Good and EVO

And the HTC EVO/Carrier IQ saga continues [Updated]

I don't know about you, but I'm pretty sick of hearing about Carrier IQ every other day. But it seems that they've really dug themselves into a hole this time, and people are beginning to trust them less and less as it becomes more and more apparent that they might not be so honest and innocent as they most recently claimed.

This controversy has been going on for several months now (we first reported on it in August), and as recently as last week, security researcher and developer Trevor Eckhart was in some serious legal trouble for the claims he made against the company that creates this software in question. So Trevor has decided to fight back.

A recent article in The Register sums everything up quite nicely:

In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software.

Ironically, he says, the Carrier IQ software recorded the “hello world” dispatch even before it was displayed on his handset.

Eckhart then connected the device to a Wi-Fi network and pointed his browser at Google. Even though he denied the search giant's request that he share his physical location, the Carrier IQ software recorded it. The secret app then recorded the precise input of his search query – again, “hello world” – even though he typed it into a page that uses the SSL, or secure sockets layer, protocol to encrypt data sent between the device and the servers.

“We can see that Carrier IQ is querying these strings over my wireless network [with] no 3G connectivity and it is reading HTTPS,” the 25-year-old Eckhart says.

These findings are in direct opposition of Carrier IQ's most recent claims. In any case, you can watch Trevor's YouTube video above and read his complete write-up of his findings at the link below, and then make up your own mind. To be honest, though, things aren't looking too good for Carrier IQ.

Update #1: Forbes is reporting that Carrier IQ has likely violated wiretap laws in millions of cases, opening up the possibility for a class action lawsuit. (Thanks, Timmy!)

Update #2: The US Senate has launched an investigation into Carrier IQ, thanks to Senator Al Franken.

[Android Security Test] Thanks, anonymous!

Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

John F

John was the editor-in-chief at Pocketables. His articles generally focus on all things Google, including Chrome and Android, although his love of new gadgets and technology doesn't stop there. His current arsenal includes the Nexus 6 by Motorola, the 2013 Nexus 7 by ASUS, the Nexus 9 by HTC, the LG G Watch, and the Chromebook Pixel, among others.

Avatar of John F

22 thoughts on “And the HTC EVO/Carrier IQ saga continues [Updated]

  • Avatar of gticlay

    Just came over here to post the article:
    http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/

    I wasn’t all that worried but after watching this, I’m just plain mad. It’s sick, invasive, and, well cannot be legal in the USA (can it?). I look forward to a class action by those who know how to do this. I don’t even really want to use my phone anymore.

    Reply
  • Avatar of Josh m

    Remember how we all let htc know we wanted unlocked boot loaders and they were eventually convinced that it was a great idea? Well maybe we should let them know about how we don’t want this on our phones no matter what it claims to do.

    Reply
  • Avatar of gticlay

    I wonder how much CarrierIQ slows down a phone anyway? After watching the video, it sure seems like a lot of “info” to log all the time.

    Reply
  • Avatar of byg.nick

    Wow…. CIQ lied through their teeth…. scumbags. Class Action here we come!

    Reply
  • So has anyone else watched the video CarrierIQ has on their youtube channel? Total hockey. I agree with nick, they lie through their teeth.

    There is the video if anyone wants to see it/give it a thumb down.

    Reply
  • Avatar of Dro3d

    We all knew they were lying. Now I want this crap off my phone without having to Root or I’m canceling my accounts. Go trevE!

    Reply
  • I have a rooted HTC Who with over. 2.3.3 and I used Titanium Backup poor to freeze it. Hope it works. Let’s get a class action suite going soon against them.

    Reply
  • I have a rooted HTC Evo with version 2.3.3 with Titanium Backup Pro to freeze it. We need to start a class action suite against then as soon as we can to get them to wake up and get this crap off our phones. Sorry for the above errors.

    Reply
  • Avatar of Steve Gaudreau

    WOW THOSE LYING BASTARDS!!!! THEY ARE IN DEEP SHIT NOW!!!

    Reply
  • Avatar of Steve Gaudreau

    Is this on all android phones? A little late Mr Orwell, but big brother is definitely watching us. Thanks patriot act!!!!

    Reply
  • Avatar of Brandon

    WoW! They just did a story on Fox 45 Baltimore MD about Carrier IQ, and showed that video.

    Reply
  • Avatar of mrjavan

    I just watched the ceo for Ciq on youtube…dude says, “Ciq does not record keystrokes!”. funny, comments for the vid have been disabled. lol!! Hey, Ciq, stop pee’ing on our legs, then trying us it’s raining!! lying-sneaky-bastards!! and just in case u don’t read this here, be sure to check my keystrokes!! :D

    Reply
  • Avatar of Frank

    No, Nexus phones don’t have it for sure… On the rest its up to the carrier and/or manufacturer.

    Reply
  • Avatar of Caspar MacRae

    I’m from the UK and bought an EVO 3D sim free, here’s what HTC had to say when I asked if I had this evil spy software…. they don’t seem to know …

    Dear xxxx,

    Thank you for contacting HTC.

    I understand that you would like us to know if your HTC Evo 3D Europe device has embedded any application software from Carrier IQ in your phone.

    HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update via our website as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.

    I hope that this information meets with your requirements, should you have any further questions please do not hesitate to contact us again.
    If this response has resolved your query, and you have no further questions please close this ticket by following the link below. Upon closure of the ticket you will be invited to complete our Customer Satisfaction Survey which should take no more than 1 minute to complete.

    Let me know if I have successfully answered your question, please click here to complete this.

    To send a reply to this message, please click here.

    Sincerely,

    Kevin

    HTC

    Reply
  • Email sent to my Representative and both Senators in Congress. Maybe they can help push along an investigation or something.

    Reply
  • I’m going to do the same. We have to demand privacy and make sure another company doesn’t pop up to take its place.

    Reply
  • Fucking ridiculous! No sense of privacy at all nowadays or sense of security!

    Reply
  • Avatar of SARDog13

    So, if my keystrokes are being reported to Carrier IQ am I paying my provider for the privilege of being spied upon?

    Reply
  • Avatar of nascaraddict

    Going after Carrier IQ is only part of the problem, as they are the creator of the software and HTC and Sprint are the vehicle that’s the bigger issue! HTC and Sprint are the ones that have put this crap on our phones. Without them, Carrier IQ would have to hack into our phones individually.
    I’m glad this is getting the attention we all deserve. Now let’s see how long it takes for HTC and Sprint to rectify this for fear of serious lawsuits!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *