Researchers Say Carrier IQ Isn't Logging Data, Texts 130
Trailrunner7 writes "Security researchers who have investigated the inner workings of the Carrier IQ software and its capabilities say the application has some powerful, and potentially worrisome capabilities, but as it's currently deployed by carriers it doesn't have the ability to record SMS messages, phone calls or keystrokes. However, the researchers note there is still potential for abuse of the information that's being gathered, whether by the carriers themselves or third parties who can access the data legitimately or through a compromise of a device. Jon Oberheide, a security researcher who has done a lot of work on Android devices, also analyzed several versions of the Carrier IQ software and found the software has the ability to record some information, but that doesn't mean it's actually doing so. That part is up to each individual carrier. However, he says the ability to collect such data is a dangerous thing. 'There is a lot of capability to collect sensitive data, which is dangerous in any scenario,' Oberheide said in an interview. 'It's up to the carriers to use the software as they choose, but you could sort of put some blame on Carrier IQ. But they put it on the carriers.'"
For those who don't want to trust in the good will of Carrier IQ or carriers themselves, here are a couple ways to get it off your phone.
Re:Pet Peeve: SEO and URLs. (Score:4, Informative)
Re:Why is CarrierIQ an issue? (Score:5, Informative)
According to this video [wired.com] Carrier IQ has the ability to capture URLs that are entered, including HTTPS URLs. When a browser makes a secure connection (HTTPS), the URL is encrypted before the browser transmits it to the target webserver to protect any sensitive information it may contain. So the carrier would not be able to log such URLs through their equipment -- Carrier IQ allows them to do it by intercepting before encryption is applied.