This has been in the news for last week: it has been reported that there was a program within some Android devices that reports keylogs from mobile phones to the telco company. Want to know more about it: Google for “CarrierIQ Keylogger”.

What we know

Anyway, this shows once again that:

  • every popular platform tends to be the target of choice of all sorts of hacking and cracking. Popularity always comes with its downsides. We’ve seen it while Microsoft Windows grew so much that it became the target of choice for all viruses and malware. The same applies to Microsoft Office who had hard times dealing with macros scripts. Now, with Android holding the biggest market share on the smartphone segment (at least in the U.S), it comes to no surprise that it also gained attention from those hackers,
  • privacy is also an issue with mobile phones. On one hand, smartphones are becoming more connected (with 3G and even EDGE networks).On the other hands, we can see apps and software that are targeted to monitoring a smartphone behavior. If you search on the internet for apps that allow you to spy your spouse, or monitor what your kids are doing, then you’ll find plenty of solutions.

How does it work?

While the following does not specifically apply to CarrierIQ Keylogger, it gives you a broad understanding of what is now offered/possible in this field of logging activities on Smartphones. In fact, this means that a software is running in the background and record whatever action you do on your smartphone then send it elsewhere: your smartphone has an internet connection, isn’t it? In fact, most software can be installed without the owner being aware of it once it’s running (at least most of the times).

If your smartphone has GPS, it can record on a regular basis your GPS coordinates then send it online so that the places where you’ve been (well actually it’s the place where your smartphone has been) can be plotted on a Google Map. So let’s say that your coordinates are sent to the server every 30 minutes, imagine how you can be traced all the time.

Let’s be paranoiac

Some software even pretends to be able to send to online place copies of SMS and chat sessions that you have done, as well as the websites. I’ve even seen one software who can send a text to parents if a specific keyword appears in the SMS his kid is exchanging, thereby informing the parents almost in real-time about what’s happening. Some apps even send copies of photos that have been snapped from the smartphone.

In fact, the major issue is that most smartphone owners are usually not aware of what that software is doing. Truth to be told, it doesn’t take too much data volume to send a GPS coordinates, nor send copies of SMS texts: this means that it is highly unlikely that the user would see a high increase in their data bill.

What’s your view?

Well, it may sound like a sci-fi movie scenario, but the fact is: the reported news (about the CarrierIQ Keylogger), as well as the public commercial, offers that you can find on the internet, demonstrates that some (or most) of the features we’re mentioning here are already available. I just remember back in the years of Windows adoption and the rise of viruses: users were told not to install unknown programs (and freeware), it sounds like the same approach is happening with smartphones and apps now.

What’s your view on this? Any tips you’d like to share for preventing such things to happen to our fellow smartphone users?