TL;DR - On a Sprint HTC Android phone, an app is running without the user's knowledge, which cannot be disabled, which monitors nearly everything you do, down to keypresses, and reports back to the third-party company CarrierIQ, which presumably shares it with the carrier for QoS. Alarmingly, it includes even HTTPS passwords, even when you're connecting over WiFi.
The MitM attack inserted into the HTTPS implementation is the most depressing part. I'm just stunned that serious people would have ever agreed to this. Now how long until an on-device attack against CiQ compromises real data?
I think you mean it includes HTTPS URLs. At least from the video, there doesn't seem to be any information about logging HTTP authentication or form submitted data.
This is also a reason why you shouldn't put sensitive information in the querystring even if using HTTPS - too many systems might accidentally log or show that in history.
It would, because they wouldn't just be able to passively log in, they would have to enter the password, reroute the sms (so that I didn't see it) and then log in to the email system (which is recorded on "this account was last accessed at").
Note that under U.S. law, any information you voluntarily relinquish to an entity that is not your ISP has basically zero protection. None, nada. Any law enforcement agency can get every bit of data stored about you by CarrierIQ without ever notifying you, and you don't have a 4th Amendment privacy right in the data.
