quote: If your research is accurate, I can't see how carrier IQ can really be expected to take the blame for this. They write the tools, and HTC interfaces them incorrectly. I would in fact say your tank analogy is backwards: Carrier IQ made a main gun that works fine, and when the main contractor integrated it they messed up and a specific combination of speed and shock causes the tank to signal the gun to fire. Yes it was the gun that fired, but it was the implementation that was at fault, not the gun. Expecting a logging and tracking software to parse its commands to determine which would be valid debugging where they might want to see plaintext information vs when it shouldn't be logging really doesn't seem like their problem. If the HTC OS build is telling Carrier IQ to log sensitive data, it falls on HTC.
quote: performs functions beyond those needed to provide the service I contracted with them for
quote: Failure to do this [ask permission] makes the software spyware at best, malware at worst.
quote: They should be renting them instead.
quote: the "false dichotomy" that you either can have this spyware software on your phone or you can have crappy service,
quote: AgentService.this.result = Controller.IQInit();
quote: Intent localIntent = (Intent)paramMessage.obj;
quote: When a code library is written and given to another person to implement, it is 100% this other person's choice how to implement the library. While the original writer will often give samples showing a sample implementation or even in a few cases, help the implementer directly, it is always the implementer's responsibility to verify that the implementation is appropriate for their intended use.To say Carrier IQ cares any blame for how HTC implemented their code is incorrect, as they had no control (and probably no knowledge) over how HTC decided to implement their code.
quote: That leads me to believe that the code in question is a reference design, originally written by Carrier IQ, but modified by HTC. I could be wrong on that hypothesis.If this was the case, would your perspective change?
quote: The problem? The debug flag is set in the production build.