Motorola Collecting Immense Array of Private Data from Droid Phones

www.beneaththewaves.net/About/Ben_Lincoln.html of BeneathTheWaves.net has discovered a massive and ongoing intrusion into detailed private information of Motorola Android smartphone users.

The data collection is almost totally comprehensive. Full login credientials (usernames and passwords) for a wide array of email services and social networking sites. Email addresses of the phone user's contacts. Detailed usage statistics for all apps on the phone. The list goes on and on.

This is a HUGE, MASSIVE almost UNPRECEDENTED intrusion and it is being committed by one of the largest phone makers in the world. From Lincoln's exposé:

Begin quote:


Information that is definitely being collected

[list=1]The IMEI and IMSI of the phone. These are referred to as MEID and
MIN in the phone's UI and on the label in the battery compartment, but
IMEI and IMSI in the logs. I believe these two values are all that's
needed to clone a phone, if someone were to intercept the traffic.The phone number of the phone, and carrier information (e.g. Verizon).The barcode from inside the battery compartment.Applications included with the device as well as installed by the user.Statistics about how those applications are used (e.g. how much data each one has sent and received).Phone call and text message statistics. For example, how many calls have been received or missed.Bluetooth device pairing and unpairing, including detailed information about those devices.Email addresses/usernames for accounts configured on the device.Contact statistics (e.g. how many contacts are synced from Google,
how many Facebook users are friends of the account I've configured on
the device).Device-level event logs (these are sent to Google as well by a Google-developed checkin mechanism).Debugging/troubleshooting information about most activities the phone engages in.Signal strengths statistics and data use for each type of radio
included in the device. For example, bytes sent/received via 3G versus
wifi.Stack memory and register dumps related to applications which have crashed.For Exchange ActiveSync setup, the server name and email address,
as well as the details of the security policy enforced by that EAS
server.[/list]


End quote.

www.beneaththewaves.net/Projects/Motorola_Is_Listening.html

If YOU own and use a Motorola Android device, READ THAT WEB PAGE.

The bulk of testing was done on a Droid X2. As for other devices, testing so far is limited but the author states:

"My assumption (and it is just an assumption) is that most/all Motorola
Android devices released since their first Blur/MotoBlur model (the
CLIQ, I think?) incorporate one or more of the mechanisms I've
described, or similar mechanisms. For example, the Droid Razr Maxx I
mention above doesn't literally include the same binary-data-upload
mechanism as my Droid X2, but it does include one that provides at least
some of the same information to Motorola..."

This is no small matter. If you're thinking of buying a phone, beware of Motorola. If you own Motorola stock, I recommend selling.