Sen. Al Franken this week said he is still "very troubled" by the technology deployed by Carrier IQ despite the fact that the company—as well as AT&T, Sprint, Samsung, and HTC—released details about how they use Carrier IQ software.
"People have a fundamental right to control their private information," Franken, a Minnesota Democrat, said in a statement. "After reading the companies' responses, I'm still concerned that this right is not being respected."
Of particular concern was the fact that Carrier IQ was receiving the contents of users' text messages after say it did not, as well as the software's ability to collect online search data.
"There are still many questions to be answered here and things that need to be fixed," Franken said.
"We appreciate Subcommittee Chairman Franken's continued interest in protecting consumer privacy and look forward to our ongoing dialogue with the Senator to answer his additional questions," Carrier IQ said in a statement.
UPDATE: Microsoft responded to our request for comment with the following statement from a spokesperson, which indicates that the company regards the "xbox dump" user information as a minor phishing incident, not a major network breach:
"We do not have any evidence the Xbox Live service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats. However, we are aware that phishing attackers will occasionally post small lists of victims on public channels, and we will work directly with the impacted members to resolve any unauthorized changes to their accounts. As always, we highly recommend our members follow the Xbox Live Account Security guidance provided at www.xbox.com/security to protect your account."
Microsoft may be sweating out a possible rehash of Sony's PlayStation Network nightmare from earlier this year if an anonymous posting of dozens of purported Xbox Live Gamertags and passwords is what it claims to be.
We've seen an anonymous Pastebin.com data dump called "xbox dump" posted Monday that contains more than 90 supposed gamertags, most with associated email addresses and passwords.
Microsoft had yet to respond to a request for more information and it couldn't be confirmed Tuesday if the Pastebin document contained real Xbox Live user information. Even if a number of Xbox Live members had their private information compromised somehow, it obviously would remain to be seen if the "xbox dump" document was part of a larger security breach or just a one-off affair.
Users with the EVO 4G, EVO 3D, EVO Shift 4G, EVO Design 4G, EVO View 4G, and HTC Wildfire S will receive an over-the-air update starting today; users can manually install the update right away.
"Sprint worked closely with HTC after reports emerged of a potential issue that could allow malicious third-party apps to compromise data on Android devices made by HTC," the carrier said in a statement. "We urge all users to install the update promptly."
You know how they say that you shouldn't put all your business out there on the Internet, especially nothing that you wouldn't want to fall into the wrong hands? TakeThisLollipop grabs onto this concept and takes it to the next spooky level by connecting to your Facebook account and creating a short movie based on you. We won't ruin it, but it's definitely a cool trick, and we enjoyed viewing the results when we did it.
Redbox is trying to get Americans off their streaming movie services and down to the local kiosk on August 25th with a free DVD rental.
The movie-rental kiosk service is attempting to lure existing customers down to the local grocery with the free DVD rental, normally worth just a buck. And there's a catch, as well as a bonus.
The offer was emailed on Sunday. Redbox officials weren't available for comment over the weekend.
So far, Redbox hasn't indicated how many customers will receive the free code, or if it applies to frequent customers, occasional customers (like or family) or new, potential additions. The catch? Each user needs to access the code via Facebook, and signing in allows Redbox to access your personal information, including your Likes, and post an update(s) to your Wall.
TomTom has apologized for selling user data from personal navigation devices to police.
It wasn't exactly a surprise. When Netherlands-based TomTom reported weak first quarter earnings earlier this year, it said it would try to supplement earnings through certain methods like selling traffic data to governments.
But when Dutch newspaper Algemeen Dagblad revealed that the information was obtained by Dutch police, who used it set targeted speed traps, people got upset.
But TomTom CEO Harold Goddijn said the company only had the best of intentions, because the company believes it "can help make roads safer and less congested."
Today Apple released a Q&A about the location data that's stored on the iPhone. In the statement, the company says broadly that it does not track the iPhone's location, and that the data, which is currently stored in an unprotected file, will be encrypted in the next major update of iOS.
In the statement, Apple admits that iPhones send location data to Apple to maintain a crowd-sourced database of Wi-Fi hotspots and cell phone towers, as many have suspected. However, the company says the locations recorded can be up to 100 miles away from the where the phone actually is, and that the data is sent anonymously.
Apple further explains that it's creating the database to provide better location services on the phone. By using the crowd-sourced locations of cell towers and hotspots, the phone can more quickly locate the user than if it were using GPS satellite data alone. Putting the entire database on every user's phone would be untenable, though, so an iPhone requesting location services accesses a subset, or cache, of the database. It's this data, not necessarily data specifically generated by the user, that's stored in the unencrypted file, "consolidated.db."
At the same time, though, the company effectively admits that retaining such a lengthy and comprehensive location record on the phone—ever since the user upgraded to iOS 4, or about a year for most users—is unnecessary to maintain such a database. Also, backing the file up to a user's computer is clearly not needed either. Apple says it plans to do four things in the next major update of iOS:
Microsoft has confirmed that Windows Phones don't store location history in a manner similar to the iPhone, which records the location data in an unencrypted file. The news that some iOS devices keep location data came to light last week, although
Microsoft told us unequivocally that phones running Windows Phone 7 do not store location history. Like most other phones, the platform offers plenty of location-based apps, and those apps require user consent before they begin tracking. Windows Phones also offer the common feature of a "global switch" that lets the user disable all location services, and Microsoft says its "Find My Phone" service keeps only the phone's most recent location.
We also contacted Nokia, RIM, Google, and HP about how the companies' mobile platforms store location data, and none, save Microsoft, have responded. It's been confirmed independently that Google Android also tracks and stores location data.
Coverage of the iPhone tracking "feature" has ranged from concern to outrage. "I don't know about you, but the fact that this feature exists on an iPhone is a deal-killer," wrote PCMag Columnist John Dvorak, shortly after news broke. Editor Dan Costa drew a softer line, writing, "Apple may not be actively tracking you, but it did turn your phone into a tracking device without telling you."
I'm not about to give Apple a pass on disclosure or execution. Who combs through an Apple privacy statement when the latest iOS software awaits? And, to "collect" and "share" user data is one thing; to retain it in an unprotected file is quite another.
However, I think it's important that, with a few days' hindsight, we move beyond the bombast, pin down the facts, and see what's actually there. To do this, I've taken a close look at what's at risk and, in empirical spirit, borrowed fellow PCMag software analyst Jeff Wilson's iPhone 3GS to see what I could learn of the man and the travels using Pete Warden's iPhoneTracker app.
A pair of mobile forensic researchers who independently identified a location tracking system on the iPhone 4 several months before it was publicized earlier this week say that law enforcement agencies are currently using data from a hidden iOS file called "consolidated.db" in criminal investigations.
Evidence from the location tracking database stored on iPhones "has been used in actual criminal investigations and yes, it's led to convictions," said Alex Levinson, a Rochester Institute of Technology researcher and technical lead for iOS forensics consultant Katana Forensics.
But Levinson and Christopher Vance, a Marshall University digital forensics specialist, also contend that Apple probably included the technology in its iOS operating system to deliver location-based services like iAds rather than to create dossiers on the whereabouts of iPhone users.
A great deal of buzz has surrounded a Wednesday O'Reilly Radar blog post by researchers Pete Warden and Alasdair Allan that highlighted a hidden file on iOS devices like the iPhone and iPad which includes latitude-longitude coordinates and a timestamp to track where such devices have been geographically and when.
But Warden and Allan apparently weren't the first to discover the file.