Slashdot Mirror
CarrierIQ: Most Phones Ship With "Rootkit"
First time accepted submitter Kompressor writes "According to a developer on the XDA forums, TrevE, many Android, Nokia, and BlackBerry smartphones have software called Carrier IQ that allows your carrier full access into your handset, including keylogging, which apps have been run, URLs that have been loaded in the browser, etc."
Since this was submitted, a few more details have come to light. The software was designed to give carriers useful feedback on aggregate usage patterns, but the software runs as root and the privacy implications are pretty severe.
http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/ The bottom of this page has a section about detection including an app to detect hidden UIs.
" By entering this Agreement, you consent to our data collection, use and sharing practices described in our Privacy Policy available at verizon.com/privacy." -- from Verizon Customer Agreement
That's why.
When I rooted my Vibrant and stripped out CIQ, the performance went through the roof. Logging every single thing a user does takes a toll apparently.
The soylentnews experiment has been a dismal failure.
I put Cyanogen on my Samsung Vibrant. It has "removed carrier iq" in the release notes.
The soylentnews experiment has been a dismal failure.
You don't even need to go as far as the EULA -- iOS 5 actually asks you during setup if you want to allow usage data to be sent.
http://www.thewwwblog.com/wp-content/uploads/2011/10/ipad-ios-5-diagnostics-7.jpg
(From http://www.thewwwblog.com/apple-ios-5-setup-steps-apple-ipad.html )
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
EULAs are not contracts. They are a wishlist by the software writers, and such are part of an honour system. They are not legally binding in sane jurisdictions.
- This sig deliberately left blank. Nothing to see, move along.
Stallman doesn't sound so crazy now...
Knowledge is power; knowledge shared is power lost.
What Marcos said. Android is not "open source". It's "kinda sorta open to downstream proprietors, but not to end users", which is not open source at all.
Well, it's not "free" according to GPLv3 (android devices can be Tivo'ised preventing you from running modified code), but anyone can download the android source and modify and rebuild it. If your device supports it (many do), you can run your modified code on your device. I'm not sure how you can say Android isn't open source, as that's pretty much the definition of open-source.
Now you could argue that it's not "free" as defined by RMS and the FSF, and you'd have a decent argument. But claiming it's not open source is just incorrect.
1. Ask around basically.
2. a guy on xdadevs whomped up an app to detect (requires root) and remove (requires root and 99 cent donation) CIQ, among other things. http://forum.xda-developers.com/showpost.php?p=17612559&postcount=109
upon the advice of my lawyer, i have no sig at this time
You mean the smartphone location fiasco where it was discovered that *gasp* AGPS caches data on phones, including Android, Blackberry, iPhone and WebOS? Yep. Typical internet echo chamber amplification that turned it into an attack point for fanboys who didn't actually do any research.
Apple did have one legitimate bug in the situation. The cache was in a folder marked for backup to computers, due to it living in the same location as the settings file to toggle what apps can use location data. This was fixed, and the cache was reduced. I personally preferred the old cache time, since it meant my phone found my location when I wanted it to quicker. But they bowed to the pressure from the echo chamber anyhow.