Your smartphone could be too smart for your own good. An Android developer has discovered a hidden application on tens of millions of phones that secretly records everything a user does, from sending text messages to creating passwords, a revelation that has the tech community up in arms. The scandal-triggering surveillance software is called Carrier IQ, and it's being labeled the "Jerry Sandusky of mobility" and "an insane breach of trust." Here, a brief guide:
What is Carrier IQ?
Twenty-five-year-old Trevor Eckhart, a Connecticut Android developer, discovered a hidden tracking app from an analytics company called Carrier IQ that's built into many Android phones. He found that the eponymous app was able to log a user's every keystroke, every number dialed, the contents of every text message sent or received, every search query inputted, every website visited, and so on. In a 17-minute video demonstration making the rounds (watch it here), he offers damning, detailed evidence. The app almost always runs in the background of a user's phone without his permission or awareness and is near-impossible to remove from a phone.
What is Carrier IQ doing with all this information?
That's unclear. Contradicting Eckhart, the company says it does not record keystrokes or the content of emails and text messages and is simply recording information for diagnostic purposes "to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash, and battery life." It would seem that Carrier IQ's clients — mobile manufacturers and carriers — are able to define the parameters of what the app tracks, thus implicating them as well.
What phones are affected?
That's still coming to light. The program is reportedly embedded in 140 million handsets around the world. AT&T, Sprint, HTC, and Samsung admit to having the tracking software on their phones but say the information it collects is only used to improve service. Verizon, Research In Motion, and Nokia have denied having the app on their phones. Some hackers have found Carrier IQ on Apple's iPhone but say it is off by default and only logs technical information. Apple has issued a statement saying it stopped supporting the app in most devices with the recent iOS 5 update and never used it to record keystrokes and personal information.
How bad is this?
"Bad, really bad," says Jesus Diaz at Gizmodo. Privacy advocates and legal eagles are reeling. Commentators are likening the development to Big Brother and "the Master Control Program," the rogue computer in Tron. A onetime prosecutor for the Department of Justice and current professor at the University of Colorado Law School, Paul Ohm, says this might not only be a privacy issue, but could be in violation of federal wiretap laws, if it does indeed record users' text messages, as asserted.
The story is still developing. Carrier IQ has denied Eckhart's claims and initially threatened legal action against him, then quickly backed down. On Thursday, Sen. Al Franken (D-Minn.) wrote a letter to Carrier IQ CEO Larry Lenhart demanding more information. "Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information," the senator said in a statement. "The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling." Carrier IQ has pledged to undergo an investigation by independent security analysts.