Have you heard that every text message, every e-mail, every phone number, every keystroke made on a Google (GOOG) Android phone may be secretly recorded, logged and sent to your cellular provider by a tracking service called Carrier IQ?
No? That's a surprise, because it's a scandal that's been brewing for several weeks -- ever since security researcher Trevor Eckhart discovered Carrier IQ's analytics app on HTC phones running Android. The app comes pre-installed on more than 140 million handsets, including phones made by Samsung, Nokia (NOK) and Research in Motion (RIMM) -- but not Apple (AAPL).
Carrier IQ's first response was to have its lawyers send Eckhart a cease-and-desist letter (since withdrawn, with an apology). Its second was to issue a statement that its software does not record keystrokes and that any information it gathers is "encrypted and secured."
It didn't take long for Eckhart to put the lie to those claims. On Monday he posted a 17-minute YouTube video that takes viewers step by step through the set-up and then, at the 13:45 mark, shows Carrier IQ recording his keystrokes -- in clear text -- as he performs a supposedly encrypted HTTPS Google search.
"As violations of privacy go," writes ExtremeTech's Joel Hruska, one of a handful of reporters who has covered the story, "this makes Apple's 'locationgate' scandal from earlier this year look like nothing more than a minor hiccup."
On his Talk Show podcast Wednesday, Daring Fireball's John Gruber offered the fact that Carrier IQ-gate isn't headline news all over the world as proof of the media's anti-Apple bias. I wouldn't go that far; Apple probably gets more positive coverage that it deserves.
But I was struck by the workarounds Hruska offers Android users:
• Installing CyanogenMod, which removes the kernal hooks used by Carrier IQ's app
• Switching to an iPhone
"The CIQ software, as it currently functions," he writes, "blatantly violates both privacy agreements and security best practices. It's also the best reason to buy an iPhone that we've heard in months. Given the choice between a closed software ecosystem and an open phone that spies on its user, we'll take closed software every time."