{"id":322,"date":"2011-12-02T15:10:29","date_gmt":"2011-12-02T19:10:29","guid":{"rendered":"http:\/\/www.fort-myers-patent.com\/?p=322"},"modified":"2011-12-15T00:53:38","modified_gmt":"2011-12-15T04:53:38","slug":"yet-another-android-securityprivacy-issue","status":"publish","type":"post","link":"https:\/\/www.fort-myers-patent.com\/?p=322","title":{"rendered":"Yet Another Android Security\/Privacy Issue!?"},"content":{"rendered":"

“When it rains, it pours<\/em>.”
\n<\/strong><\/p>\n

Indeed, the Android market has yet another security\/privacy mar.\u00a0 Just yesterday I blogged<\/a> about Android security flaws due to certain manufactures failing to effectuate one or more of Android’s permission-based security models.\u00a0 And today, I’m sharing yet another recently discovered problem; and it’s not 100% clear whether this problem stems from Manufacturers, Service Providers, or both.\u00a0 Nonetheless, this problem has been found on smartphones from HTC, Blackberry, Nokia, and others, and is clearly designed to send your sensitive information to your Carrier, such as Sprint, T-Mobile, AT&T, etc.<\/p>\n

The problem here is a small, kernel-based application known as “Carrier IQ” (or “CIQ”) that can (or does?) record every text message, Google search, and phone number typed on smart phones, and surreptitiously report this data to your mobile phone carrier.\u00a0 It was designed by the company:\u00a0 Carrier IQ<\/a>.<\/p>\n

\"\"<\/a>

Borrowed from PPCGeeks.com<\/p><\/div>\n

Trevor Eckhart (“TrevE”), a security researcher, posted a youtube video<\/a> in which he provides specific details evidencing this hidden software installed on an HTC Evo 4G smartphone, and shows step-by-step how it logs user locations and actions, such as key-strokes; and intercepts user communications from text messages and Internet browsing traffic.\u00a0 As also shown, the existence of CIQ is cryptically hidden, and attempts to manually disable it are ineffective.\u00a0 Of particular concern is the fact that HTTPS communications, which are supposed to be encrypted and readable only by you (the source) and another site (the destination; e.g., your bank), are not only logged, but logged in plain-text.\u00a0 So, your personal and private communications and information are not only being intercepted and recorded without your knowledge, but insofar as this log data is sent to your mobile phone provider in an unencrypted manner, your information, such as your login information to your bank, is being transmitted in an insecure manner, and clearly, subject to harvesting and misuse, whether during transit or after received.<\/p>\n

As reported by PPCGeeks.com<\/a>, Eckhart initially disclosed his findings in the XDA Developer Forums<\/a>, and upon learning of his disclosure, Carrier IQ threatened legal action against Eckhart.\u00a0 Enter the EFF<\/a> (Electronic Frontier Foundation), and Carrier IQ immediately backed down and issued an apologetic statement<\/a>: <\/strong><\/p>\n

“Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart<\/strong>. We sincerely appreciate and respect EFF\u2019s work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.”<\/strong><\/p><\/blockquote>\n

Just yesterday, class action law suits were filed against Carrier IQ, Samsung, and HTC for violating the Federal Wiretap Statute<\/a>.\u00a0 Immediate statements from Sprint, AT&T, and T-Mobile<\/a> assert their use of the software is strictly for network and device diagnostics; while Verizon, Vodafone, O2, Nokia, and RIM have issued denials<\/a> that CIQ is installed on their devices at all.\u00a0 As I see it, Sprint, AT&T, T-Mobile, and Carrier IQ are in deep trouble, as the Wiretap Statute does not recognize a defense for innocent use, and these carriers are clearly not parties to your conversations (a defense under the Federal WireTap Statute and some State WireTap Statutes).<\/p>\n

So what does this mean for us?<\/p>\n

First off, if you’d like your privacy and your sensitive data protected from CIQ, check out this Free<\/strong> Android App: Bloat\/CIQ \u2605 Freezer<\/a>, which freezes the execution of CIQ.\u00a0 Another alternative is to avoid texting, emailing, and browsing via your smartphone altogether until this problem is resolved.\u00a0 >:-\/<\/p>\n

And some folks actually question why so many people replace the manufacturer developed ROMs on their smartphones with custom-developed ROMs?\u00a0 PPCGeeks<\/a> and XDA-Developers <\/a>are homes to many talented ROM Developers and enthusiasts.<\/p>\n

