Trevor Eckhart, a Torrington security researcher, has set off a firestorm over his allegations that a diagnostic software company, CarrierIQ, is capturing the content of text messages and other personally identifiable information on hundreds of millions of mobile phones running the Google Android operating system.

Eckhart alleged that the Carrier IQ software is often enabled by default on many phones, running as a “rootkit” that does not show up on a list of active tasks running on the device.  Further, he showed that the software has the potential to transmit personally identifiable information back to carriers and/or manufacturers, including text messages, location data, and URLs of websites visited.

Eckhart’s findings raised concerns that the data collected could be linked to specific users should carriers choose to collect information in that manner.  Additionally, Eckhart discovered the software has the ability to log individual keystrokes and that it could capture private data sent to secure websites prior to the information being encrypted and transmitted.

Click here to continue reading Lon’s report.