Slashdot Mirror


CarrierIQ: Most Phones Ship With "Rootkit"

First time accepted submitter Kompressor writes "According to a developer on the XDA forums, TrevE, many Android, Nokia, and BlackBerry smartphones have software called Carrier IQ that allows your carrier full access into your handset, including keylogging, which apps have been run, URLs that have been loaded in the browser, etc." Since this was submitted, a few more details have come to light. The software was designed to give carriers useful feedback on aggregate usage patterns, but the software runs as root and the privacy implications are pretty severe.

7 of 447 comments (clear)

  1. but but but... Apple by Anonymous Coward · · Score: 5, Insightful

    With a walled garden, Apple keeps the carriers out too.

    1. Re:but but but... Apple by LordLimecat · · Score: 5, Insightful

      Article is a load of crap, they give no details on how they know its there. They show screenshots of 2 android phones with visible GUIs which show CIQ, and then claim its on iPhone and Blackberry as well. Sorry, Ive dug through all the servicebooks on several blackberries (8250, 9600, 7200) and Ive never seen a CIQ service book.

      And as for this statement...

      According to TrevE, the software is installed as a rootkit software in the RAM of devices where it resides. This software basically is completely hidden from view and in it virtually invisible,

      Someone doesnt understand the volatile nature of RAM, or is terrible at communicating. Rootkits dont reside in RAM, because then they would be removable with a battery removal. As for "completely hidden", why then does he have screenshots of a CIQ GUI where theres a "disable CIQ" checkbox?

      The credibility factor of this story is in the negatives, especially when they really dont explain what their proof is and they have one guy on a forum claiming this-- its not even a researcher with a known real name. Who says this isnt a massive troll?

    2. Re:but but but... Apple by The+Moof · · Score: 5, Insightful

      They are not legally binding in sane jurisdictions.

      That, right there, is the catch. If you're in the US, you're not in a sane jurisdiction. Have you seen some of the egregious things they've been putting in EULAs these days that are actually being held up in court?

  2. Re:Doesn't Matter by Anonymous Coward · · Score: 5, Insightful

    In open source, the user can do whatever he or she wants with the software.
    In proprietary software, it's the other way around.

  3. Re:Doesn't Matter by WorBlux · · Score: 5, Insightful

    But many of the drivers and first stage bootloaders aren't

  4. Re:Doesn't Matter by ByOhTek · · Score: 5, Insightful

    I think the GPs point is that, in this case, the latter can also be true for open source software.

    --
    Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
  5. Re:Doesn't Matter by zill · · Score: 5, Insightful

    No, you cannot replace the first stage bootloader and the baseband, so they will forever remain proprietary. There is no way to have a working Android phone without running proprietary code unfortunately.

    You can, however, get Android running without relying on proprietary code. It just won't work as a phone unfortunately.