CarrierIQ: Most Phones Ship With "Rootkit"

First time accepted submitter Kompressor writes "According to a developer on the XDA forums, TrevE, many Android, Nokia, and BlackBerry smartphones have software called Carrier IQ that allows your carrier full access into your handset, including keylogging, which apps have been run, URLs that have been loaded in the browser, etc." Since this was submitted, a few more details have come to light. The software was designed to give carriers useful feedback on aggregate usage patterns, but the software runs as root and the privacy implications are pretty severe.

Doesn't Matter

It doesn't matter because Android is open.

That's all that matters.

Re:Doesn't Matter

In open source, the user can do whatever he or she wants with the software.
In proprietary software, it's the other way around.

Re:Doesn't Matter

[WorBlux]

But many of the drivers and first stage bootloaders aren't

Re:Doesn't Matter

[circletimessquare]

in soviet software land, software programs you!

Re:Doesn't Matter

[ByOhTek]

I think the GPs point is that, in this case, the latter can also be true for open source software.

Re:Doesn't Matter

[Bert64]

But the point is that an open version is available, and thanks to third party mods like cyanogen if you don't like the version shipped with the phone you can replace it...

Re:Doesn't Matter

[marcosdumay]

Or maybe his point was that, if Android was really open such things would be easy to fix.

Re:Doesn't Matter

[Runaway1956]

What Marcos said. Android is not "open source". It's "kinda sorta open to downstream proprietors, but not to end users", which is not open source at all.

I'm one who likes a lot of what Google does, but I'm no blind fanboi. Google dropped the ball when they permitted downstream customers to close their source. And, that's why I'm using a "dumb phone"*, with no plans to upgrade. I'm not about to pay the phone company hundreds of dollars, PLUS an exorbitant contract fee, so that they can spy on me.

* It should be noted that even old "dumb phones" are pretty easy to spy on, albeit to a lesser extent than is exposed in this and other recent articles.

Re:Doesn't Matter

[zill]

No, you cannot replace the first stage bootloader and the baseband, so they will forever remain proprietary. There is no way to have a working Android phone without running proprietary code unfortunately.

You can, however, get Android running without relying on proprietary code. It just won't work as a phone unfortunately.

Re:Doesn't Matter

[gauauu]

What Marcos said. Android is not "open source". It's "kinda sorta open to downstream proprietors, but not to end users", which is not open source at all.

Well, it's not "free" according to GPLv3 (android devices can be Tivo'ised preventing you from running modified code), but anyone can download the android source and modify and rebuild it. If your device supports it (many do), you can run your modified code on your device. I'm not sure how you can say Android isn't open source, as that's pretty much the definition of open-source.

Now you could argue that it's not "free" as defined by RMS and the FSF, and you'd have a decent argument. But claiming it's not open source is just incorrect.

Re:Doesn't Matter

[Ossifer]

I disagree. The very real risk (result!) is from the carriers putting crapware/spyware/etc. that you can't remove. I don't fear Google or Apple in this respect. Consider that yesterday it was revealed that Japan's largest carrier doesn't sell the iPhone precisely because Apple won't allow them to install such things.

Secondly, I don't consider it truly open source, unless I can reasonably make changes, which you can't do with Android phones currently on the market.

Re:Doesn't Matter

[Archeopteryx]

And the number of people capable of doing a brain transplant on an Android phone is probably in the 10,000s. Millions and millions of people are vulnerable and there isn't much they can do about it other than taking a hammer to the phone.

Re:Doesn't Matter

[Kral_Blbec]

Yup. And anyone who runs android can get a rom with CiQ stripped from it.

Re:Doesn't Matter

[Drakino]

Only parts of Android are open source. Other parts, including key infrastructure pieces and the majority of apps people use that ship on the devices are closed.

And open source here is a license that doesn't require Google to disclose the source when shipping, leading to every Android Honeycomb tablet that shipped this year being a closed platform until this week.

Google has severely muddied the meaning of open and open source compared to what we are used to from the GPL and Linux worlds.

