Your Android Phone is Spying On You, Use custom ROM To Protect your Privacy
The Hacker News


In this digital age, privacy is more important than ever. Just because you "don't have anything to hide," does not mean that you shouldn't value your privacy or fight for it when companies do things like this, especially with something as personal as your cell phone.


An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. Is it time to put on a tinfoil hat? That depends on how you feel about privacy. In the nearly 20-minute video clip, Eckhart shows how software developed by mobile-device tracker Carrier IQ logs each keystroke and then sends them off to locations unknown. In addition, when Eckhart tried placing a call, Carrier IQ's software recorded each number before the call was even made.

What is Carrier IQ, exactly?
The software is hidden inside phones there is little you can do to detect that it's even installed, let alone remove it, and it tracks everything. Keystrokes, browsing and surfing habits, Google searches, and basically every single thing that you are doing on your phone and every button that you press is logged by this software. Jump to 9:00 in the YouTube video below for the proof this is basically a keylogger running on your phone that you didn't know about.
The Hacker News

The company that's creating this software claims that the point of the software is to deliver "analytics" about devices to the carriers to help them provide better service to their users. But is recording every keystroke really necessary for that information? Does not telling the users about this and making it near-impossible to opt out seem a bit fishy to anybody else? This software is on almost all Android phones made by the big names (HTC, Samsung, Motorola), and is even on BlackBerries and Nokia devices, as well.

"Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart," the company said in response to the EFF's letter. "We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world."

But Eckhart's new video seems to refute at least some of those claims. In one part of the clip, he shows how an entire SMS message--"hello world"--was recorded by Carrier IQ's software. In another example, he demonstrates how a Google search, his location, and other key information is recorded by Carrier IQ's application, even though he was on Wi-Fi and a page secured by HTTPS.


HTTPS? Nothing Is Safe From Carrier IQ
For those unaware, the S in HTTPS stands for secure. It's what keep your passwords and other sensitive data safe when sent across the web. It's provides encryption for said information, so whilst it's traveling through the airwaves, it's safe and snuggly, away from the awful people who want to steal your info.

Just because a website is using a secure connection doesn't mean it's one-hundred percent safe from end-to-end, though. You see, some information, including usernames and passwords, can still be sent plain text. For example, the username and password can be used in the address of the site, like www.mysite.com?username=MYNAME&password=MYPASS (Trev's example). Sure, it's encrypted while going down the tunnel, but guess who gets to see the raw link? Did you guess Carrier IQ? If so, go get yourself a cookie. You earned it. [Source]

Carrier IQ says in this public statement that it is "not logging keystrokes or providing tracking tools" and that its software is used to track performance, but the video proves entirely otherwise: this app is sitting in between you and the Android OS and is making a note of everything you do. Secure websites don't help. Even using Wi-Fi doesn't help. Your phone use is being logged by this software, and there is no way to easily opt out.

Devices Without a Cellular Network Aren't Safe, Either
Let's think about the name of this thing for a minute - Carrier IQ. So, it's probably safe to say that this is all about the carriers, right? If that were true, then why would CIQ remain active once a device no longer has carrier service?

Let me back up for one second, CIQ claims that its services are stopped the second the SIM card is removed from the device, which is all fine and dandy... if you're on a GSM network. Those of us on CDMA networks aren't so lucky, though, because we don't use SIM cards. Thus, even when a device is deactivated from its network, it continues to send data back to the carrier, CIQ, and whoever else whenever you're on a Wi-Fi connection.

Ensure your Privacy : Use custom ROM To Protect your Privacy
Unfortunately, there is no easy way to protect yourself. There's no switch that you can turn off in the settings of your phone or software that appears in your app drawer that you can simply uninstall. As far as the GUI of your phone is concerned, Carrier IQ isn't even there. But it is there, hiding in the background, making sure that you don't even know it exists. And for many, that's just not cool. Your phone is a deeply personal device and contains lots of things (emails, photos, text messages) that many would consider totally private. Why should this company have access?

The Hacker NewsBest way, root your phone and there are many guides available for the different devices. The best place to look for information on rooting is the XDA Forum. Search on the page for your phone name and go to the "General" forum for the device. There, you should find threads with guides on how to root and get the phone ready to install custom ROMs. The process varies widely phone by phone, so we can't give you a definitive guide here, but XDA is generally on top of the best rooting processes for the major devices.The next step is to find a ROM that supports your device that does not have Carrier IQ installed on it. Your best bet is to look for "AOSP" or "Vanilla" ROMs. These are versions of Android that have built entirely from the open source code for Android that's released by Google each time a new version comes out. These ROMs will be free from carrier and device manufacturer tinkering, and won't have Carrier IQ hiding in the background.

Another great custom ROM solution is Cyanogenmod. Cyanogenmod has some nice additional tweaks and features above stock Android, and is definitely the most well respected and most frequently updated custom ROM out there. Additionally, it's available on most popular Android devices out there. The developers are even working hard on the next version, based on Android 4.0, Ice Cream Sandwich.

A simple Guide : How To Install CyanogenMod 7 On Samsung Galaxy S II Using ROM Manager is Available here.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.