Documents related to a Senate inquiry into Carrier IQ and its smartphone software reveal that Sprint is by far the company’s biggest carrier client in the United States. Sprint stated in a letter to Senator Al Franken, which is now public record, that Carrier IQ software is installed on more than 26 million of its handsets. A similar letter from AT&T states that the mobile tracking software is installed on 900,000 AT&T phones, but the carrier said it is only collecting data from approximately 575,000 of them. Both companies reaffirmed earlier statements claiming they only use Carrier IQ software for diagnostic purposes and not to gather private user data or to track subscribers. ”Sprint has not used Carrier IQ diagnostics to profile customer behavior, serve targeted advertising, or for any purpose not specifically related to certifying that a device is able to operate on Sprint’s network or otherwise to improve network operations and customer experiences,” Sprint wrote in its letter. AT&T made similar claims. A link to Senator Franken’s full response to the letters, which includes links to letters from Sprint, AT&T, Samsung and HTC regarding their use of Carrier IQ, follows below. Samsung states in its letter that Carrier IQ is installed on approximately 25 million of its smartphones, and HTC says roughly 6.3 million of its handsets shipped with the software pre-installed.

Read

New York University’s Polytechnic Institute has discovered a Skype security flaw that leaves Skype users’ locations and P2P sharing activity accessible to hackers. The security hole was discovered while NYU scientists monitored 10,000 Skype users and 20 volunteers during a two-week period. “A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud,” professor Keith Ross from computer science NYU-Poly’s computer science program said. Hackers can also keep track of a Skype user’s movements as he or she places calls from various locations. The scientists were able to follow a Skype user during a vacation from New York to Chicago and then all the way home to France, Financial Post explained. “A fairly straightforward and inexpensive fix would prevent hackers from taking the critical first step in this security breach – that of obtaining users’ IP addresses through inconspicuous calling,” the scientists said. Skype chief information officer Adrian Asher said his company will work to improve the security of Skype’s software. 

Read

Apple, HTC, Samsung, Motorola, AT&T, Sprint, T-Mobile and Carrier IQ have been sued in a federal court by what the lawyers involved have deemed a “cell phone tracking software scandal.” Law firms Sianni & Straite LLP, Eichen Crutchlow Zaslow & McElroy LLP, and Keefe Bartels L.L.C. have jointly filed a class action complaint in a Delaware Federal Court related to the “unprecedented breach of the digital privacy rights of 150 million cell phone users.” The complaint suggests that the aforementioned carriers and vendors violated the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act. The suit of course refers to the companies’ use of Carrier IQ, the carrier and vendor-implemented cell phone spyware discovered recently on a number of handsets from multiple manufacturers. Read on for more.

Carrier IQ’s software is intended to be a “Mobile Service Intelligence solutions that have revolutionized the way mobile operators and device vendors gather and manage information from end users” according to the company, but cell phone users are up in arms now that the software’s capabilities have once again been widely covered across the press and on blogs. Carrier IQ software fell under the spotlight to a lesser degree back in September when the software was discovered on Sprint devices. A number of lawsuits have been filed since then, including a complaint flied last week against HTC, Samsung and Carrier IQ.

“This latest revelation of corporate America’s brazen disregard for the digital privacy rights of its customers is yet another example of the escalating erosion of liberty in this country,” David Straite, one of the lawyers leading this crusade, said in a statement. ”We are hopeful that the courts will allow ordinary customers the opportunity to remedy this outrageous breach.” His co-counsel Steve Grygiel added, ”Anyone who cares at all about their personal privacy, or the broader constitutional right to privacy, ought to care and care a great deal about this case.” The firms’ joint press release follows below.

Apple, HTC, Samsung, Motorola, AT&T, Sprint, T-Mobile and Carrier IQ Sued in Delaware Federal Court in Cell Phone Tracking Software Scandal

WILMINGTON, Del., Dec. 2, 2011 – The law firms of Sianni & Straite LLP of Wilmington, DE, Eichen Crutchlow Zaslow & McElroy LLP of Edison, NJ, and Keefe Bartels L.L.C. of Red Bank, NJ, have today filed a class action complaint in Federal Court in Wilmington, Delaware related to the unprecedented breach of the digital privacy rights of 150 million cell phone users.  The complaint asserts that three cell phone providers (T-Mobile, Sprint and AT&T) and four manufacturers of cell phones (HTC, Motorola, Apple and Samsung) violated the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act.

