FWIW, I discussed this exact issue with my attorney some days ago, and while a discussion of the legality of this is beyond the scope of this missive, I can say what his responses were regarding a couple of MY biggest questions...And what might/should become important questions to others in any professional/technical field which has legal compliance requirements; in short:

1) "Would an attorney using (Insert Pre-Trojaned CIQ Phone Here), if discussing case/client/court details over it with (say), their client, another Officer of the Court, etcetera, be leaving themselves open to breakage of Attorney/Client Privilege, violation of client confidentiality, and All That Jazz?”
2) “Would a Doctor using the phone to communicate with their patients, their colleagues, etcetera be in violation of patient confidentiality laws (HIPAA and/or State-specific statutes)?"

My initial thoughts, based upon the Reasonable Man Doctrine, would logically dictate *NONE* of the above activities would be in violation in any case above, provided the professional was unaware of the issue; contrariwise, once they ARE aware of the issue, any/all of the above could be construed as violation(s) of confidentiality (attorney/client, HIPAA etcetera respectively).


He concurred.


Would that it were. To paraphrase a Great Philosopher (Meatwad): "It ain't."

Well, about the only people who would or could have reasonably known about this earlier would be either those who worked in the Telephony/CTI SW industry (e.g., developers at CIQ; personnel working for the carriers), or those with the wit and wherewithal -- to say nothing of the knowledge of cellular telephony, some *NIX knowledge, and the desire to dig into the guts of the 'smart' phones of today -- so I don't think one can reasonably blame the masses for not knowing about something which is, in point of fact, very arcane to the average non-technophile/non-hyper-literate phone user.

No: Caveat Emptor is all well & good, though it runs out of runway mighty quick when marketing technological devices to those who have no reasonable need to know everything about their operation; therefore, this is something which those hawking the warez (SIC intentional) to the unsuspecting masses SHOULD have been up-front about from the drop. They were not. Imagine my utter lack of surprise.

In summary, I would recommend that those people who are in the field of law, medicine or even those entrusted with safeguarding IP and/or proprietary/trade secrets of organizations, MAKE YOURSELF AWARE OF THE IMPLICATIONS. If possible, help educate those in the Medical/Legal fields as much as possible, as once they are AWARE of the issue, well...Kinda self explanatory, eh...?

Please note that none of what is said in this post should be taken to represent my endorsement of, legitimization of, or questioning of the appalling breaches of privacy CIQ et al give rise to and that the major carriers (e.g., AT&T, Verizon, Sprint, et al here in the States) have undoubtedly been exploiting for longer than most people are even aware. My point was to respond and share some (informal) legal information that might, hopefully, be of use to others.

Not to my knowledge, however, I'm not precisely Mister Current Affairs these days, and I believe there is already a Java-based anti-malware application for Android which does detect it (no idea if it truly, fully disables it, though – haven't checked). And CIQ isn't precisely the sort of thing RKHunter will flag, so, huh. With Java running on my N900, I wonder if it would be worth attempting to port whatever anti-malware stuff has been done on the Droid end, or if it'd be easier to start from scratch? I'll leave that to those more capable than myself.

~J