees not indicted for
trespassing, breaking and entering, burglary, etc?????

How is stealing the most sensitive of data off my phone without my
knowledge/consent ANY different then walking into my house and taking my
passport??

~~~
unreal37
Because there is no evidence of any data leaving your phone. It's not
stealing. It's just a debugger/logger.

~~~
ilkandi
The company rep has stated that data leaves the phone. Evidence enough?

------
salem
I'm not a lawyer, but unless there is some fine print in the notifications
sent to subscribers, it is quite possible that they have broken the laws
regarding the interception of communication. This sounds a lot like what
killed phorm in the US.

------
tibbon
Is there any evidence that any of this is uploaded to a carrier or app maker?
Can any app developer access this log from their app? It seemed essentially
that the debug logs just kept a super verbose log for debugging.

------
hamoid
I used to think I better avoid installing a custom ROM in my phone because it
might contain software exactly like this one. This really upsets me. Time to
check CyanogenMod out.

------
dangerboysteve
three words.

MASSIVE CLASS ACTION

Lawyers fire up your infomercials.

~~~
gyardley
The usual suspects are almost certainly going to file a class-action lawsuit
or two over this, but it won't be 'massive' since this isn't a clear and easy
win. (The hardest part about this type of suit is showing real, concrete harm
to actual people - and not just hypothetical potential harm. So Carrier IQ
knows you play Angry Birds - so what? How'd that demonstrably hurt you?)

No, instead the lawyers responsible for offering the class action will be
willing to settle for a) a rather nice profit for them, b) a pittance for the
handful of individuals they round up to be plaintiffs, and c) some symbolic
genuflecting in the direction of privacy, maybe in the form of a charitable
donation to a non-profit.

The sum total cost of a) through c) will be carefully calculated - high, but
not too high, or Carrier IQ (and their clients, who will also get sued) will
decide to fight back and possibly win. Certainly nothing infomerical-worthy -
that's reserved for cases where winning is pretty much guaranteed.

~~~
seanp2k2
Since their business model is based around selling data collected without user
knowledge/consent, I feel like digging into their financial would reveal a
pretty strong case against them.

------
narrator
Which is why I use the ACS third party ROM, which has CarrierIQ removed, on my
Sprint phone . It also runs MUCH faster than the normal Sprint ROM.

------
alkimie
After looking at the screenshots of the carrier-side it seemed to me that the
Carrier IQ system allows much more interaction/control from the carrier side.
Pending patent applications sometimes can tell you a lot about where a company
is heading.

Here are a couple of quotes from Carrier IQ's pending U.S. 20090207749 USER-
INITIATED REPORTING OF MOBILE COMMUNICATION SYSTEM ERRORS:

"...This configuration enables the system 200 to dynamically generate and
download to a population of wireless devices rule-based data collection
profiles. Data collection profiles may be generated manually by a network
administrator, a software developer or other personnel involved in the
operation of the network (hereinafter referred to as "network
administrators"), created offline as a portion of a data analysis solution, or
automatically generated based on network parameters or other events. Profiles
define what information is to be collected on the devices in response to which
conditions and events, as well as the conditions and events that cause the
device to upload the collected information.

[0038] Conditions or events include any occurrence in the network or on the
device that the device can sense, such as a call dropping or a user pressing a
button on the device. Conditions and events also include the passage of time,
or a request from a network administrator that the device report information
back to the server. Conditions and events which cause a device to collect
information or upload the collected information may generally be referred to
as "triggers." "

and:

"[0080] In the exemplary embodiment, triggers may be included in the data
collection directives of a data collection profile, and their inclusion causes
the client to initiate, abort, and terminate data collection activity as
appropriate when the associated trigger condition is invoked by the wireless
device 400. A trigger invocation that matches the initiating trigger causes
data collection activity to begin. A match of the terminating trigger causes
the data collection activity to end, and a metrics package is then prepared
for uploading. An abort trigger causes data collection activity to cease, and
a metrics package is not prepared or is not uploaded. In the example used
earlier, launching an application caused the client to be invoked with an
"application launched" trigger event, which is matched against triggers in
downloaded profiles and causes data collection activity to begin on a user's
device. The user's entering of a particular key sequence, pressing of a
dedicated button, or selection of a particular menu option while the
application is running would cause another trigger to be activated, and the
SQC would match the event to a terminating trigger in the profile, cause data
collection to stop and a metrics package to be prepared and uploaded. As can
be seen, the inclusion of a trigger in a profile effectively selects the
condition under which a specific action associated with that profile is to be
executed. The trigger is not strictly within the profile, rather it associates
specific profile actions (start, stop, abort) with a specific event on the
device. "

And the claims from their pending "USING MOBILE DEVICE TO CREATE ACTIVITY
RECORD" application No. 20090210516 is quite interesting to browse:

1\. In a communication system, a method for creating an activity record, the
method comprising: recording data at a device, the data including one or more
events and event-related data that describe activities of a user; uploading
the data to a server, wherein the server organizes the data based the event
related data; and generating an activity record using the data that can be
presented to a user, wherein the activity record represents at least a partial
log of the activities of the user.

