More than that, https strings (the only ‘real’ net security) are tracked as well.
“Trevor Eckhart says he's uncovered a piece of spyware that monitors the phone's location even when location services are disabled, and which logs every keystroke. It ignores the 'Force stop' button and is nearly impossible to remove, he says.” – Emma Woollacott, TGDaily (http://www.tgdaily.com/security-features/59944-secret-key-logging-software-found-on-millions-of-phones)
Trevor Eckhart posted a 17 minute video on Youtube back in September documenting this newest, creepy tracking spyware and how it actually stores urls (http and https) as well as keystrokes.
You can watch it here: http://www.youtube.com/watch?v=DgABEzf_oJo
CarrierIQ (the perpetrator) threatened Eckhart with legal action until the Electronic Frontier Foundation intervened and CarrierIQ backed down.
CarrierIQ stated the information gathered was used only for performance improvement to benefit the customer. They stated it does not gather information per se, but Eckhart’s video shows different evidence.
"The information gathered by Carrier IQ is done so for the exclusive use of that customer, and Carrier IQ does not sell personal subscriber information to third parties. The information derived from devices is encrypted and secured within our customer’s network or in our audited and customer-approved facilities." – CarrierIQ
The semantic trick here is that the “customer” is not the user. If pressed, they’ll tell you that well, yes it is by ‘trickle down’ improvement of the network. To that type of response I say, “Horse feathers”.
In fact, I’d love to see full disclosure of that “customer list”. I want to know which carriers are involved in this.
By the way, if it’s not information, what is encrypted and why is it encrypted?
Another take on CarrierIQ’s “benificent” use of this spyware comes from Sophos:
"The company [CarrierIQ] claims the software is designed to help mobile phone carriers to improve their service quality by measuring where calls drop, what applications are causing performance issues and which handsets may have problems on their networks," says Chester Wisniewski of Sophos.
"This may be true, but the inability to opt-out or remove the software without informing the user is extremely concerning. Combine that with all of the sensitive information the software is designed to intercept and it raises far more questions about how this software is being used."
It also raises questions about where this information is going. I believe the public has a right to know this information, and I’ll tell you why: I bet that the cost of that CarrierIQ garnered info being transmitted is being paid directly or indirectly by the real customer: The poor shmendrick using that cell phone.
I hope the lawyers and government remember that when the (hopefully) legal remedy is applied.
I want to know who authorized this covert, illegal invasion of privacy and how it was done. I want government intervention with stiff jail terms for the criminals who turn our privacy and lives into commodities to be traded for their profit.
I wonder about these “secure customer networks”. Secure? Nonsense.
Verizon has supplied instructions on how to “opt out” of this Google like “program” (url below), but not how to get it off your phone. They also make a point of telling you you will continue to get ads, but they will be “less relevant” to you. The nerve. Tell me how to get it off my phone!
I (for one) demand an accounting. I’m getting really tired of these “entrepreneurs”.
Q - How do you know when you’re being spied on?
A – You’ll see the phrase: “Your privacy is important to us.”
Source:
http://www.tgdaily.com/security-features/59944-secret-key-logging-software-found-on-millions-of-phones
http://www.youtube.com/watch?v=DgABEzf_oJo
Instructions on how to “opt out” (but not remove the spyware) for Verizon phones:
https://email.vzwshop.com/servlet/website/ResponseForm?OSPECC_9_0_9hg_eLnHs_uhmpJLE