Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Motorola secretly spies on Droid phone users every 9 minutes, collects personal data

Darlene Storm | July 4, 2013
A security engineer with a Motorola Droid X2 smartphone discovered that Motorola is silently slurping up personal info like passwords, GPS data from photos, email addresses, and usernames to name but a few.

Do you recall the privacy storm surrounding Carrier IQ after researcher Trevor Eckhart discovered it was secretly logging keystrokes and location information without notifying users as well as capturing passwords in clear text? After "Motorola cell phones are regularly phoning home" hit Hacker News, another person also tested a Motorola Photon 4G and claimed to have obtained similar results. It seems likely that other people will test their Motorola phones and a list of affected phones will emerge.

Details about Motoblur, its privacy policy, and how Motorola is tracking users' activities made some waves last year. Motoblur is used to push updates; it "is currently on Electrify/Photon 4G, Atrix 4G, Atrix HD, CLIQ/DEXT, Backflip, Devour, Flipout, Charm, Spice, Droid Pro, Filpside, DEFY, DEFY+, Bravo, Droid X, Droid 3, Droid 2, Droid Bionic, and Droid RAZR. The version found on the Droid X, Droid Pro, Droid 2, Droid Bionic, Droid 3, Electrify/Photon 4G, and DEFY is intended to be less intrusive than previous versions."

Lincoln clarified that "the Droid X2 does not use Motorola's 'Blur'/'MotoBlur user interface," which is one reason he picked that model. However his research indicates, "they've all been modified to silently send data to and/or through the Blur web-service back-end." He added, "There's no indication to the user that this is the case unless they do the sort of network capture that I did. There is no prompt to create or use a Blur user ID - the phone uses a randomly-generated Blur account for all of the behind-the-scenes activity." Please read his interesting and excellent write-up in full.

"I can think of many ways that Motorola, unethical employees of Motorola, or unauthorized third parties could misuse this enormous treasure trove of information," Lincoln wrote. "But the biggest question on my mind is this: now that it is known that Motorola is collecting this data, can it be subpoenaed in criminal or civil cases against owners of Motorola phones?"

Motorola has not officially responded to a request for comment. The company is probably hoping news about its new Moto X smartphone will drown out Lincoln's discovery. Good luck with that, Motorola. You have a lot of consumers and we want answers.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.