Many cellphone users are wondering whether their Android and BlackBerry devices are spying on them after security researcher Trevor Eckhart recently claimed that a piece of diagnostic software on the phones was acting like malware. Eckhart said the software, created by company Carrier IQ and installed on devices by phone manufacturers and carriers, was secretly recording user data such as keystrokes and Web browsing history. Carrier IQ's software is on more than 140 million handsets worldwide.
Carrier IQ denies Eckhart's allegations and says its technology is only used for diagnostic purposes to improve handset performance and network quality.
So is Carrier IQ up to no good? Is the company's software collecting more information from your handset than it should? Or is this just a big misunderstanding about what Carrier IQ's software does?
Here's a breakdown of what we know.
What was discovered?
Eckhart published a report in mid-November about a piece of software created by Carrier IQ. This software is supposed to be a diagnostic tool that helps manufacturers and carriers improve the quality of their services. But Eckhart claimed Carrier IQ's software is actually a rootkit that secretly logs your phone's activity.
Carrier IQ diagnostic software comes installed on many phones including Android and BlackBerry devices, according to Eckhart. Carrier IQ software was later discovered on iOS devices but it appears to be benign.
In Video: Carrier IQ Captures Personal Mobile Data
What was the software doing?
Eckhart posted a video to YouTube showing what he said was Carrier IQ software running on an HTC handset. In the video, the Carrier IQ software appears to be logging key presses (including the phone's number pad), SMS messages, location data, and Web browsing history including encrypted data traveling over https (SSL). It's not clear whether this data was then sent to Carrier IQ.
Does it do the same thing on all phones?
Eckhart's demonstration shows only what Carrier IQ's software was doing on an HTC phone. Samsung devices appear to log some of the same information including screen taps and browser URLs, according to Eckhart's report.
Developer Grant Paul (no relation to the author) claims that on iOS devices, Carrier IQ software was accessing a more limited set of information including your phone number, carrier, country, when a phone call is active, and your location if Location Services is turned on.
The Verge is reporting that Carrier IQ software is not on Motorola's Xoom or Nexus-branded Android phones including the Nexus One, Nexus S, and Galaxy Nexus.