Smartphone Spyware Scandal Reaches Senate

A US Senator is demanding answers from a company accused of producing smartphone spyware. The firm, Carrier IQ, denies the accusation, and claims its software is designed solely for tracking service faults on the portable phones.

The software appears to be installed without consumer knowledge or permission on millions of the handsets. It's usually installed in rootkit form, before the customer takes possession, and is difficult for ordinary users to discover or delete.

Officially, the software is intended to track activity on the phone and report back to cellular networks. When faults are discovered, the network can look at the aggregated data and determine if a particular service problem is linked to a specific handset, network, operating system or application.

Expert: "Individual Keystrokes Tracked"

But security researcher Trevor Eckhart has posted a video that appears to show the software can track far more details than officially acknowledged, including the phone's physical location, websites the user has visited, and even individual keystrokes. (Source: androidsecuritytest.com)

Some analysts have further speculated the company may have unintentionally produced the software in a way that collects more data than intended. Carrier IQ has denied recording this type of data or collecting personal information.

It's not clear which phones have the software installed. AT&T and Sprint say they use it for tracking the performance of wireless networks, while Verizon says it does not.

Manufacturers HTC and Samsung say they have included it on handsets only where asked to do so by a network. Apple, Nokia and Research in Motion (RIM) say their handsets do not currently run the software.

Software May Breach Federal Laws

There has already been speculation that if Eckhart's claims are true, Carrier IQ and the networks concerned could be breaching U.S. wiretap laws. That has led to Senator Al Franken, who previously campaigned on cellphone privacy, to ask Carrier IQ for more details.

He wants to know exactly what data is collected, how it's transmitted, whether it's shared with third parties, how users can stop the collection of data, and whether Carrier IQ is confident it complies with federal laws. He has also questioned whether the company is taking adequate steps to protect the collected data from hackers. (Source: senate.gov)