Carrier-IQ SmartPhone Monitoring Analysis

I am sure that everyone who reads this has already heard that there is a big gaffuffle raging over the potential monitoring and eavesdropping of smartphone based phone calls, text messages and even keystroke logging claims.

.

.

.

.

According to Dan Rosenberg’s blog, he has done some detailed analysis on the software, and has found the following to be true on his Samsung handset:

  • CarrierIQ (on his particular phone) can record which dialer buttons are pressed, in order to determine the destination of a phone call.
  • CarrierIQ cannot record any other keystrokes besides those that occur using the dialer.
  • CarrierIQ cannot record SMS text bodies, the contents of web pages, or email contents, even if carriers and handset manufacturers wished to.  There is simply no “metric” designed to carry this information.
  • CarrierIQ (on this particular phone) can report GPS location data in some situations.
  • CarrierIQ can record the URLs that are being visited (including for HTTPS resources), but not the contents of those pages or other HTTP data. Continue reading