2\. The method of claim 1, wherein event-related data comprise one or more of:
a time an event occurs; a date the event occurs; a location of the device when
the event occurs; a filename of an event object associated with the event; a
mobile device number (MDN); and a contact name.

3\. The method of claim 2, wherein generating an activity record using the
data comprises creating an entry for each of the one or more events describing
where and when an event occurred.

4\. The method of claim 3, further comprising presenting the activity record
on a website, wherein the website is accessed by the device or using another
device.

5\. The method of claim 3, wherein the one or more events comprise at least
one of: making or receiving a phone call; sending or receiving a message;
taking a photograph; recording a device location; receiving and playing a
broadcast; connecting to an 802.11 or Bluetooth access point; and using a
device application.

6\. The method of claim 5, wherein the location of the mobile device is
recorded periodically and independently of other events. ....

------
salimmadjd
The issue is not how many bit or bytes this is sending. The fact that you have
never given permission to this and you can't switch it off tells me something
about Google and their priorities. Steve Jobs fought hard to prevent any
carrier pre-install apps on the iPhone. No such a leadership from google!

------
funkah
Before reading, I guessed that "millions of phones" meant millions of
_Android_ phones. Because if this was happening on iPhones, that would merit
mention in the headline. Funny how that works.

~~~
smokinn
And you guessed wrong.

It says iphones and blackberrys are equally affected.

~~~
artursapek
Blackberries possibly, I saw no mention of iOS devices.

~~~
gcb
Ios also collects all that. It's just more difficult to see inside a safe.

Remember the js code that showed all the places the phone have been using a
mere phone backup data?

ios is already worse then all of this

~~~
masklinn
> Ios also collects all that.

Do you have the _slightest_ evidence for your claim?

> It's just more difficult to see inside a safe.

Anything can be seen on a jailbroken iphone.

> Remember the js code that showed all the places the phone have been using a
> mere phone backup data?

This was (explained as) a location cache the developer forgot to clean (most
phones will cache the last few locations so it does not have to boot the
location circuitry if an application only needing a very rough location
estimate needs a fix) which mistakenly existed in a backuped location (note
that unless users sent them, those backups never left their machine). And the
issue was fixed in the next update (both the backuping and the too-greedy
cache).

> ios is already worse then all of this

I'll go with no until you provide evidence.

~~~
artursapek
You made me wonder- is jailbreaking an iPhone the equivalent of rooting an
Android phone? It's just about becoming the root user in the Unix system
right? I've never played with either.

~~~
gcb
rooting both is the same conceptually, your guess is right.

Then there's also the privilege of the apps. which i have no idea how it works
on ios.

------
1010100101
Is it unreasonable for a consumer to want complete control over a device from
the moment she powers on?

Is there a certain level beneath which it is not reasonable to give consumers
(optional) access? (Should consumers be prevented from "rooting" devices?
Should we allow companies to maintain control over devices, e.g. having them
"phone home", after they sell them?)

If yes, why?

Maybe a rootkit should just be viewed just like the crapware that comes pre-
installed on a PC. Sure it will help some company and perhaps the consumer
herself, if she decides to use it. But it's _optional_.

Maybe they could give consumers an easy way to opt-out.

------
1010100101
I do not want a "smartphone".

I want a "blank slate". With the right specs and form factor.

------
kunle
This cant be real right?

------
ksadeghi
Is this comment i'm typing on my phone being sent to CarrierIQ? :-S

------
PLejeck
I'm so glad that my iPhone only lets Apple spy on me.

~~~
Apple-Guy
Apple doesn't spy on you. There is no comparable keylogger on iOS.

~~~
Natsu
Actually, this same thing _was_ found on iOS. That said, it doesn't appear to
have a keylogger on iOS for some reason. See here:

<http://blog.chpwn.com/post/13572216737>