Never let your hatred of Apple, Microsoft or whoever to cloud your judgement of the companies you do cling to. Google's "open" message is eerily similar to FUD messages Microsoft was spreading in the 90s when it came to Java and "open computing". The quicker we hold these companies accountable, the quicker it improves. Getting stuck in fanboy wars and putting on the blinders helps no one.

Re:Doesn't Matter

Now you could argue that it's not "free" as defined by RMS and the FSF, and you'd have a decent argument. But claiming it's not open source is just incorrect.

Actually, you wouldn't have a decent argument. "Free software" and "open source", as defined by the FSF and OSG respectively, are as near semantically equivalent as you can get, including a whole slew of permissive licenses like Apache. The term Stallman uses for GPL (and similarly restrictive licenses) is "copyleft", which is either a horrible pun or a misunderstanding of what "copy" in copyright means (it's a noun, as in "copywriter", referrring to the work, not a verb meaning to duplicate)

And of course Android is not copyleft, and nobody would argue it is. Then again, neither is netBSD, and I somehow do fine with that on my home desktop with no worries of rootkits. Conversely, even copyleft doesn't prevent tivoisation per se, which is why GPLv2 is still considered a copyleft license.

The big problem is tivoisation, implemented as locked-down bootloaders in many phones, preventing you from compiling and installing your own non-rootkitted software. If the only thing stopping the vendor from rootkitting you is the trust that they will really comply with the GPL and release full source (including the big-brother patches, which may well be "protected" as state secrets, if they're sharing collected info with the right people), you should assume you're rootkitted already. A secondary problem is the proprietary platform-specific drivers and codecs, making it difficult to get full functionality of the hardware with your own non-rootkitted software (and copyleft does help alleviate this, by making it more effort to separate binary blobs far enough to comply), but between reverse-engineering and dropping these blobs wholesale into your new system (on the theory that, say, an h.264 DSP codec is unlikely to be a spy platform), this is less of an issue than the locked-down bootloaders.

Re:Doesn't Matter

[Anne+Thwacks]

Do your duty: The best reason to have grandchildren is so they can install Cyanogenmod for you.

Re:Doesn't Matter

[lindi]

cyanogenmod claims to have 745,259 users currently. I am not sure if it is completely free or not but clearly more than 10000 users are using unofficial and modified version.

Re:Doesn't Matter

[dannys42]

I think what Runaway was trying to say is that Android is open source, but Android-based phones are not generally a very open platform because of the carrier's Tivo'ization.

Re:Doesn't Matter

[kruhft]

That's the first thing I did when I got my Nexus S. Wiped it, built Android and installed it. Then I was quite sure I had a clean phone.

Re:Doesn't Matter

[adolf]

There is no spoon.

Re:Doesn't Matter

[Nemyst]

Android is open source. That non-essential applications using the platform are not is unrelated to the subject at hand. If you can run Android in a functional manner without the closed-source applications installed, then Android is by definition open source.

That's like saying Linux isn't open source because it can have proprietary drivers.

Re:Doesn't Matter

[Bucky24]

Default Android is open. The versions that handset makers put on phones tends to be more closed off because they've made it that way.

Re:Doesn't Matter

[Drakino]

If you want to nit pick meanings, fine, though to get stuck doing so misses the larger picture. To most people, Android means a phone, running Google's Android OS, and Google's Android applications such as the marketplace, Gmail, Maps, etc. The marketplace, maps, Gmail and other common apps that come with every Google Android certified device are not open.

The reason I make a distinction between open and closed here is that yes, on Linux, almost the entire stack is open, from the proper Linux kernel, to the Gnome/KDE windowing environment, to the browsers, e-mail apps and other common programs bundled with a typical Linux distribution.

Yes, Android is functional without the closed bits Google doesn't ship, but only functional to engineering minded people who need a good OS to build their own mobile platform or device.

One interesting part that changed from open to closed is the handling of AGPS location caching. Remember, that same thing everyone blew up at Apple over last year? Yeah, Android does the same, and the open code revealed it, and the complete hiding of it inside some closed location API Google provides with Google Certified devices.

Re:Doesn't Matter

[Drakino]

Why should I drop it? Most people don't forgive other companies (Apple, Microsoft, etc) for grievances done over a decade ago, and yet Google gets a free pass after a week?

