Carriers depend on their ability to control what goes over their network, from blocking foreign smartphones to forcing consumers onto high-tier data plans in order to subsidize the cost of devices, but some of the recent details on embedding metric tracking software on Android devices, while isn’t completely new, is invasive and provides carriers with a whole slew of what should be considered personal information.
The Android Creative Syndicate have been poking around in recent Android installs that come pre-loaded on Samsung devices from Sprint and have found Carrier IQ — what is being describing as “highly invasive, to the level of being spyware“. Carrier IQ is legitimately billed for tracking metrics and a “provider of Mobile Service Intelligent Solutions to the Wireless Industry”. In short, the software consists of daemons, libraries and small applications that provide detailed information to Sprint about your smartphone usage. The ACS (Android Creative Syndicate) advise that Carrier IQ hooks into the contents of SMS and MMS messages, battery and signal status, XML files that are opened as well as every web page visited. It can read each number that is entered into the phone dialer, details about open applications and is even tied into all data sent and received from the device.
Lead ROM Developer, k0nane, has posted screen shots showing the interface for enabling and disabling select services for the IQ Agent. He notes that all logging is disabled which hides the activities from users. ACS reports after removing the major traces of Carrier IQ they have noticed a significant increase in battery life and HTC Evo 4G users who have disabled similar services report increased speed and overall usability.
With the slew of recent malware found in the Android Market might we soon see more users taking to rooting their devices, installing custom ROM images that remove such bundled spywareand provide increased security by patching known holes? Hopefully Google can implement some strict rules for carrier customization as well as a different model for third party application access control.