Last we checked in on the Carrier IQ situation, XDA-Developer member Trevor Eckhart, the researcher who exposed the tracking software being deployed on various Android devices from Sprint, was receiving legal threats from the company behind the software. Eckhart didn’t back down, however, with the Electronic Frontier Foundation issuing a response to Carrier IQ on his behalf. Now, to further solidify his claims that Carrier IQ described as “false allegations”, Eckhart has put together the video above (via TechCrunch) showing how the software could theoretically track, record, and transmit user input.
While the video in no way proves that Carrier IQ or Sprint is actually collecting and recording the data, it’s clear IQ does have access to log user keystrokes with unique identifiers, track phone numbers dialed, record unique codes for SMS messages, and log secure data over WiFi unencrypted. While Carrier IQ and Sprint both deny actually transmitting and recording this data, it doesn’t seem necessary that the software would have these capabilities for its intended purpose– to improve the quality of their customer’s (Sprint’s) network and “understand device issues”.
More troubling is the fact that users are not informed of the software at any time and, according to TechCrunch, some are even reporting increased battery life and improved overall performance when the software is removed. Eckhart’s video ends by posing four questions to Carrier IQ and Sprint:
Why do keypresses submit U101 & unique keycodes?
Why is this not opt-in and why is it so hard to FULLY remove?
Why does SMSNotify get called and show to be dispatching text messages to CIQ?
Why is my browser data being read, especially HTTPs on my WiFi?