There has been a bit of a kerfuffle in the press recently about Carrier IQ – a piece of software that hides on your phone and reports data back to the telephone company. (More technical details here.)
We wanted to know whether New Zealand telecommunications companies are installing this sort of software on the phones they sell to us.
Telecom deny that they used anything of the sort:
No, we do not use Carrier IQ. Our devices do not come loaded with this type of software and we don’t have an agreement with Carrier IQ or any other company that implements tools like this.
Vodafone also deny using such software and make a good point about it contravening the Privacy Act:
Vodafone would never knowingly contravene the privacy act and to the best of our knowledge this software is not on any of the devices we sell.
Telstraclear have also denied it (brevity due to denial being via Twitter):
@TelstraClearNZ No, our devices do not keylog. ^TN
2 Degrees joins the rest:
No, we haven’t. The only customer information 2degrees records is for billing purposes. We don’t monitor our customers’ handset activity or request that any software to do so is installed on devices.
Thanks to @nzkarit on Twitter for his assistance with this article.
I find the TelstaClear response a bit “wordy”, using the term “keylog”. They don’t deny anything else.
Is it worth pointing out that the scary ‘every keypress recorded’ video was the output of logcat? That just means that the app on the phone gets all this information, the kind of thing any debugging software would want to see.
There’s no evidence that any significant amount of it is forwarded over the network. There’s very little reason to think that the carrier cares much about what buttons you press anyhow for any reason other than (as they claim) trying to make sure their handsets and network run as well as possible; they already get every number you dial and every text you send and there hasn’t been a huge moral panic about that.
Take a chill pill. And if this sort of thing worries you, don’t ever look at your windows event log or *nix’s /var/log/messages
While I agree that some people have got a little bit over excited about the Carrier IQ software, there is still a basic problem with telcos installing this sort of software on the phones they sell.
If the telcos were doing it in good faith – why didn’t they tell people? Why did they use software that deliberately hides itself from the user? Considering that most telcos don’t install such software, how necessary is it really? Why can’t users uninstall it?
Then there’s the problem that Carrier IQ obviously has low level system access to the phone – how well written is it? Some of us remember the Sony rootkit fiasco where they inadvertently opened up a number of security holes that could be exploited by others. There also could be performance or battery life problems.
Finally there can be issues where apps collect data where it might not be to our advantage to have it collected. The Apple location data is a good example. Looking up the information made sense, but keeping a log of it meant that anyone who got access (physical or across the network) to the files on your phone could work out where you’d been.
Personally I’m pleased to see that the NZ telcos haven’t been as arrogant and stupid as the US ones when it comes to installing this sort of software.
Why don’t teleco’s tell people about debugging software? I suspect because the large majority of phone users probably don’t want to know, and even the few we’re getting now are only paying attention because it’s been over-hyped and presented in a very misleading way.
Buggy debugging software? Try even getting people to care about buggy implantable defibrillators!!
I’ve always assumed that my phone keeps lots of information I’d rather not have it keep. Thanks to wear-leveling there’s a good chance that everything that ever gets written to flash memory will be preserved even after it gets ‘deleted’, until the phone has first worked it’s way through the entire unused part of the memory. But hopefully if I ever lose it the person who picks it up won’t know this or have the technology to recover any of the information.
Civil-rights-types who fear having their phone taken and searched by the police are a different matter, and I suspect laws asking the police not to do that aren’t really going to get passed.
One good solution to this might be phones that support filesystem encryption. You can get LUKSmanager for Android but it only gives you a protected folder; I’d be pretty happy to see a version of Android that has a completely encrypted filesystem and won’t do jack until you enter a passphrase.
Android is open-source, right? Someone get hacking…
Set your life more simple take the credit loans and all you need.