Latest Android news, applications and forum discussion

Send Us Tips!

Sep

1

2011

Is Your HTC Sensation and EVO 3D Watching Your Every Move?

4

by Harold Williams
tagged , , , , , , , ,

Privacy concerns and security holes are nothing new and are to be expected with anything software driven (as long as they are patched up quickly). To name a few from the past, we had reported a security hole in the Sense UI that had to do with the Bookmarks widget. How about another one for the Droid X right here. Today, it looks like our fingers are going to be pointed at HTC who seems to have added something behind the scenes within the latest Gingerbread OTA. The current targets are the Sensation and the EVO 3D thanks to information from Phandroid and TrevE on XDA. Hit the break for the full story.

The story goes like this. A common system app in the Sense UI named CIQ is sporting a new feature called “User Behavior Logging.” This already sounds bad doesn’t it? Well, it turns out this app is recording your every move including what apps you are installing, how long your using your apps, your locations data, and more. There are also features hidden in the framework itself that’s doing some logging of its own. All of this logged information is being sent up to the cloud for HTC to do as they please with it. Check out some of the code yourself below.

1 = ("com.htc.feedback", "feedback_usageOpt")
2 = ("com.android.browser", "user_action")
3 = ("com.android.htccontacts", "contact_type")
4 = ("com.android.htccontacts", "group_info")
5 = ("com.android.mms", "message_send")
6 = ("com.android.mms", "message_receive")
7 = ("com.android.mms", "message_count")
8 = ("com.android.phone", "user_action")
9 = ("com.android.phone", "settings_quietRing")
10 = ("com.android.phone", "settings_pocketMode")
11 = ("com.android.phone", "settings_flipForSpeaker")
12 = ("com.android.phone", "edit_b4_call")
13 = ("com.futuredial", "transfer_data")
14 = ("com.htc.album", "storage")
15 = ("com.htc.android.htcime", "press_duration")
16 = ("com.htc.android.htcime", "UDB_words")
17 = ("com.htc.android.htcime", "special_correction")
18 = ("com.htc.android.htcime", "WCL_cnt")
19 = ("com.htc.android.htcime", "duration_SIP")
20 = ("com.htc.android.htcime", "lang_key")
21 = ("com.htc.android.htcime", "voice_key")
22 = ("com.htc.android.htcime", "set_CIME")
23 = ("com.htc.android.htcime", "duration_SIP")
24 = ("com.htc.android.htcime", "user_action")
25 = ("com.htc.android.htcime", "waiting_time")
26 = ("com.htc.android.htcime", "fuzzy_pinYin")
27 = ("com.htc.android.htcsetupwizard", "is_sysTimeChanged")
28 = ("com.htc.android.htcsetupwizard", "feedback_usageOpt")
29 = ("com.htc.android.mail", "mail_count")
30 = ("com.htc.android.mail", "update_schedule")
31 = ("com.htc.android.mail", "default_mailsize")
32 = ("com.htc.android.mail", "widget_clickcount")
33 = ("com.htc.android.mail", "EAS_success")
34 = ("com.htc.launcher", "layout")
35 = ("com.htc.launcher", "scene")
36 = ("com.htc.launcher", "user_action")
37 = ("com.htc.launcher", "app_launch")
38 = ("com.htc.launcher", "leap_view")
39 = ("com.htc.launcher", "skin_picker")
40 = ("com.htc.music", "storage")
41 = ("device_status", "battery")
42 = ("device_status", "battery_low")
43 = ("device_status", "bluetooth")
44 = ("download_manager", "download")
45 = ("system_server", "application_launch")
46 = ("system_server", "activity_launch_history")
47 = ("system_server", "MRU_click")
48 = ("system_server", "activity_tabCount")
49 = ("system_server", "tab_index")
50 = ("system_server", "app_uninstalled")
51 = ("system_server", "launcher_downloaded")

Now, before you freak out completly, it’s also pointed out by Phandroid that this behind the scenes logging is agreed to by the user. You can take a look for yourself by going to Settings -> About Phone -> Legal -> HTC Legal on your device. ROMs will be removing this, but should you really have to go that route to remove this logging? Personally, if my phone is going to do this, it better pop something right up and at least let me know. I would walk right away from purchasing one of these phones if that was the case. If you want to use me for statistics and user behaviors you better show me a pay check or get lost (or discount your device to me in return). Let us know what you think about this right down there in the comments.

[via phandroid]

» See more articles by Harold Williams

Categorized as Android Manufacturers, Android News, Android Phones, Android Security, Android Software

Comments

  • Justin

    Well I am getting bored with my galaxy s and was thinking my next phone would for sure be a HTC until I read this article. Guess I will be sticking with the vibrant for now :(

  • John

    Personally don’t really care what they add.
    I run CM7 on my phone.

    Just goes to show you, don’t buy a phone unless you can root it and install a good AOSP ROM on it.

  • Curt

    Unfortunately, this is becoming a reality in life. The more functions our phones can do, the more data the manufacturer wants from the phone.

    One use is to see what people are using the most, and gear future phones towards those trends.

    Another use is that they want sensitive information that we would not give up if given the chance.

    Face it, this is just as bad as targeted ads using cookies to see where we have been. The ability to track people is too juicy to not to try.

  • Randy

    If giving all that info means I would get updates to Sense down the road that make my phone work better for me?

    Sure, I’m in. I’ll agree with that. As long as they are complying with Canadian privacy laws about retention and security on private information, that is…otherwise they can be sued and forced to comply, just like facebook was.