Background: the web has been abuzz for the last week with talk of Caller IQ, a root-level application installed on millions of smart phones including most Android smart phones, BlackBerry units, and iPhones. Not all phones are affected, and at least Verizon has denied using Caller IQ on any of their phones, but there are plenty of phones which are.
The above video is a demonstration by Trevor Eckhart, the Android developer that discovered the application and publicized what it was up to–watch the video to get a better feel for the reach this application has.
The application has sweeping privileges and can access everything you do on your phone. Although cell providers have denied using the application for anything malicious the reality is that the app is quite capable of enabling deep level surveillance without any indication to the end user that their privacy is being compromised.
We don’t know about you, but we’re not comfortable taking the word of a company that they’re not accessing our private data, text messages, and other phone contents when Caller IQ makes it trivially easy to do so–and to remain completely undetected in the process. So the best case scenario is that your provider is not actively collecting data on you, but the Caller IQ rootkit is wasting precious battery life and clock cycles; the worst case scenario is that, unbeknownst to you, it’s radically compromising your privacy in ways you never authorized.
iPhone users have it easy; they can simply navigate to Settings -> General -> About -> Diagnostics and Usage and then toggle it to “Don’t Send”. Android users will need to dig much deeper: if you’re ready to check your phone and remove the Caller IQ installation (something you can’t do simply by uninstalling an app from your system menu as the carriers have made the application invisible to the end user) we highly recommend checking out Lifehacker’s thorough write up covering detection and removal at the link below.
Carrier IQ: How the Widespread Rootkit Can Track Everything on Your Phone, and How to Remove It [Lifehacker]
