A 25-year-old has discovered a piece of software installed on millions of phones by wireless telecom providers that can log every keystroke and send it to the carrier mothership. What they do with that information is their business, not yours. For his trouble, this guy was harassed by Carrier IQ, the company that sells the software, but with the EFF’s help, they were forced to back off and even apologized.
Here’s a summary of what we know so far:
* Some Android and Blackberry phones have Carrier IQ. It was originally discovered on a HTC Android phone, and it ran whether or not the user opted-out of data collection.
* Carrier IQ has been found on iPhones, but it appears to collect far less information than on Android, and if the user chooses a privacy opt-out, no information is gathered.
* Verizon has denied installing Carrier IQ on any of its phones. So the threat is probably limited only to certain carriers.
* Carrier IQ is not installed on Google-controlled devices (the Nexus line of phones and the original Xoom tablet) since Google manages the software on those phones, not the carriers.
If you need any more reason to prove that we need more regulation of wireless telco, here it is, in spades. The most comprehensive coverage of this story is at The Verge, which is a new tech publication run by Markos Moulistas’ Vox communications. And if you want to see a good fisking of some of Carrier IQ’s bullshit, Jon Gruber has one.