Carrier IQ is not as scary as it looks, suggests study
While many are accusing Carrier IQ of all kinds of mischief, including logging the text messages, call information, and browsing history of unsuspecting subscribers, others claim that the controversial software is much more harmless than it is being portrayed. Dan Rosenberg, who is a security expert at VSR, shares in his blog that Carrier IQ is actually unable to read the contents of text messages, e-mails, and other types of sensitive data. In other words, the carrier cannot use the software to eavesdrop on you even if it wanted to.
That is the conclusion Rosenberg arrived at after extensively analyzing the software's inner workings on a Samsung Epic 4G Touch. He does point out, however, that Carrier IQ is capable of sending tracking information on some occasions, such as a device's GPS coordinates. The report has also found that keystrokes can indeed be logged, but that cannot be done outside of the dialer application. And since the carrier knows who you are calling anyway, that cannot be viewed as a potential threat to a user's privacy.
What may seem somewhat disturbing is that website URLs are being sent as well, including secured ones, but on the bright side, the actual web page content cannot be viewed by using Carrier IQ. The list of applications that are running on a smartphone is also accessible by the carrier, but that is likely used for detecting unauthorized tethering rather for anything more elaborate.
So, what do you guys think? Is Carrier IQ really that much of a privacy threat, or is it just a victim of exaggerated claims? Feel free to drop a comment below and let us know.
source: Dan Rosenberg via MobileBurn
Things that are NOT allowed: