Sorry. You're right. I let the ultra dumbness of this whole thread bring me down a bit.
Doing an SSL MITM from agent software installed by the carrier on a phone seems pretty silly, since the carrier is in a position to see anything you're typing into your phone anyways (in the sense that it controls the OS).
I'm not sure I buy any analysis that suggests CarrierIQ is really "MITM'ing" SSL --- though that's trivial for a software agent to do --- because the same people saying that are also saying that it's obvious that CarrierIQ is capturing and remote-logging message contents.
real question here: Should it be obvious that the carrier controls the OS? Second question: is that acceptable? I mean, that assumption underpins your dismissal of an MITM as "pretty silly", which also seems totally correct.
I'm just curious if that's the way phones will be forever: with the OS controlled by the carrier and with no right to tinker/hack/modify the device you buy & pay huge monthly fees to use.
Doing an SSL MITM from agent software installed by the carrier on a phone seems pretty silly, since the carrier is in a position to see anything you're typing into your phone anyways (in the sense that it controls the OS).
I'm not sure I buy any analysis that suggests CarrierIQ is really "MITM'ing" SSL --- though that's trivial for a software agent to do --- because the same people saying that are also saying that it's obvious that CarrierIQ is capturing and remote-logging message contents.