The carriers and manufacturers were caught last month willfully violating customers’ privacy rights in direct violation of federal law.  A technology blogger in Connecticut discovered that software designed and sold by California-based Carrier IQ, Inc. was secretly tracking personal and sensitive information of the cell phone users without the consent or knowledge of the users.  On Nov. 30, 2011, the United StatesSenate Committee on the Judiciary said in a letter to Carrier IQ that “these actions may violate federal privacy laws.”  It added, “this is potentially a very serious matter.”

David Straite, one of the attorneys leading the action, noted “this latest revelation of corporate America’s brazen disregard for the digital privacy rights of its customers is yet another example of the escalating erosion of liberty in this country.  We are hopeful that the courts will allow ordinary customers the opportunity to remedy this outrageous breach.”  Steve Grygiel, co-counsel for the proposed class, agreed: “anyone who cares at all about their personal privacy, or the broader constitutional right to privacy, ought to care and care a great deal about this case.”  Barry Eichen added, “today’s comment from Larry Lenhart, CEO of Carrier IQ, that his software is somehow good for consumers starkly demonstrates what is at stake.”

A copy of the Class Action Complaint in Pacilli v. Carrier IQ, Inc. can be viewed on the Firms’ websites at www.siannistraite.com, www.keefebartels.com, and www.njadvocates.com.

Plaintiffs are represented by Sianni & Straite LLP, a Delaware-based litigation firm with a branch office in New York, Keefe Bartels LLC, a New Jersey-based plaintiffs’ rights trial law firm, and Eichen Crutchlow Zaslow & McElroy LLP, a leading plaintiffs firm with three offices in New Jersey.

Microsoft has updated its Windows Phone platform to address what is now presumed to have been a bug that caused phones to gather location data before a user opted in to such services. Windows Phone developer Rafael Rivera last week revealed that Microsoft’s mobile platform was exhibiting behavior that directly contradicted earlier claims the company made to the United States government. Microsoft’s new “Mango” update, however, appears to have remedied the matter. Read on for more.

“Microsoft only collects information to help determine a phone’s approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data,” Microsoft said recently in a letter to the U.S. House of Representatives. Meanwhile, Rivera discovered that Windows Phone devices began collecting and transmitting “pin-point accurate positioning information” before users were even given the option to opt into such a service.

This behavior now appears to have been a bug. Rivera analyzed the latest version of Windows Phone currently being pushed out to smartphones around the world, and he found that the new OS no longer collects location data until users opt in.

“I have confirmed that Windows Phone ‘Mango’ no longer sends location data prior to being granted permission to do so,” Rivera wrote in a blog post earlier this week. “The behavior I’m now seeing is perfectly aligned with Microsoft’s letter to the U.S. House of Representatives.”

Pending lawsuits against Microsoft surrounding the collection of location data will no doubt continue, but it appears as though Windows Phone’s collection of positioning data is now completely transparent and in line with descriptions provided in the terms of use.

Apple has repeatedly accused Samsung of “copying” its products, but it looks like Microsoft is now the one following Apple’s lead. A class action lawsuit filed in Seattle on Wednesday accuses Microsoft of unlawfully tracking users of smartphones that run the company’s emerging Windows Phone 7 operating system. According to the complaint, the camera application in Microsoft’s Windows Phone software continues to track users’ locations and transmit that data to Microsoft even if users opt-out of Windows Phone’s tracking and feedback functions. The class action suit seeks an injunction as well as punitive damages. Earlier this year, Apple was caught tracking iPhone and iPad users’ locations and storing them in a hidden file on the devices. Apple would go on to state that the issue was caused by a bug, and the Cupertino-based company quickly issued a software update to remedy the problem. Numerous complaints were filed as a result of the scandal however, and while damages have been minimal so far, several cases are still outstanding.

Read

Apple has been fined by South Korea’s telecommunications regulator following the “Locationgate” scandal that caused public outrage earlier this year, Dow Jones reports. This marks the second time Apple has had to pay penalties resulting from the iOS location-tracking snafu. A South Korean lawyer sued Apple and was awarded $1 million won, or approximately $945 at the time, by a court this past June. It was discovered in April that the iPhone and some iPad models were secretly tracking users and storing their locations in a local file. Apple determined that a software bug was responsible for the collection of location data, and it promptly issued a fix. The damage had already been done, however, and lawsuits were filed. Apple’s prompt attention to the matter likely limited the damage, and Wednesday’s fine levied by the Korea Communications Commission is the first penalty we’ve seen issued by a regulatory body. So what’s the damage this time around? $3 million won, or approximately $2,829.

