The video does not show that anything is being logged or sent through the network.
All it shows is that a phone monitoring agent is informed about events that might be important while debugging - receiveing text, making calls, opening websites, pressing buttons. And that its hard to kill this agent without rooting the device.
What is important is:
1. Is the data logged on the device? (I guess that should be easy on a rooted device),
2. Is there any data sent even if the 'htc quality agent' is not activated? (route it through a linux box, tcpdump)
3. Is the data really anonymized if the 'htc quality agent' is enabled?
"There's no evidence that this crack pipe was used to consume crack cocaine"
The entire purpose of the application is ostensibly to send user activity to a corporation called Carrier IQ. I think the burden of proof is on the application whose purpose is to send user activity to Carrier IQ as to whether or not collected user activity including keystrokes is being sent to Carrier IQ. The fact that the software is able to gain keystroke events and SMS communications at all is a security breach.
I'm sure the problem of determining what confidential information is leaving the device is being worked on right now.
All it shows is that a phone monitoring agent is informed about events that might be important while debugging - receiveing text, making calls, opening websites, pressing buttons. And that its hard to kill this agent without rooting the device.
What is important is: 1. Is the data logged on the device? (I guess that should be easy on a rooted device), 2. Is there any data sent even if the 'htc quality agent' is not activated? (route it through a linux box, tcpdump) 3. Is the data really anonymized if the 'htc quality agent' is enabled?