XDA member Trevor Eckhart (a.k.a. TrevE) recently uncovered a tracking rootkit that is installed on most mobile devices, including nearly all Android phones. The software is backed by carriers, and capable of some pretty nefarious things, including logging your keystrokes, opened apps, when calls are sent and received, and even more. Custom Android ROMs based on AOSP do not have CIQ, but any unmodified handset will have the extremely hard to remove software installed.
As noted by TrevE, a rootkit like this is an incredibly serious invasion of privacy and needs to be dealt with, but the company behind it seems to disagree. Carrier IQ has sent a nasty cease and desist letter to Mr. Eckhart asking him to issue a formal apology and remove infringing materials from his website. Thankfully for anyone who uses a cellphone, TrevE is standing his ground, and has retained the EFF as council.
We have now had a chance to review your allegations against our client, and have concluded that they are entirely baseless. Mr. Eckhart used and made available these materials in order to educate consumers and security researchers about the functionality of your software, which he believes raises substantial privacy concerns. Mr. Eckhart’s legitimate and truthful research is sheltered by both the fair use doctrine and the First Amendment.
We’re sure that will will be hearing a lot more about Carrier IQ in the near future, and we hope that Trevor and the EFF will be able to put a stop to this clear violation of privacy.