In March of 2011 Twitter and the FTC reached a settlement
brought on by Twitters gross negligence in the protection of private
information they were responsible for.
Also in March of 2011 The FTC and Google reached a
settlement brought on by Google’s deceptive practices and violations of privacy
policies in the launch of Buzz. In a nutshell, Google abused the access to
Gmail user’s contact information to expose confidential information without consent
or approval of the users.
In November 2011 Facebook reached a settlement agreement
with the FTC because Facebook abused its access to consumer data.
In all of these cases what is clear is that these are
companies who through incompetence, greed, or malice have demonstrated that
they cannot be trusted to keep their word and deal with consumers data with honesty,
respect and integrity. Personal information entrusted to these companies cannot
be expected to remain as confidential as promised.
The big buzz in the Android space is Carrier IQ. Carrier IA
is a company that makes a rootkit that secretly records a ton of private information.
It really isn’t just Androids, many iPhones have the software and reportedly so
do Blackberrys.
So who is in the company of these privacy deficient companies?
Why T-Mobile, of course. T-Mobile almost certainly is not the only carrier to
share their bed and perhaps your intimate thoughts with these strange
bedfellows, but I have a T-Mobile phone, so I report from experience.
Facebook, Twitter, and Gmail came pre-installed on my HTC
MyTouch 4G Slide and regardless of the track record of these companies,
T-Mobile refuses to let users remove these applications. In all fairness there
are also other applications that are useless to many users, but look a lot like
spyware and T-Mobile will not allow the removal of the applications. T-Mobile
also never obtained informed consent from consumers to share data with these companies
through their ad supported software. In other words, T-Mobile installs software
that may be siphoning off private information without informing the consumer or
obtaining consent.
Ironically, Carrier IQ is one of the few programs that might
be actually doing something required to improve the functionality of the
devices it is installed on and that is the focus of class action lawsuits and
congressional investigation. It really is a travesty. The class action lawsuits
and congressional investigations need to be focused on carriers forcing
consumers to disclose confidential information without notification, consent,
or the ability to remove invasive software that is not required for
functionality.
In the coming days I will report on some other applications
that appear to be preinstalled spyware. One such application is a demo of
Bejeweled 2. I am to have a conversation with an executive from Electronic
Arts today to discuss my concerns that Bejeweled 2, the demo version that is
preinstalled on my phone, may be spyware. I look forward to a respectful and
informative conversation and will report back the results. It may take a while
as the executive may need to do some research into why some things are designed
the way they are and what, if any, corrective actions might be taken.
The bottom line is that Carrier IQ has made people look the
wrong way so they you don’t see the potentially massive data leaks form the
software on your phone that is in plain sight.
Yes T-Mobile, those known to be some of most egregious violators
of privacy and respect are the company you keep and appear to emulate.
It really is time for the FTC and congress to take an
informed look at mobile providers and cell phone manufacturers. Carrier IQ is
the tip of the iceberg.
Randy Abrams
Independent Security Analyst
Updated: Electronic Arts, rather than Entertainment Arts. Thanks for the heads up Jon Poon!
Updated: Electronic Arts, rather than Entertainment Arts. Thanks for the heads up Jon Poon!
Good stuff, my Jedi friend!
ReplyDelete