I'm not bringing it up to use as a fanboy attack like many others do. I'm bringing it up to illustrate the dangers of blindly believing Google's "open" message. It's open until they decide it's closed. There is nothing stopping Google from doing the exact same trick for future Android devices. I want to see Google do good, and keep Android open. The Honeycomb situation should not be forgotten, so we can try and pressure Google to stay on message more frequently.

Part of me (call it the tin foil hat part of my mind) has to wonder if Honeycomb was closed for as long as it was to prevent Amazon from using it to fork for their Fire tablet. Ultimately I think that if it was part of the motivation, it;s more damaging to Android as a whole in the tablet space. Some devs are going to be targeting 2.3 for the Fire, and doing lowest common denominator ports to 3.0/4.0 Android tablets, leading to a poorer experience for everyone.

Re:Doesn't Matter

[Killjoy_NL]

Now now play nice, allow other people their hobbies.
We're not complaining about your anal sex fixation with iPhones, that's just fine with us.

Re:Doesn't Matter

[farble1670]

Why should I drop it?

because it's not a valid grievance. google didn't sign some binding agreement with the users of the world to make all android open source, all the time, immediately. compared to apple or msft they are freaking saints (w/ regard to OSS), but it's never good enough huh? can't you be just as little positive about the fact that a company is pouring millions of dollars of resources into a platform and then just giving it away? of course not, because they aren't going about it on your time table.

OSS is *expensive* for a company. it's not just throwing it over the fence. they have to manage the community, manage contributions, keep the code clean and clear and keep everything perfectly documented for moron consumption. it's much, much more expensive for a company to open source their code than to just keep it internal.

there are good reason why they didn't release 3.0. for one, there were in the middle of restructuring the source code merging the 2.x and 3.x branches. releasing the code in this state would have been confusing to users, but mainly, cause them more work and resources in the long run. that's their prerogative- they are a public company that reserves the right to make make financial decisions.

Re:Doesn't Matter

[nurb432]

Google dropped the ball when they permitted downstream customers to close their source

And if they hadn't, no manufacturer would have adopted it.

Re:Doesn't Matter

[sveinungkv]

The newest version of the GPL, version 3, forbids it. GPLv2, the license of the Linux kernel, may allow it. Android is mostly Apache 2.0.

Re:Doesn't Matter

[nevermore94]

You are right. It doesn't matter. I am not a tinfoil hat wearer because I am a Computer Systems Engineer and Network Administrator and I know how much data they can gather from you if they want to and have pretty much just stopped caring. They don't need any special app hidden on your phone to spy on you. They could record every single URL that you visit from their server end. Unless you are taking some extraordinary measures on your phone like running through proxies (which can then log everything you do themselves) or Tor they can already track all of your online activity. Does this make something like CIQ right, hell no, and I have already verified that my Android phone doesn't contain it. But, it also doesn't mean that I have any allusions that every URL I visit isn't being recorded somewhere. I just don't care because I don't do anything on my phone that I wouldn't want the world to know about anyway. That is why burner phones were invented ;-)

PS, if you want an interesting look into which Android apps are tracking you when you use them, check out the app:
Addons Detector

Re:Doesn't Matter

[bmcage]

That's a very precise number. I wonder how they gather those statistics?

There is a rootkit in cyanogenmod that phones home with these statistics. You can read it in the code.

but but but... Apple

With a walled garden, Apple keeps the carriers out too.

Re:but but but... Apple

[Pieroxy]

With a walled garden, Apple keeps the carriers out too.

Yes, walled gardens have pros and cons. This is definitely a pro in my book.

Re:but but but... Apple

[Tr3vin]

Unless, of course, those walls have security cameras mounted on them.

Re:but but but... Apple

[CastrTroy]

This is the best thing that the iPhone has done for the cell phone industry. Apple doesn't bow down and let the carrier load whatever crap they want to on the phone. This makes the iPhone a much better experience, because an iPhone from Verizon is exactly the same as an iPhone from AT&T and it exactly the same as an iPhone you purchase directly from Apple. The only difference is that the carrier specific phones have been locked to that provider, but that's acceptable since you're getting the phone at a huge discount. I wish more handset makes, especially the big ones (HTC, Motorola, Nokia) would do the same to offer their customers a much better and more consistent experience.