As for the future, we will definitely be seeing a CIQ-specific Privacy Policy, whether independent of, or embedded within, a carrier-based Privacy Policy.\u00a0 Unquestionably, Carrier IQ (and associated carriers) must provide clarification on the collection and use of our private and sensitive information, even if for diagnostic purposes and\/or if anonymous.<\/p>\n

In the meantime, just be thankful for having an active international community of intellects that are the true supporting foundation of our technology and technology rights.\u00a0 I certainly am.<\/p>\n","protected":false},"excerpt":{"rendered":"

“When it rains, it pours.” Indeed, the Android market has yet another security\/privacy mar.\u00a0 Just yesterday I blogged about Android security flaws due to certain manufactures failing to effectuate one or more of Android’s permission-based security models.\u00a0 And today, I’m sharing yet another recently discovered problem; and it’s not 100% clear whether this problem stems […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,3],"tags":[],"class_list":["post-322","post","type-post","status-publish","format-standard","hentry","category-legal-reform","category-news"],"yoast_head":"\nYet Another Android Security\/Privacy Issue!? - United States Patent Attorney, George F. Wallace<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fort-myers-patent.com\/?p=322\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Yet Another Android Security\/Privacy Issue!? - United States Patent Attorney, George F. Wallace\" \/>\n<meta property=\"og:description\" content=\"“When it rains, it pours.” Indeed, the Android market has yet another security\/privacy mar.\u00a0 Just yesterday I blogged about Android security flaws due to certain manufactures failing to effectuate one or more of Android’s permission-based security models.\u00a0 And today, I’m sharing yet another recently discovered problem; and it’s not 100% clear whether this problem stems […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fort-myers-patent.com\/?p=322\" \/>\n<meta property=\"og:site_name\" content=\"United States Patent Attorney, George F. Wallace\" \/>\n<meta property=\"article:published_time\" content=\"2011-12-02T19:10:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2011-12-15T04:53:38+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.fort-myers-patent.com\/wp-content\/uploads\/2011\/12\/occupty-carrieriq-300x300.png\" \/>\n<meta name=\"author\" content=\"George F. Wallace\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"George F. Wallace\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fort-myers-patent.com\/?p=322\",\"url\":\"https:\/\/www.fort-myers-patent.com\/?p=322\",\"name\":\"Yet Another Android Security\/Privacy Issue!? - United States Patent Attorney, George F. Wallace\",\"isPartOf\":{\"@id\":\"https:\/\/www.fort-myers-patent.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.fort-myers-patent.com\/?p=322#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.fort-myers-patent.com\/?p=322#primaryimage\"},\"thumbnailUrl\":\"http:\/\/www.fort-myers-patent.com\/wp-content\/uploads\/2011\/12\/occupty-carrieriq-300x300.png\",\"datePublished\":\"2011-12-02T19:10:29+00:00\",\"dateModified\":\"2011-12-15T04:53:38+00:00\",\"author\":{\"@id\":\"https:\/\/www.fort-myers-patent.com\/#\/schema\/person\/b0297b9ac853b56d9119d8c950d41a28\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.fort-myers-patent.com\/?p=322#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fort-myers-patent.com\/?p=322\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fort-myers-patent.com\/?p=322#primaryimage\",\"url\":\"http:\/\/www.fort-myers-patent.com\/wp-content\/uploads\/2011\/12\/occupty-carrieriq-300x300.png\",\"contentUrl\":\"http:\/\/www.fort-myers-patent.com\/wp-content\/uploads\/2011\/12\/occupty-carrieriq-300x300.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fort-myers-patent.com\/?p=322#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fort-myers-patent.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Yet Another Android Security\/Privacy Issue!?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fort-myers-patent.com\/#website\",\"url\":\"https:\/\/www.fort-myers-patent.com\/\",\"name\":\"United States Patent Attorney, George F. Wallace\",\"description\":\"Serving the Greater Fort Myers, Bonita Springs, Naples, and Cape Coral Areas\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fort-myers-patent.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fort-myers-patent.com\/#\/schema\/person\/b0297b9ac853b56d9119d8c950d41a28\",\"name\":\"George F. Wallace\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fort-myers-patent.