Download our in-depth report: The Ultimate Guide to IT Security Vendors
When monitoring traffic on his phone, Lincoln noticed frequent connections to a domain owned by Motorola, passing basic check-in data every nine minutes, including hardware data, application information, phone call statistics, and more.
He also found that Motorola gathers e-mail addresses and passwords for Facebook, Twitter, YouTube, Picasa and Photobucket, along with a wide range of user activity on those services. Similar data is collected for everything from Exchange ActiveSync to RSS feeds.
"I can think of many ways that Motorola, unethical employees of Motorola, or unauthorized third parties could misuse this enormous treasure trove of information," Lincoln writes. "But the biggest question on my mind is this: now that it is known that Motorola is collecting this data, can it be subpoenaed in criminal or civil cases against owners of Motorola phones?"