But not it appears on Apple's iPhones.
Carrier IQ is a piece of software which certain US cellphone networks (Sprint for example) load onto their contract phones before they are released to consumers. The basic stated idea is quite simple: if there are problems then the software generates logs which the network can then analyse to see what the problems are.
However, this seems to have the rather undesirable side effect of working as a keylogger for everything that the consumer does with the phone:
An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.
In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software.
There are several different ways of looking at this and the comments sections of the various places where the story has been repeated over the past few weeks contain their fair share of all of them.
One is that it's simply a handy diagnostic tool and therefore so what? I think that's a slightly difficult position to maintain given that what the software records and then transmits to the network makes it almost certainly illegal under EU data protection and privacy laws (please note, it's only been seen on US phones so far and not on anything from Apple. But it has been seen on Nokias, Blackberries from RIM and various devices running Google's Android).
At the other end there are the security implications (not to say the damned impertinence) of a network having access to absolutely everything that you do with your smartphone. Absolutely everything, from search habits through website visits to the text of any messages.
But to be honest I think the part that worries me the most is, well, how hard is it to hack into this? To access that information if you're not in fact the network? If it is possible to access this information (and I'd be absolutely astonished if it were not) then this means that absolutely every smartphone running it is vulnerable, to put it mildly, to data theft.
For yes, if you online bank from your phone then the application will be logging that data, pins, ID codes and all.
That's really not something you want, is it? An application sitting on your phone that records all of these things specifically and exactly so as to broadcast them to someone else?
I have a feeling that we've not heard the last of this little story.
Update: I am told that it is BlackBerrys as the plural, not Blackberries as I have it. Further, someone who has handled and examined many of these phones says that he's not seen it on any Verizon or AT&T BlackBerrys.