Read

Following the “Antennagate” scandal that cost Apple zero sales last year, a new “Locationgate” scandal took the media by storm earlier this year that ultimately cost Apple zero sales. It was discovered in late April that the iPhone and 3G-equipped iPads were secretly tracking and storing users’ locations. Apple issued a statement seven days later, claiming the culprit was a bug that would be addressed as soon as possible. Apple also said that it does not track its users or their locations. Some people tend to take things more personally than others — or perhaps they’re out for a quick buck — so lawsuits were inevitable. Thus far, just one single complaint related to Locationgate has resulted in a payout from Apple, and it was awarded to South Korean man Kim Hyung-suk this past May, Reuters reports. What was the damage? 1 million won, which translates to a whopping $945. Kim, a lawyer, said Apple sent the payment last month.

Read

Consumer electronics tracker NPD Group on Thursday released its tallies for the U.S. gaming industry, revealing continued console sales growth and rebounding software sales. Last month, sales of video game software dipped to $735.4 million from $875.3 million in March 2010. While sales shrank sequentially, as they do in April in many industries, gaming software jumped 26% from $398.5 million in April 2010 to $503.2 million last month. Microsoft’s Xbox 360 was the best-selling console in April, having climbed 60% year-over-year to 297,000 units. Sales of Sony’s PlayStation 3 grew 13% to 204,000 units and Nintendo sold 174,000 Wii consoles, a 37% decline compared to April 2010. Mortal Kombat 2011 was the best-selling software title in April, having sold over 1 million units including standard games and special editions. Portal 2, Lego Star Wars III, Call of Duty: Black Ops, and Tiger Woods PGA Tour 12: The Masters rounded out the top five titles.

Read

In an effort to be “clear and transparent” with its customers and the government, Verizon Wireless has sent a letter to Congress detailing plans on how it will better inform consumers about location data collection on their smartphones. The wireless carrier will soon apply a removable stickers to its devices with the following warning:

“This device is capable of determining its (and your) physical, geographical, location adn can associate location data with other customer information. To limit access to location information by others, refer to the User Guide for Location settings and be cautious when downloading, accessing, or using applications and services.”

Verizon Wireless will also issue alerts more clearly in its V CAST applications, some of which can be used to track family members or friends voluntarily. It confirmed that it does not sell or rent out personal user information, and that user habits are only used for internal marketing purposes. Verizon says it only collects location data for “various service and operational purposes,” and that it uses the data to ensure customers have solid call and data quality. Hit the jump for a full PDF of Verizon’s letter to Congress.

[Via Phone Scoop]

Read (PDF)

Break out your tin foil hats, people — they’re out to get you. Apple finally issued a statement on Wednesday regarding the recent uproar over iOS devices tracking their owners’ locations, but a new report from The Wall Street Journal will ensure that consumers can continue to cry foul. According to the WSJ, Apple and Google both track users’ locations not only using mobile devices, but also using computers. Apple allegedly collects location information each time its Mac computers scan for wireless networks, and Google is said to collect location data from Wi-Fi connected computers that use its Chrome browser or its search toolbar plug-in with other browsers. The report notes that it is unclear how Apple and Google use this data, and it says in “most cases” the location tracking services are opt-in.

Read

Apple has finally broken its week-long silence over the location-tracking database scandal surrounding iPhones and 3G iPads running iOS 4 and higher. The company states that it never has, and never plans to, track users’ iDevices, and that the purpose of the database file in question — consolidated.db — is to “help your iPhone rapidly and accurately calculate its location when requested.” The company noted that a software update will limit the size of the location file and be available in the next few weeks — the next major iOS release will add a layer of encryption to the file. Apple’s full statement is after the break. Have a look and let us know what you think.

Apple Q&A on Location Data

CUPERTINO, Calif.–(BUSINESS WIRE)–Apple would like to respond to the questions we have recently received about the gathering and use of location information by our devices.

1. Why is Apple tracking the location of my iPhone?
Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.

2. Then why is everyone so concerned about this?
Providing mobile users with fast and accurate location information while preserving their security and privacy has raised some very complex technical issues which are hard to communicate in a soundbite. Users are confused, partly because the creators of this new technology (including Apple) have not provided enough education about these issues to date.

3. Why is my iPhone logging my location?
The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.

4. Is this crowd-sourced database stored on the iPhone?
The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone. We plan to cease backing up this cache in a software update coming soon (see Software Update section below).

