Millions of Android, Nokia and BlackBerry phones are secretly tracking their users, according to an Android developer.
Trevor Eckhart says he's uncovered a piece of spyware that monitors the phone's location even when location services are disabled, and which logs every keystroke. It ignores the 'Force stop' button and ins nearly impossible to remove, he says.
The software - which Eckhart describes as a rootkit, because of the way it's so hidden - comes from Carrier IQ, which initially threatened legal action against Eckhart, although it backed down when the Electronic Frontier Foundation intervened.
Eckhart's posted a video on YouTube showing the software on his own phone, recording keystrokes, search queries, texts and locations.
"The Carrier IQ application is receiving not only HTTP strings directly from browser, but also HTTPs strings," he says.
"HTTPs data is the only thing protecting much of the 'secure' internet. Queries of what you search, HTTPs plain text login strings (yuck, but yes), even exact details of objects on page are shown in the JS/CSS/GIF files above - and can be seen going into the Carrier IQ application."
Carrier IQ says its software is designed only to help carriers improve their network performance.
"While we look at many aspects of a device
Trevor Eckhart says he's uncovered a piece of spyware that monitors the phone's location even when location services are disabled, and which logs every keystroke. It ignores the 'Force stop' button and ins nearly impossible to remove, he says.
The software - which Eckhart describes as a rootkit, because of the way it's so hidden - comes from Carrier IQ, which initially threatened legal action against Eckhart, although it backed down when the Electronic Frontier Foundation intervened.
Eckhart's posted a video on YouTube showing the software on his own phone, recording keystrokes, search queries, texts and locations.
"The Carrier IQ application is receiving not only HTTP strings directly from browser, but also HTTPs strings," he says.
"HTTPs data is the only thing protecting much of the 'secure' internet. Queries of what you search, HTTPs plain text login strings (yuck, but yes), even exact details of objects on page are shown in the JS/CSS/GIF files above - and can be seen going into the Carrier IQ application."
Carrier IQ says its software is designed only to help carriers improve their network performance.
"While we look at many aspects of a device
