App on millions of phones secretly logs key taps

An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.

In a YouTube video, Trevor Eckhart demonstrates how software from a Silicon Valley company, CarrierIQ, records in real time the keys he presses on a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device is in airplane mode, each numeric tap and every received text message is logged by the software.

CarrierIQ tried to muzzle Eckhart by slapping a cease and desist order on him.  They backed down and apologised profusely after the EFF (Electronic Frontier Foundation) came to his defense.

Despite its protestations of innocence, CarrierIQ could well have broken the Federal wiretap law.  If CarrierIQ has managed to have the handset manufacturers secretly install software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this probably consitutes a federal wiretap.

The manufacturers themselves appear to be unaware of the surveillance capabilities of the CarrierIQ software.  Eckhart has found the application on Samsung, HTC, Nokia and RIM devices.  CarrierIQ claims on its website that it has installed the program on more than 140 million handsets.

If all this is true, CarrierIQ is exposed to the possibility of a class action lawsuit which would include all users whose handsets have been violated.

This story follows a similar mobile surveillance infringement in which a smartphone application surreptitiously gathers information on the location of its users and sends that data to an advertising company in the US.  The application is a goldfish catching game that does not require any information about the user’s location to play. The collected information is used to display ads highly connected with the locations of application users.

I have said it before, smartphones have become personal surveillance devices.  Combine that with online data tracking, point-of-sale non-cash transactions, and security cameras everywhere, and realize that we live in a surveillance society where your every move is being documented, collated and sold.  A digital dossier accumulating in “the cloud” has your name on it. And you are the only one that does not have access to it.

Seems like a bad dream to me.  Welcome to the future.

This entry was posted in watching the watchers. Bookmark the permalink.