5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

6. People have identified up to a year’s worth of location data being stored on the iPhone. Why does my iPhone need so much data in order to assist it in finding my location today?
This data is not the iPhone’s location data-it is a subset (cache) of the crowd-sourced Wi-Fi hotspot and cell tower database which is downloaded from Apple into the iPhone to assist the iPhone in rapidly and accurately calculating location. The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don’t think the iPhone needs to store more than seven days of this data.

7. When I turn off Location Services, why does my iPhone sometimes continue updating its Wi-Fi and cell tower data from Apple’s crowd-sourced database?
It shouldn’t. This is a bug, which we plan to fix shortly (see Software Update section below).

8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data?
Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.

9. Does Apple currently provide any data collected from iPhones to third parties?
We provide anonymous crash logs from users that have opted in to third-party developers to help them debug their apps. Our iAds advertising system can use location as a factor in targeting ads. Location is not shared with any third party or ad unless the user explicitly approves giving the current location to the current ad (for example, to request the ad locate the Target store nearest them).

10. Does Apple believe that personal information security and privacy are important?
Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy.

Software Update

Sometime in the next few weeks Apple will release a free iOS software update that:

• reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
• ceases backing up this cache, and
• deletes this cache entirely when Location Services is turned off.

In the next major iOS software release the cache will also be encrypted on the iPhone.

Read

Might as well let other major mobile operating system manufacturers in on the location-tracking scandal fun, no? While Apple, and to a much lesser extent Google, have come under fire for their phone location storage practices, other major OS manufacturers have been silent. We’re not sure being the “squeaky wheel” would pay dividends in this instance. That hasn’t stopped the media from asking, however, and CNET posed the question to Microsoft: what do you track?

“Microsoft says its operating system transmits the MAC address of the Wi-Fi access point (but not the name), signal strength, a randomly generated unique device ID retained for an unspecified limited period of time, and, if GPS is turned on, the precise location and direction and speed of travel,” writes CNET. “That happens when the ‘application or user makes a request for location information,’ the company says.”

CNET has a laundry list of questions for Microsoft that remain unanswered. The current location brouhaha now has the attention of the courts and some distinguished members of the United States Congress — so we’re betting most major mobile operating system manufacturers will be answering questions in an official capacity in the near future.

[Via WPCentral]

Read

The recent rediscovery that Apple’s iPhone is tracking and storing users’ locations — after users all agreed to let Apple track, store and use their locations, of course — has caused quite an uproar. Unlike the last time this was discovered, the ordeal continues to make news nearly a week later instead of being forgotten immediately. In this latest round of outrage, The Wall Street Journal has revealed that Apple’s iPhone continues to collect and store users’ locations even when location services are disabled. The Journal believes that the data is collected using data from cell towers and Wi-Fi hotspots as the iPhone communicates with them. This, too, is well within Apple’s rights — and the rights of other cell phone makers — but the revelation is still likely to result in a new round of chatter. Additional reports reveal that government bodies in several countries including South Korea, France and Germany are investigating Apple’s location-tracking practices, and they will likely make formal inquiries once they have enough information t0 do so.

Read

It was only a matter of time. Apple, Inc. has been named as a defendant in a federal district court suit over the iPhone and iPad 3G location tracking scandal — at this point we think it’s safe to refer to it as such. The Cupertino company’s silence over the past week has only intensified rumors and speculation that Apple is, somehow, using this harvested data in a clandestine or nefarious manner. Bloomberg notes that the lawsuit was filed in Tampa, FL by two consumers and, at this point, it is unknown if the duo will seek class action status. Details on the case are scarce at the moment, but we’re sure this isn’t the last we’ll be hearing about this one.

Read

On Wednesday, researchers from O’Reilly claimed to discover a tracking feature in iPhones and 3G iPads that reportedly sent location data back to Apple. Another researcher, this time from Katana Forensics, says otherwise. “Apple is not harvesting this data from your device,” said Kata Forensics lead engineer Alex Levinson. “This is data on the device that you as the customer purchased and unless [O'Reilly] can show concrete evidence supporting this claim – network traffic analysis of connections to Apple servers – I rebut this claim in full. Through my research in this field and all traffic analysis I have performed, not once have I seen this data traverse a network.” Levinson argues that the “hidden tracking file” is neither new nor a secret. He wrote about it in a book by Sean Morrissey titled iOS Forensic Analysis, which was published on December 5th, 2010, and says that the collected data is simply used by native iOS apps like Maps and Camera. If you’re still worried Apple is collecting the info – that you likely agreed to provide anyway — Levinson even cites a California state law that says: “No person or entity in this state shall use an electronic tracking device to determine the location or movement of a person.” Hit the jump for more from Alex Levinson.

[Via The Loop]

Read