Slashdot Mirror


CarrierIQ: Most Phones Ship With "Rootkit"

First time accepted submitter Kompressor writes "According to a developer on the XDA forums, TrevE, many Android, Nokia, and BlackBerry smartphones have software called Carrier IQ that allows your carrier full access into your handset, including keylogging, which apps have been run, URLs that have been loaded in the browser, etc." Since this was submitted, a few more details have come to light. The software was designed to give carriers useful feedback on aggregate usage patterns, but the software runs as root and the privacy implications are pretty severe.

7 of 447 comments (clear)

  1. Re:but but but... Apple by CastrTroy · · Score: 5, Interesting

    This is the best thing that the iPhone has done for the cell phone industry. Apple doesn't bow down and let the carrier load whatever crap they want to on the phone. This makes the iPhone a much better experience, because an iPhone from Verizon is exactly the same as an iPhone from AT&T and it exactly the same as an iPhone you purchase directly from Apple. The only difference is that the carrier specific phones have been locked to that provider, but that's acceptable since you're getting the phone at a huge discount. I wish more handset makes, especially the big ones (HTC, Motorola, Nokia) would do the same to offer their customers a much better and more consistent experience.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  2. some legitimate technical questions by nimbius · · Score: 4, Interesting

    that should get asked about the article
    does cyanogenmod mitigate this threat? if not how about whispercore? could whisper systems in the future detect and correct this
    rootkit?
    can rootkit detection systems presently available in linux detect and successfully help a hacker to remove the rootkit?

    --
    Good people go to bed earlier.
  3. 2 Questions by JustNiz · · Score: 4, Interesting

    1) How can you authoritatively determine the android phone you are about to buy doesn't have Carrier IQ installed, BEFORE you buy it?

    2) If you already have an android phone, (how) can you check for and uninstall Carrier IQ?

    1. Re:2 Questions by SmurfButcher+Bob · · Score: 5, Interesting

      3. If your lawyer has this on his (her) phone, are they in breach of confidence? What about now that they know about CIQ?
      4. If a medical *anything* has this on their phone, is this a HIPAA issue?

      --

      help me i've cloned myself and can't remember which one I am

  4. Re:Samsung Vibrant by gstoddart · · Score: 4, Interesting

    When I rooted my Vibrant and stripped out CIQ, the performance went through the roof. Logging every single thing a user does takes a toll apparently.

    And, I'm betting it's the users paying for the data plan usage that sends this stuff.

    So, you're paying extra to be snooped on. I highly doubt they exclude this data from what they charge you.

    --
    Lost at C:>. Found at C.
  5. Re:Doesn't Matter by Ossifer · · Score: 5, Interesting

    I disagree. The very real risk (result!) is from the carriers putting crapware/spyware/etc. that you can't remove. I don't fear Google or Apple in this respect. Consider that yesterday it was revealed that Japan's largest carrier doesn't sell the iPhone precisely because Apple won't allow them to install such things.

    Secondly, I don't consider it truly open source, unless I can reasonably make changes, which you can't do with Android phones currently on the market.

  6. Re:Doesn't Matter by nevermore94 · · Score: 4, Interesting

    You are right. It doesn't matter. I am not a tinfoil hat wearer because I am a Computer Systems Engineer and Network Administrator and I know how much data they can gather from you if they want to and have pretty much just stopped caring. They don't need any special app hidden on your phone to spy on you. They could record every single URL that you visit from their server end. Unless you are taking some extraordinary measures on your phone like running through proxies (which can then log everything you do themselves) or Tor they can already track all of your online activity. Does this make something like CIQ right, hell no, and I have already verified that my Android phone doesn't contain it. But, it also doesn't mean that I have any allusions that every URL I visit isn't being recorded somewhere. I just don't care because I don't do anything on my phone that I wouldn't want the world to know about anyway. That is why burner phones were invented ;-)

    PS, if you want an interesting look into which Android apps are tracking you when you use them, check out the app:
    Addons Detector

    --
    Nevermore.