Carrier IQ

Your Android-based smartphone could be watching just about everything you do, Android security researcher Trevor Eckhart argues in a video posted earlier this week.

In the nearly 20-minute video clip, Eckhart shows how software developed by mobile-device tracker Carrier IQ logs each keystroke and then sends them off to locations unknown. In addition, when Eckhart tried placing a call, Carrier IQ's software recorded each number before the call was even made.

Eckhart started making waves across the privacy community earlier this month after he dug into software developed by Carrier IQ that, he said, runs behind the scenes in Android-based devices to track what users are doing. Eckhart called the software a "rootkit," due to its ability to access device data while concealing its presence.

As one might expect, Carrier IQ took offense to Eckhart's claim, saying that its software is a "diagnostic tool" for companies to "improve the quality of the network, understand device issues, and ultimately improve the user experience." The company also sent Eckhart a cease-and-desist letter and demanded he issue an apology for calling its software a rootkit.

Just days later, Carrier IQ did an about face after the Electronic Frontier Foundation responded to its cease-and-desist letter, saying that Eckhart's comments and research are protected under the Copyright Act's fair use provision.

"Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart," the company said in response to the EFF's letter. "We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world."

However, Carrier IQ also took the opportunity to clarify what its software doesn't do, including record keystrokes, provide tracking tools, or inspect "the content of e-mails and SMSs." The company also argued that its software does not "provide real-time data reporting to any customer."

But Eckhart's new video seems to refute at least some of those claims. In one part of the clip, he shows how an entire SMS message--"hello world"--was recorded by Carrier IQ's software. In another example, he demonstrates how a Google search, his location, and other key information is recorded by Carrier IQ's application, even though he was on Wi-Fi and a page secured by HTTPS.

"The Carrier IQ application is receiving not only HTTP strings directly from browser, but also HTTPs strings," Eckhart wrote in a blog post. "HTTPs data is the only thing protecting much of the 'secure' Internet. Queries of what you search, HTTPs plain text login strings (yuck, but yes), even exact details of objects on page are shown in the JS/CSS/GIF files above--and can be seen going into the Carrier IQ application."

--Trevor Eckhart, Android security researcher "The Carrier IQ application is embedded so deeply in the device that it can't be fully removed without rebuilding the phone from source code."

Perhaps most troublesome is that users don't know where their information is going or how it's being used. Earlier this month, Sprint told CNET that it's a Carrier IQ customer, but rejected any notion that it's peering into users' personal data.

"Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service," Sprint told CNET. "We also use the data to understand device performance so we can figure out when issues are occurring."

"We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool," Sprint continued.

But for many handset owners, that might not be enough. So, surely they can turn off the software and stop the tracking, right? Think again, says Eckhart.

"The Carrier IQ application is embedded so deeply in the device that it can't be fully removed without rebuilding the phone from source code," he says. "This is only possible for a user with advanced skills and a fully unlocked device. Even where a device is out of contract, there is no off switch to stop the application from gathering data."

Although Eckhart's data comes from Android devices, it's worth noting that Carrier IQ's software is running on over 130 million mobile devices worldwide, including those made by Nokia and Research In Motion.

Carrier IQ declined CNET's request for comment.

Eckhart's video on Carrier IQ