Posted by Greg Mills

The location data scandal of last summer has just been eclipsed, by everyone but Apple, with a revelation that virtually all Android, RIM and Nokia phones report every keystroke you make to a server farm in Mountain View, California. As privacy issues go, recoding your location and reporting it to Apple is bad enough, but a root kit keystroke recording and reporting system hidden deep in the OS of virtually all Android Phones, RIMBerries and Nokia phones is far worse. Even more outragious, the keystroke logger runs even when the device is in WiFi mode and not even using the network!

Check out www.CarrierIQ.com and you will find a web site for a mobile network analytical company that has been looking over the shoulder of millions of cell phone users. Undetected and undisclosed by AT&T, Verizon, T-Mobile, Sprint and other networks, the Carrier IQ software is so well hidden in the root kit of the mobile OS that it took an expert to find it. The culprits include Google, RIM’s software team and Nokia’s software team. Microsoft’s involvement is unknown at this time, but that detail is sure to come out.

This revelation may accelerate the swing to Apple’s iOS based devices. The inclusion of the root kit key stroke software is certainly intentional and known to all the players in the industry. See: http://www.networkworld.com/news/2011/113011-mobile-privacy-253621.html?hpg1=bn

UPDATED INFORMATION: It appears that there are references to the servers at Carrier IQ hidden in the iOS, but that they appear to be turned off by default where as they are on by default on the other platfroms. Apple may have include the ability for iOS devices to hook up with the Carrier IQ servers in dignaostic mode only. I have requested clarification from Apple and will report back what they say. I have still been unable to confirm that Windows Mobile is free of this keystroke malware.