Carrier IQ's support software has been monitored closely by Android security watchdogs for the last few weeks. After an embarrassing public relations snafu, the company stated that their software does not record personal information, despite the findings of an independent security analyst. But The Register reports that same analyst has now shown the Carrier IQ software logging keystrokes in real time, and transmitting them over an unsecure wireless connection. Carrier IQ is, in a word, busted.
When XDA member Trevor Eckhart published a scathing expose on everything that the software does, including the possible recording and transmitting of location, call data, web history, contacts, used apps and even keystrokes, the Android community was justifiably upset. When Carrier IQ threatened to sue him for exposing theses security and privacy violations, they were, not to put too fine a point on it, pissed. Carrier IQ withdrew their threats almost immediately and placated the public by saying that the software doesn't record keystrokes or other personal information. That appears to have been a bald-faced lie, or at the very least, an uninformed PR response. Mr. Eckhart has now proven his findings ob video.
You can see an extensive breakdown of the logging process in the YouTube video:
The software is installed on a number of HTC, Samsung, Nokia and RIM (BlackBerry) phones. I'll point out that the logging and data collection being done certainly doesn't have any ill intent - it's designed to let carriers identify and fix problems with their networks. But that doesn't excuse the massive amount of private information that's being collected and stored who knows where.
Android Community is attempting to contact the four major carriers in the U.S. to who is using Carrier IQ and on which phones. So far only Verizon Wireless has responded, saying emphatically that they do not use Carrier IQ's software in any way. we'll update you with the other responses as soon as they come in.