Re:but but but... Apple

[Kazin]

Right, you're ok with Apple spying on you but not AT&T or Verizon? Fascinating.

Re:but but but... Apple

[sribe]

...but that's acceptable since you're getting the phone at a huge discount.

I don't even believe that. As long as you continue to pay your contract, you should be able to unlock the phone.

Re:but but but... Apple

[Unoriginal_Nickname]

Has anyone?

Re:but but but... Apple

[TheGratefulNet]

answer: the person holding the handle still controls the swing.

(wait, what?)

Re:but but but... Apple

[strech]

And you're sure of this why?
And from geek.com (http://www.geek.com/articles/mobile/how-much-of-your-phone-is-yours-20111115/):

Currently, Trevor has found CarrierIQ in a number of Sprint phones, including HTC and Samsung Android devices. CarrierIQ is confirmed to be found on the iPhone or on feature phones, but Trevor has found RIM’s Blackberry handsets and several Nokia devices with CarrierIQ on board as well.

This may just be a terribly worded sentence and CarrierIQ isn't on the iPhone (and I can't find any other cites), but even if this specific software isn't there, that doesn't mean other software that does the same thing under the excuse of "improving the network" isn't. Further, "Apple doesn't engage in abuse <x>" is a bullshit excuse for other problems.

Re:but but but... Apple

[Baloroth]

Anyway...with Apple, is it spying if you click "I accept" on the EULA?

Yes.

a)Burying something in a 20-page EULA (or however long it is) in legalese doesn't make it obvious. And more importantly b) spying is still spying even if you know about it. Spying usually implies secrecy, but it by no means requires it.

Re:but but but... Apple

[sootman]

You don't even need to go as far as the EULA -- iOS 5 actually asks you during setup if you want to allow usage data to be sent.
http://www.thewwwblog.com/wp-content/uploads/2011/10/ipad-ios-5-diagnostics-7.jpg
(From http://www.thewwwblog.com/apple-ios-5-setup-steps-apple-ipad.html )

Re:but but but... Apple

[popoutman]

EULAs are not contracts. They are a wishlist by the software writers, and such are part of an honour system. They are not legally binding in sane jurisdictions.

Re:but but but... Apple

The iPhone isn't even mentioned (like not at all) in any of the linked articles, so I don't know where you're imagining you read this.

Also, the word you're looking for is spelled "speech".

Re:but but but... Apple

[zoloto]

Care to explain how it doesn't keep the carriers out of the phone? Last I checked, and yes employing traffic monitoring is standard on my network, there was no remote access nor capabilities to do so.

Re:but but but... Apple

[CastrTroy]

It's a discount, because you end up the same feeds to the carriers even if you own your phone outright. This is my biggest objection to the whole racket. Your monthly bill is the same whether or not you are on a contract, and whether or not you bought the phone at a subsidized price. So, unless you are planning on switching carriers in the next few months (in which case, why are you using them to begin with?) you'd be stupid not to take the subsidized phone, because you'll end up paying the same every month anyway. I could see some advantage from someone who moves around a lot, who doesn't know if they will have good coverage (or if the carrier will offer service at all) in the next place they move to, but for most people who intend to stay in the same city, they get nothing by choosing to pay for their own phone.

Re:but but but... Apple

[hawguy]

Care to explain how it doesn't keep the carriers out of the phone? Last I checked, and yes employing traffic monitoring is standard on my network, there was no remote access nor capabilities to do so.

How did you check when you have no access to the IOS source code and no idea what it's really doing? Would you really know it if AT&T had some code buried in the kernel that sends your tracking data in some GSM control messages that aren't accessible in user-land on the phone? Making a phone work with a new carrier is more than just slapping a new radio in it -- there's software involved as well.

Re:but but but... Apple

[LoverOfJoy]

CarrierIQ is confirmed to be found on the iPhone

Not directly in the article but in the links within the article.

