That, friends, is hubris. But are you really suprised to hear this? I'm not. This doesn't require much in the way of technological chops -- it's pretty simple to implement. The only thing even a tad surprising is that the companies producing these phones not only pay to integrate this diabolical code, but also to keep it under wraps. Sure, the agent and supporting apps appear in the processlists (if you dig deep), but they're unkillable, so there's nothing to be done with them even if you knew what they are.
Carrier IQ's site brags about this to a substantial degree. There's a massive counter showing that Carrier IQ is gathering information on more than 140 million handsets, and the company states it gives carriers "unprecedented insight into their customer's mobile experience." Unlike the relatively hidden and obfuscated code running on the handsets, Carrier IQ's marketing team is unabashed about what the company actually does: continuously spy on people through their own phones. In a discussion with Wired, Carrier IQ admitted that they have a "treasure trove" of user data, collected surriptitiously, but denies that the term "keylogger" is accurate. They're right, in a way -- their data collection tools are much more invasive than a keylogger.
While some may be taken aback at the notion that they've been carrying around a tracking device delivering information on their every move to some unknown entity, I'm thoroughly unsurprised. When you work in network construction and security, you learn just how simple it is to do this kind of thing -- and how simple it is to find on a network with tools like IPS and network analyzers. Android and iOS phones are just Unix boxes, after all; these tasks aren't much more difficult to implement on phones than on servers.
I'm sure many people will shrug this off and say, "Well, I'm not doing anything wrong, so why do I care?" This is precisely the mentality that allows these practices to occur in the first place.
As useful as they may be, smartphones aren't worth abrogating your personal privacy -- certainly not without consent. Unfortunately, there are only two ways to combat this: ditch your smartphone or support legislation that correctly labels this type of nonsense as fraud and violation of privacy rights and comes with a massive fine. (Yes, CM7 is an option, but not for 99 percent of the population.) Even though several carriers have made a point that CarrierIQ isn't on their phones, that doesn't mean that their phones don't or can't have similar agents in use. As much as I dislike throwing around laws over every little thing, this is not a little thing. Ideally this nonsense will already be covered by federal wiretapping laws, and those responsible will pay the price for this malfeasance.
This story, "The Carrier IQ scandal: Enough is enough," was originally published at InfoWorld.com. Read more of Paul Venezia's The Deep End blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.