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/17648ea31e1721fb8c36a0987e8ac06462d7f6a2b1ff6d4ed2d719fca3f5064d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/17648ea31e1721fb8c36a0987e8ac06462d7f6a2b1ff6d4ed2d719fca3f5064d?s=96&d=mm&r=g\",\"caption\":\"George F. Wallace\"},\"url\":\"https:\/\/www.fort-myers-patent.com\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Yet Another Android Security\/Privacy Issue!? - United States Patent Attorney, George F. Wallace","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fort-myers-patent.com\/?p=322","og_locale":"en_US","og_type":"article","og_title":"Yet Another Android Security\/Privacy Issue!? - United States Patent Attorney, George F. Wallace","og_description":"“When it rains, it pours.” Indeed, the Android market has yet another security\/privacy mar.\u00a0 Just yesterday I blogged about Android security flaws due to certain manufactures failing to effectuate one or more of Android’s permission-based security models.\u00a0 And today, I’m sharing yet another recently discovered problem; and it’s not 100% clear whether this problem stems […]","og_url":"https:\/\/www.fort-myers-patent.com\/?p=322","og_site_name":"United States Patent Attorney, George F. Wallace","article_published_time":"2011-12-02T19:10:29+00:00","article_modified_time":"2011-12-15T04:53:38+00:00","og_image":[{"url":"http:\/\/www.fort-myers-patent.com\/wp-content\/uploads\/2011\/12\/occupty-carrieriq-300x300.png","type":"","width":"","height":""}],"author":"George F. Wallace","twitter_card":"summary_large_image","twitter_misc":{"Written by":"George F. Wallace","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.fort-myers-patent.com\/?p=322","url":"https:\/\/www.fort-myers-patent.com\/?p=322","name":"Yet Another Android Security\/Privacy Issue!? - United States Patent Attorney, George F. Wallace","isPartOf":{"@id":"https:\/\/www.fort-myers-patent.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.fort-myers-patent.com\/?p=322#primaryimage"},"image":{"@id":"https:\/\/www.fort-myers-patent.com\/?p=322#primaryimage"},"thumbnailUrl":"http:\/\/www.fort-myers-patent.com\/wp-content\/uploads\/2011\/12\/occupty-carrieriq-300x300.png","datePublished":"2011-12-02T19:10:29+00:00","dateModified":"2011-12-15T04:53:38+00:00","author":{"@id":"https:\/\/www.fort-myers-patent.com\/#\/schema\/person\/b0297b9ac853b56d9119d8c950d41a28"},"breadcrumb":{"@id":"https:\/\/www.fort-myers-patent.com\/?p=322#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fort-myers-patent.com\/?p=322"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fort-myers-patent.com\/?p=322#primaryimage","url":"http:\/\/www.fort-myers-patent.com\/wp-content\/uploads\/2011\/12\/occupty-carrieriq-300x300.png","contentUrl":"http:\/\/www.fort-myers-patent.com\/wp-content\/uploads\/2011\/12\/occupty-carrieriq-300x300.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.fort-myers-patent.com\/?p=322#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fort-myers-patent.com\/"},{"@type":"ListItem","position":2,"name":"Yet Another Android Security\/Privacy Issue!?"}]},{"@type":"WebSite","@id":"https:\/\/www.fort-myers-patent.com\/#website","url":"https:\/\/www.fort-myers-patent.com\/","name":"United States Patent Attorney, George F. Wallace","description":"Serving the Greater Fort Myers, Bonita Springs, Naples, and Cape Coral Areas","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fort-myers-patent.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.fort-myers-patent.com\/#\/schema\/person\/b0297b9ac853b56d9119d8c950d41a28","name":"George F. Wallace","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fort-myers-patent.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/17648ea31e1721fb8c36a0987e8ac06462d7f6a2b1ff6d4ed2d719fca3f5064d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/17648ea31e1721fb8c36a0987e8ac06462d7f6a2b1ff6d4ed2d719fca3f5064d?s=96&d=mm&r=g","caption":"George F. Wallace"},"url":"https:\/\/www.fort-myers-patent.com\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/www.fort-myers-patent.com\/index.php?rest_route=\/wp\/v2\/posts\/322","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fort-myers-patent.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fort-myers-patent.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fort-myers-patent.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fort-myers-patent.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=322"}],"version-history":[{"count":31,"href":"https:\/\/www.fort-myers-patent.com\/index.php?rest_route=\/wp\/v2\/posts\/322\/revisions"}],"predecessor-version":[{"id":326,"href":"https:\/\/www.fort-myers-patent.com\/index.php?rest_route=\/wp\/v2\/posts\/322\/revisions\/326"}],"wp:attachment":[{"href":"https:\/\/www.fort-myers-patent.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fort-myers-patent.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=322"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fort-myers-patent.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}