Here's the direct link: http://www.geek.com/articles/mobile/how-much-of-your-phone-is-yours-20111115/

Re:but but but... Apple

[LordLimecat]

Article is a load of crap, they give no details on how they know its there. They show screenshots of 2 android phones with visible GUIs which show CIQ, and then claim its on iPhone and Blackberry as well. Sorry, Ive dug through all the servicebooks on several blackberries (8250, 9600, 7200) and Ive never seen a CIQ service book.

And as for this statement...

According to TrevE, the software is installed as a rootkit software in the RAM of devices where it resides. This software basically is completely hidden from view and in it virtually invisible,

Someone doesnt understand the volatile nature of RAM, or is terrible at communicating. Rootkits dont reside in RAM, because then they would be removable with a battery removal. As for "completely hidden", why then does he have screenshots of a CIQ GUI where theres a "disable CIQ" checkbox?

The credibility factor of this story is in the negatives, especially when they really dont explain what their proof is and they have one guy on a forum claiming this-- its not even a researcher with a known real name. Who says this isnt a massive troll?

Re:but but but... Apple

[Microlith]

A walled garden would not have prevented this.

Google or the device vendors selling directly to end users and not being forced to route through the carriers probably would have.

Re:but but but... Apple

[oakgrove]

My bad. It's actually 10 dollars which comes out to 240 dollars over the two years. Strangely just about enough to cover the usual subsidy. Funny how that works.

Re:but but but... Apple

[kiwimate]

Disclaimer: I don't know what Baloroth's opinions in general are, so this isn't necessarily aimed at you. And I hope this doesn't sound too snide.

That said, this is where I see a double standard in Slashdot from time to time. Go back to stories about broadcasting SSIDs and setting up computers and so forth. Most Slashdotters tend to say it is on the part of the consumer to understand, read manuals, etc. Setting up encryption, for example - the prevailing opinion on here is that that that is just part of the modern world in which we live, and if consumers can't be bothered to read and understand, then they get what they deserve.

I think that's a pretty cavalier and smug attitude. Beyond that, however, if the same attitude doesn't work both ways, then I'm not terribly sympathetic. I don't understand all the legalese when I sign a mortgage, say...so I make sure I ask someone. And if I don't understand, I don't sign until I do. (And it's been pretty amazing. Example a - watching the glib sales girl who breezily said "read everything, take your time" and then got visibly cooler in her attitude when I proceeded to do just that. Example b - the Wells Fargo reps who responded "umm, we don't know" when I asked them what a particular phrase in their mortgage paperwork meant, and didn't think it was a problem to say "but it's standard language, so it's okay to sign anyway".)

Re:but but but... Apple

[The+Moof]

They are not legally binding in sane jurisdictions.

That, right there, is the catch. If you're in the US, you're not in a sane jurisdiction. Have you seen some of the egregious things they've been putting in EULAs these days that are actually being held up in court?

Re:but but but... Apple

[BitZtream]

iOS is mostly closed and analysis tools can't be installed without jailbreaking, how do we know what's going on in there?

Uhm ... Its been jailbroken so we can just look, just like you would on a rooted android device?

Besides, does nobody remember the iPhone location privacy fiasco?

No, cause there wasn't one. It wasn't anything even slightly malicious. The only person with direct access to it was the phone owner and the person with unencrypted backups of the phone, which was also likely the owner. I'm pretty sure the owner knew where the phone was anyway, which makes the whole thing a nonpoint.

It's just idiots like you who keep pretending it was some big deal because your to ignorant to realize it wasn't a threat.

Re:but but but... Apple

[Drakino]

You mean the smartphone location fiasco where it was discovered that *gasp* AGPS caches data on phones, including Android, Blackberry, iPhone and WebOS? Yep. Typical internet echo chamber amplification that turned it into an attack point for fanboys who didn't actually do any research.

Apple did have one legitimate bug in the situation. The cache was in a folder marked for backup to computers, due to it living in the same location as the settings file to toggle what apps can use location data. This was fixed, and the cache was reduced. I personally preferred the old cache time, since it meant my phone found my location when I wanted it to quicker. But they bowed to the pressure from the echo chamber anyhow.

Re:but but but... Apple

[mollymoo]

> Your monthly bill is the same whether or not you are on a contract, and whether or not you bought the phone at a subsidized price.

