Additional digging leads to more concerns about Carrier IQ on the HTC EVO
Last week we reported on Carrier IQ, a software package included in the HTC EVO that "records a log of every keystroke, reads every number you press in the dialer, and can track which applications you use." Many readers were upset to find out about this, although the company that makes this software was quick to step in and offer some clarification:
What Carrier IQ actually does is report on the performance of the network and device so that the operator or handset manufacturer can take action to fix it. The software is designed to count and measure performance not record your conversations or messages.
Understanding why a call dropped or an SMS failed or a battery died is really important for service providers and handset vendors to provide a high quality product. It’s also important if you ever call customer service so they can actually figure out what problems you are having.
Interestingly enough, it seems that this official explanation may only be part of the story.
According to TrevE, who is one of the developers on Team Synergy that is working on the popular Synergy ROM for the HTC EVO 3D, Carrier IQ is not the only part of Android that is collecting logs of user activity and sending these off somewhere in the cloud:
They get written out by framework to 4 major locations.
1- /data/system/appusagestats – this folder contains a file called HtcAppUsageStats. It seems to be a file of every intent started on your phone and length of using it.
2- /data/system/usagestats – this seems to be googles usage stats with much of the same info as above but were guessing going off to another location.
3- /data/system/userbehavior.db – this seems to have the IPs stuff is sent out to. We found the two open connection IPs in this database, they go somewhere to amazons cloud.
4- /data/system/dropbox – now this is interesting, there was over 500 files in this directory. When we deleted everything in this folder and opened market, logcat reported errors looking for these files. Why is the market looking for these files on start?
Why do we care? Well read Settings -> about phone -> legal -> htc legal. It says this data contains IMEI/stats/GPS/CID/etc. with even just IMEI/stats it _COULD_ be enough to detect a rooted phone and void warranty from this alone, which cannot be disabled by stock functionality.
So there you have it. In addition to standard privacy concerns, including the recording and transmission of location data, it seems that this software could be used to detect rooted phones, thus potentially voiding your warranty, even if you haven't used HTC's official method to root your device.
Now, before you get too upset about this, keep in mind that there are no reports of warranties actually being voided based on information sent to Sprint or HTC by Carrier IQ. Also, keep in mind that many ROMs strip out Carrier IQ and related Android software by default, thus protecting a subset of rooted users who choose to install custom ROMs.
However, this is still a major privacy concern, and hopefully HTC and Sprint can provide some further clarification to what exactly is going on here.
Thanks, XpAcErX!
