It turns out your phone may be spying on you even more than you thought.
Android developer Trevor Eckhart was tooling around with his HTC smartphone a few weeks ago when he discovered an unfamiliar app on it from a company called Carrier IQ.
[ Want to cash in on your IT experiences? InfoWorld is looking for stories of an amazing or amusing IT adventure, lesson learned, or tales from the trenches. Send your story to offtherecord@infoworld.com. If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. ]
That bit of code appeared to be capturing everything his phone did -- all numbers dialed, text entered, websites visited, buttons pressed, and so on, even while he was only using Wi-Fi -- and phoning home with that data.
The software was running in secret, not listed among his other running Android apps, and Eckhart could not force it to quit. In short, it was acting just like a rootkit used to hide malware.
So Eckhart posted his findings on his Android Security Test blog, along with training manuals he found on Carrier IQ's own site that explained how the software works, and called the Carrier IQ app a "rootkit."
Carrier IQ reacted to Eckhart's post by trying to squelch it. Its attorneys issued a nastygram to Eckhart, demanding that he take down the manuals (that CIQ had already made public) and threatening to sue him for $150,000 in damages, the maximum the law allows for a single copyright violation.
Carrier IQ also demanded Eckhart provide them with the names of everyone to whom he's provided the manuals (that CIQ had already made public), as well as personally retract the characterization of its software as a "rootkit."
Eckhart told CIQ to take a long walk off a short pier, more or less, and enlisted the Electronic Frontier Foundation to defend him.
Wired's Threat Level blog has a fascinating series on the battle between Carrier IQ and Eckhart, including a longish video on how the CIQ software works. Carrier IQ marketing manager Andrew Coward (no, I'm not making that up), told Wired that the software is used for:
...gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.
