CarrierIQ is back in the news again. For those of you who don’t know, CarrierIQ is a tool that cellular providers and/or OEM’s can pre-load on smartphones (Android and Blackberry at the moment) to help identify (and hopefully fix) problems with their handsets and networks.
When one particular developer publicized what he felt were security and privacy violations, CarrierIQ released their lawyers upon him. After the developer contacted the EFF and told developers on CarrierIQ’s legal threats, they backed down and assured us they don’t record keystrokes or personal information.
Now that’s reportedly been proven untrue.
According to XDA member Trevor Eckhart, the software looks like it is in fact recording key strokes and web traffic, then sending that data over an unsecured wireless connection.
Verizon has reportedly gone on the record that they do not use CarrierIQ in any way, shape, or form. As of this writing, the other three major carriers in the US have not commented on whether or not they use CarrierIQ.
In their defense, we’d like to assume that CarrierIQ’s statement about key logging was a PR oversight, not an outright lie, but it’s still a gross invasion of privacy. We’ll keep you informed as this story continues to develop.
Additional reading on the topic is covered at XDA-Developers: The Storm Is Not Over Yet Lets Talk About #CIQ (Thanks for the link, Jake!)
Source: Android Community