Thursday, July 11, 2013
Got an Android phone? You’ve got NSA software in it, but probably other spy software also
by Larry Geller
Yes, there is NSA-written software in Android phones, currently the majority of smartphones in circulation. But no, we are not supposed to be concerned.
This would not be the first time spy software was delivered with the Android operating system. See Carrier IQ below.
NSA Writes Code Used in Google Phone
The tech giant Google has confirmed the National Security Agency furnished some of the code installed in its new Android phone. The NSA says the code is intended to enhance security against hackers and marketers, but will not confirm whether it also aids the agency’s PRISM program monitoring the global Internet.
[Democracy Now, headlines, 7/11/2013]
The story has been out for a couple of days at least, and many reports go beyond the short Democracy Now headline. Most note that the software is open source and available for anyone to review. Still, there is the NSA refusal to say whether it is linked to PRISM.
For example, in this report, just one of the many hits Google comes up with on this subject:
Google spokeswoman Gina Scigliano confirms that the company has already inserted some of the NSA’s programming in Android OS. "All Android code and contributors are publicly available for review at source.android.com." Scigliano says, declining to comment further.
[zerohedge, The NSA Has Inserted Its Code Into Android OS, Or Three Quarters Of All Smartphones, 7/9/2013]
It looks like it will be up to us (the user community) to actually review the code, but on the other hand, how do we know that what we review is what’s in the phones? We’ve been duped before by the embedding of the Carrier IQ spy code (see below) which is likely still present in many devices. And really, why does the NSA want their code in our phones (one can be snarky and just say, “as if we didn’t know…”)?:
[NSA spokeswoman Vanee] Vines wouldn’t say whether the agency’s work on Android and other software is part of or helps with Prism. “The source code is publicly available for anyone to use, and that includes the ability to review the code line by line,” she said in her statement. Most of the NSA’s suggested additions to the operating system can already be found buried in Google’s latest release—on newer devices including Sony’s Xperia Z, HTC’s One, and Samsung Electronics’ Galaxy S4. Although the features are not turned on by default, according to agency documentation, future versions will be. In May the Pentagon approved the use of smartphones and tablets that run Samsung’s mobile enterprise software, Knox, which also includes NSA programming, the company wrote in a June white paper. Sony, HTC, and Samsung declined to comment.
What’s next on this story? Who will take action to review the code or to pressure manufacturers to get it out of our phones? Who is taking on this issue on behalf of users?
Your smartphone may already have had, and may still have, spy software installed by the manufacturer or the cell carrier. Carrier IQ software can be applied to the iPhone as well as the Android OS.
Legal actions against Carrier IQ
Commonwealth of Massachusetts (criminal and civil)
United States Department of Justice (criminal)
Federal Trade Commission (civil)
Sprint Nextel (civil)
JMLECS Umbrella Companies (criminal and civil)
Hagens Berman, California, class action (unknown)
Why lawsuits? Also from the Wikipedia article:
On November 12, 2011, Trevor Eckhart published a report indicating that Carrier IQ software was capable of recording user keystrokes.
I ran an app that is supposed to detect this spy software in my phone—and it came up positive, even though the software was supposed to be disabled.
Note: consensus among commenters (who may or may not really know what they are talking about) indicates that even though the software may be disabled, we do not know if it is still active in some way or what it may be able to do if triggered from the outside.
So have a look in your phone. Try that or another app to detect Carrier IQ. To disable it (if that’s really possible), some instructions say go to Settings, then Backup and Reset, then Collect Diagnostics. Chances are, you’ll see a big green check mark. This means your phone has been reporting on you. Uncheck it if you like. As you will read on that screen, manufacturers say it helps them diagnose problems with the phone. Your choice.
To completely remove the spy software would require rooting your phone, which usually voids the warranty and probably precludes receiving further operating system upgrades from your carrier. On the other hand, if you’re already rooted, you can google around to see how to remove Carrier IQ.
So should we be concerned with the revelation that there is NSA software in our phone? I think we should. On the other hand, given that many (most?) users may already have Carrier IQ active, the NSA has had the ability to get our data anyway. We are so spied on.