Wow, you have some seriously shitty networks. Over here (UK), SIM-only contracts are significantly less than you'd pay if you wanted a fancy smartphone with your contract. You can ever go further and get a "free" PS3 or laptop with your "free" phone by paying more for your contract.

Re:but but but... Apple

[nurb432]

I don't even believe that. As long as you continue to pay your contract, you should be able to unlock the phone.

Until you have paid off the subsidy its not really your phone. You are on in effect a 'lease to own' contract.

Re:but but but... Apple

[Beryllium+Sphere(tm)]

>The only person with direct access to it was the phone owner

The other people with access would be the pickpocket who stole the phone, the author of the malware stealthy enough to pass Apple's App Store vetting, the phone owner's abusive spouse, and the police department that claims the right to examine phones at traffic stops.

>your to ignorant

My irony meter just exploded.

Re:but but but... Apple

[buchanmilne]

\

This month, I have a direct-from-Nokia N9, running Maemo 6/"MeeGo Harmattan" (not to be confused with mainstream MeeGo), with a nice security framework forbidding such dangerous actions as chroot to the user, and rendering huge chunks of system configuration non-modifiable. The promised "open mode", where you would own your own device, but not be able to access DRMed apps and media, never materialised,

The open mode is implemented, and apparently as of the beta2 for N950 the intended mechanism works. Users with N9's on PR1.0 are reporting that they can boot a minimally patched kernel into open mode.

Aegis is hindering my device usage in the name of protecting exactly fuck-all.

Just the same sort of crap as a typical Android phone, and just as open to abuse

Really? You mean preventing user apps from doing dangerous things without the user's knowledge is just as open to abuse as allowing everything?

Too many ambitious but clueless users on N900 have had to have their hands held through manually fixing or flashing their devices because they thought installing rootsh was cool. If it had been a mainstream device, I think there would have been a lot of exploits for it ...

Since the N9 was intended (until Feb 12) to be a mainstream device, it really wouldn't have been a good idea to have gone with the totally open mode of N900.

Cyanogen

[Tsingi]

Nice.

Buy a phone you can root and put CyanogenMod on it. It works great!

Re:Cyanogen

[Pieroxy]

Tell that to my Mom. You're in for a rough ride, I'll tell you that much!

Re:Cyanogen

[gparent]

I'm always in for a rough ride with your mom. Oh, you mean to install Cyanogenmod?

Re:Cyanogen

[dkleinsc]

Plus, as any Aussie can tell you, rooting a phone is more than little bit kinky.

Re:Cyanogen

[oakgrove]

I put Cyanogen on my Samsung Vibrant. It has "removed carrier iq" in the release notes.

Re:Cyanogen

[oakgrove]

Pro tip: Never utter the words "...my mom..." on Slashdot. Wait...doh!

Re:Cyanogen

[Crudely_Indecent]

My wife was against me modding her phone, until she got fed up with the glitchy behavior. Noticing how well CM works on my phone, now she's begging me to upgrade hers. It's really not much different than the factory roms, it is just more stable and doesn't have all of the integrated garbage. Not much of a learning curve.

Really?

[Moheeheeko]

I assumed people allready knew this. I mean phone companies know who, where, when, and for how long you call anyone, you would have to be pretty naive to belive that they arent tracking your web useage just as closely.

Re:Really?

[MightyMartian]

I'm unclear here. Why isn't senior management and the board being hauled into court, forced to pay bail of a million bucks and the FBI seizing every single document within the United States? I mean, every time some fucking dipshit downloads a copy of some piece of Hollywood excrement, Congress and the courts are bending over backwards to punish the evildoer, but when major companies start throwing rootkit spyware on their phones, it's like "oh well."

If I was in charge, those companies would be facing destructive fines (hundreds of millions of dollars), senior management and the board would be cooling it in prison cells and facing stripping of every single asset they own and years of jail time ahead of them. I would make those fuckers so terrified that they'd wake up three times every night of the rest of their lives fearing that some marketing fuck had put something like that on the phones they're selling.

Re:Really?

