CarrierIQ: Most Phones Ship With "Rootkit"

First time accepted submitter Kompressor writes "According to a developer on the XDA forums, TrevE, many Android, Nokia, and BlackBerry smartphones have software called Carrier IQ that allows your carrier full access into your handset, including keylogging, which apps have been run, URLs that have been loaded in the browser, etc." Since this was submitted, a few more details have come to light. The software was designed to give carriers useful feedback on aggregate usage patterns, but the software runs as root and the privacy implications are pretty severe.

Re:but but but... Apple

[CastrTroy]

This is the best thing that the iPhone has done for the cell phone industry. Apple doesn't bow down and let the carrier load whatever crap they want to on the phone. This makes the iPhone a much better experience, because an iPhone from Verizon is exactly the same as an iPhone from AT&T and it exactly the same as an iPhone you purchase directly from Apple. The only difference is that the carrier specific phones have been locked to that provider, but that's acceptable since you're getting the phone at a huge discount. I wish more handset makes, especially the big ones (HTC, Motorola, Nokia) would do the same to offer their customers a much better and more consistent experience.

Re:but but but... Apple

[Kazin]

Right, you're ok with Apple spying on you but not AT&T or Verizon? Fascinating.

Re:"Smart" phones are a dumb buy.

Have you tried the Nokia N900?

Re:Really?

[MightyMartian]

I'm unclear here. Why isn't senior management and the board being hauled into court, forced to pay bail of a million bucks and the FBI seizing every single document within the United States? I mean, every time some fucking dipshit downloads a copy of some piece of Hollywood excrement, Congress and the courts are bending over backwards to punish the evildoer, but when major companies start throwing rootkit spyware on their phones, it's like "oh well."

If I was in charge, those companies would be facing destructive fines (hundreds of millions of dollars), senior management and the board would be cooling it in prison cells and facing stripping of every single asset they own and years of jail time ahead of them. I would make those fuckers so terrified that they'd wake up three times every night of the rest of their lives fearing that some marketing fuck had put something like that on the phones they're selling.

some legitimate technical questions

[nimbius]

that should get asked about the article
does cyanogenmod mitigate this threat? if not how about whispercore? could whisper systems in the future detect and correct this
rootkit?
can rootkit detection systems presently available in linux detect and successfully help a hacker to remove the rootkit?

Re:some legitimate technical questions

[Andy+Dodd]

Cyanogenmod does not have CIQ in the first place.

It is also possible, with a LOT of work, to remove CIQ's hooks from the system using baksmali/smali (basically, a disassembler/assembler for Java).

Unfortunately, the developers on XDA who put forth NoCIQ mods seem to be considering this their "special sauce" to set themselves apart and get some donations - when asked where to look for hooks on a device they don't support, you get nothing but silence. No guides, even high-level ones oriented towards developers.

2 Questions

[JustNiz]

1) How can you authoritatively determine the android phone you are about to buy doesn't have Carrier IQ installed, BEFORE you buy it?

2) If you already have an android phone, (how) can you check for and uninstall Carrier IQ?

Re:2 Questions

[SmurfButcher+Bob]

3. If your lawyer has this on his (her) phone, are they in breach of confidence? What about now that they know about CIQ?
4. If a medical *anything* has this on their phone, is this a HIPAA issue?

Re:Samsung Vibrant

[gstoddart]

When I rooted my Vibrant and stripped out CIQ, the performance went through the roof. Logging every single thing a user does takes a toll apparently.

And, I'm betting it's the users paying for the data plan usage that sends this stuff.

So, you're paying extra to be snooped on. I highly doubt they exclude this data from what they charge you.

Re:Doesn't Matter

[Ossifer]

I disagree. The very real risk (result!) is from the carriers putting crapware/spyware/etc. that you can't remove. I don't fear Google or Apple in this respect. Consider that yesterday it was revealed that Japan's largest carrier doesn't sell the iPhone precisely because Apple won't allow them to install such things.

Secondly, I don't consider it truly open source, unless I can reasonably make changes, which you can't do with Android phones currently on the market.

Re:Doesn't Matter

[nevermore94]

You are right. It doesn't matter. I am not a tinfoil hat wearer because I am a Computer Systems Engineer and Network Administrator and I know how much data they can gather from you if they want to and have pretty much just stopped caring. They don't need any special app hidden on your phone to spy on you. They could record every single URL that you visit from their server end. Unless you are taking some extraordinary measures on your phone like running through proxies (which can then log everything you do themselves) or Tor they can already track all of your online activity. Does this make something like CIQ right, hell no, and I have already verified that my Android phone doesn't contain it. But, it also doesn't mean that I have any allusions that every URL I visit isn't being recorded somewhere. I just don't care because I don't do anything on my phone that I wouldn't want the world to know about anyway. That is why burner phones were invented ;-)

PS, if you want an interesting look into which Android apps are tracking you when you use them, check out the app:
Addons Detector