Security Researchers Back Carrier IQ

Interesting report by David Sarno, writing for the LA Times:

But security researchers have disagreed with conclusions drawn from Eckhart’s analysis.

“It’s not true,” said Dan Rosenberg, a senior consultant at Virtual Security Research, who said the video shows only diagnostic information and at no point provides evidence the data is stored or sent back to Carrier IQ. […]

Instead, the readouts on Eckhart’s video that occur when he presses keys are “debugging messages” — informational feedback meant to help smartphone programmers verify that their applications are working correctly. In this case, Carrier IQ’s developers appear to have set up the program to display a diagnostic message when a key is pressed or when a text message is sent.

My question, after reading this: Do other apps on the device have read access to these debugging logs? Can App A read the keystrokes you typed in App B, because behind the scenes Carrier IQ’s daemon was logging those key presses?

Friday, 2 December 2011