Wednesday, 16 November 2011

Android Security: What Should We Worry About?

Last night I was crawling the net for the latest security news and found something of real interest. More Android malware? more Android vulnerabilities? Nope. Although I will say this. Android malware is optional, yes I said optional. What do I mean by that?

Android malware can be installed with your permission, and doesn't come free with the phone when you buy it. This security threat is NOT optional and is installed by your carrier. This threat has permissions even higher than super user and hides in your phones memory.

So what is it exactly? this rootkit is known as Carrier IQ (CIQ for short). What does it do you ask? normally CIQ is used to report back to the manufacturer when there is a problem with the phone, like if it crashes, etc. No big deal right? wrong.

The CIQ on Samsung/HTC phones is used as tracking system. It's tracking YOU. It's tracking your location via GSP even if you have it switched off, your calls, your text messages, what apps your running and when you use them, etc. Yes, this threat is keylogging you.

What makes this even worse is all that data is sent back to your carrier and is NOT anonymous. All that data has YOUR name on it. Apparently your privacy doesn't matter to HTC or Samsung, you don't have the option to opt-out of this program.

You can find both articles on XDA-Developers forum here and here.

Personally, I didn't even know about this invasion of my privacy until last night and this quote from XDA pretty much sums up how I feel about it.

Remember, we may not be the vast majority of your users/customers, but unfortunately for you, our communities are the ones who can make your sales efforts into a living nightmare. Consumers are the ultimate key holders and we suggest that you stop looking at us as dollar signs and more like people and customers. All in all, I am not for sale and my privacy is priceless.

Something tells me Samsung and HTC are about to be sued to hell, we shall see.

No comments:

Post a Comment