If you have not already heard, the vast majority of Sprint phones (especially all those from HTC) have a rookey spy bot running on them called "Carrier IQ". This software functions no matter what network you are on (3G/4G/private Wi-Fi) It logs every button you push, the content of all emails, SMS/MMS messages, locations, application use, Web browser history, pretty much EVERYTHING you do with your phone. It even logs web data from encrypted sites (https). To include any online banking applications, purchases, credit card data, etc. etc.
Not only is this wrong on a moral basis, it is also illegal, and violates US wiretap laws....
If you have not heard about this yet, here is a quick read in Forbes
Please call sprint, write them, and demand that this spyware is removed from our phones immediately, (or at least offer Sprint customers a means to "opt. out" of data collection). This is not something that can wait a month or even a week... It will only take a few hours per phone to generate a rom without the carrier IQ agent installed (it is just an application running as a root service, and takes seconds to uninstall without affecting any other portion of the operating system.)
Sprint needs to include a spyware free rom, or give us the ability to root our phones and uninstall it.
From what I am reading, this appears to be false alarm. But the social reputation damage is done.
BTW, Sprint Tech support told me that Sprint did not, could not, install CarrierIQ, because ... drum roll ... Sprint does not install things on their cell phones, only the manufactures do that. I could not get it through her head that manufacturers load Sprint's configuration and the updates come via Sprint even if the manufacturer supplies core fixes. The alternative is that my updates load to my phone from S Korea.
Not every carrier subscribes to CarrierIQ.
I argued with a Tech, then got to the Supervisor who sang the same song, at least the verion of reality that they are told, as part of an other issue where they denied that they could do anything about basic code that runs on the code.
Way to go Sprint!!!
I didn't wan't to root my phone, but I guess I'll have to in order to get rid of this garbage spyware. I may as well get the free tethering and hotspot app too if I have to root to get rid of this junkware.
Awesome work Sprint!!!
I read the article and comments. The gist is that the author checked part of the software on an HTC phone and patted himself on the back for doing work nobody else bothered to do. He then claimed that the software was not a problem on Samsung phones..... without bothering to check a single Samsung phone or read any of the documentation online about what others have documented. Android Central and xda-developers have techies documenting what they have found. I downloaded an app that finds Carriwr IQ. It is on the Epic.
This is not a False alarm.
Once the software was discovered, and all the information that could be captured was revealed, Carrier IQ went into a press release mode. They hired people to say that their software was not that bad, and released documents that downplay exactly how intrusive this software is.
That does not change the fact that all of your personal information, locations, contents of emails, text messages, visited websites and other data can be harvested at will from you phones. The current story from Carrier IQ is that they have access to this data, but they are not collecting it (They promise!). No matter how often Sprint, or Carrier IQ tells you that they are not collecting that data, the software on your phone has access to it. CarrierIQ at first claimed that no SMS (text messages) were collected, that is until it was proved that they did in fact collect SMS text messages (to include contents), only then did CarrierIQ admit that they were in fact collecting SMS text messages, and claimed it was accidental. Initially Carrier IQ claimed that they were not collecting a list of websites people visited, again once it was proved that they were in fact collecting web browsing history (to include when you are on private Wifi, not just on the Sprint Cell network), they finally admitted to collecting that data.
Both Sprint and CarrierIQ are refusing to share with customers (you and I), what data was collected from our phones, and who it was shared with. I have twice requested a copy of all data collected from my phones; once by phone and once in writing. I have yet to receive any reply at all, not even a call back.
In addition, the fact that our personal information (everywhere you go, who you call, who you text, what websites you go to) is being captured from our phones, and is sent to a third party, CarrierIQ, who houses that data in their facilities, is a violation of our privacy agreement with Sprint. CarrierIQ is not bound to a privacy agreement to us the customers, they are only bound to Sprint, and we have no idea what CarrierIQ does with that data, because they don't have to tell us. I have requested a written copy of these agreements between Sprint and CarrierIQ. Both have refused to discuss them or provide a copy of this agreement.
As to what the sprint technical support reps are telling people, they are only half correct. Sprint technical support cannot un-install the application as it requires root level access, this is true. The phones are shipped to Sprint with the CarrierIQ spyware installed as part of the ROM at sprint's request. HTC/Samsung etc. etc. will put whatever software on the phone that Sprint asks them to put on the phone (IE Spint Zone). So yes the software comes pre-installed as part of the ROM from the manufacture, but only because Sprint told them to put it there. It would take a few hours to generate a ROM without Carrier IQ installed.
Only Sprint can have CarrierIQ installed on our phones, or removed from it.
This software is a serious breach of our privacy; many believe it is a violation of federal wiretap laws, and we the customers require an "opt out" method. It is not a complicated process; just give us the customer's the choice to take part in this data collection, or to simply "Opt out"….
The worst thing we can do is just to let this blow over with no changes.... Please continue to contact Sprint to let them know how you feel, and to request an Opt-out method.
Please read the link that I posted above. The situtation is very much different than you percieve. None of the data that was presumed to be sent to carriers or CarrierIQ was been transmitted. Yes data was exposed in a debug data stream. Yes the problem should be fixed to prevent a malicious 3rd party app from reading that debug data stream.
At this point the problem is repeating the hype and false conslusions.
I read and replied to your post with the link to a shoddy report, explaining that it was partially researched, at best. It is a fact that both Sprint and CIQ lied to us. People have been lisd to should be suspicious.
I did read them, as well as many other articles, and I have looked at the CarrierIQ agent myself. It is not any diffrent than I percieve, and you are incorrect. Some of that data that was presumed to be sent to CarrierIQ (a third party), which at first they denied was ever sent,was in fact sent; they even admit it in thier latest release on thier website (after they at first denied it, and were proven not to be telling the truth). It is not as bad as it could of been, true enough, but is still completely unacceptable, and we need an Opt-out.