[gstoddart]

you would have to be pretty naive to belive that they arent tracking your web useage just as closely.

In fact, they are also doing things in such a way as to cost you more money on your data plan.

A bunch of years ago, a co-worker was trying to figure out why the ability to directly go to an URL from his cell phone wasn't working as it was described in the manual.

It turns out the carrier (Rogers/AT&T) had tweaked the settings so that *every* request you did more or less went through one of their servers. It had the net effect of effectively doubling the amount of data needed for any request ... I don't recall the specifics, but he spent a good portion of a weekend working it out.

And, as much as we know they have all of the calling info ... keylogging, for example, might be a little too far over the line for them. They only need what they need for billing purposes.

Re:Really?

[Smallpond]

" By entering this Agreement, you consent to our data collection, use and sharing practices described in our Privacy Policy available at verizon.com/privacy." -- from Verizon Customer Agreement

That's why.

Re:Really?

[biodata]

Most places have some form of misuse of computers act, data protection act, and others. Maybe it's time to start requesting copies of all personal data from the phone carriers in the same way as has been done recently with FB.

Re:Really?

[Jeng]

I'm all for torturing executives, placing them in jail, fining them till they have no money, etc, etc.....

It's just that China goes above and beyond that by actually killing the people responsible and yet corruption is still rampant so I don't think that doing any of the above will actually change anything.

Don't get me wrong I am still for it even if it is ineffective. It would just make me feel good knowing that the people who screw so many people get screwed.

Re:Really?

[gstrickler]

There is a HUGE difference between knowing who you call or what websites you visit (available from network info) and knowing which apps you're using or monitoring your key strokes. The latter is none of their business, and key logging can allow them to access your passwords. That's completely inappropriate and probably a crime.

Re:Really?

[zill]

Except both Bush and Obama enacted laws to give those telecoms retroactive immunity. What now?

Re:So

[Rootkit]

http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/ The bottom of this page has a section about detection including an app to detect hidden UIs.

What about Nokia N9?

[IYagami]

An open terminal with great reviews

Data Cap

[BradleyUffner]

I bet the bandwidth it uses to send this data back to the carrier is deducted from our monthly cap too...

Re:"Smart" phones are a dumb buy.

Have you tried the Nokia N900?

some legitimate technical questions

[nimbius]

that should get asked about the article
does cyanogenmod mitigate this threat? if not how about whispercore? could whisper systems in the future detect and correct this
rootkit?
can rootkit detection systems presently available in linux detect and successfully help a hacker to remove the rootkit?

Re:some legitimate technical questions

[Andy+Dodd]

Cyanogenmod does not have CIQ in the first place.

It is also possible, with a LOT of work, to remove CIQ's hooks from the system using baksmali/smali (basically, a disassembler/assembler for Java).

Unfortunately, the developers on XDA who put forth NoCIQ mods seem to be considering this their "special sauce" to set themselves apart and get some donations - when asked where to look for hooks on a device they don't support, you get nothing but silence. No guides, even high-level ones oriented towards developers.

Re:some legitimate technical questions

[toadlife]

I have a ROM for the Epic4G with Carrier IQ removed. The first person who figured out how to remove CarrierIQ, posted the fixed jar files for all ROM developers to use.

I think the part of the reason why some of these mods don't come with guides is because they involve modifying those smali files, of which the stricture tends to very wildly from device to device.

Since I have tons of other mods on my ROM that affect the same files that CarrierIQ removal affects, I had to kang the changes by decompiling the stock jar/apk files and CIQ removed jar/apk files and comparing them with WinMerge.

The carrierIQ removal was actually fairly trivial compared the most challenging mod I integrated - adding a reboot and reboot to CWM recovery to the power menu. I followed an excellent guide on how to do it, but the guide was for a different device, were the structure and layout of the smali files was significantly different than the those that were on my phone.

You are right about devs not always sharing though. It's a giant rat race with everyone trying to integrate the latest hack or mod first.

Some guy messaged me asking to trade the code to the power menu mod in my ROM in exchange for something [that I didn't need]. I thought it was silly and offered to help him for free. I told him about the guide I followed, but advised him to decompile my jar/apk files and rip the changes, but he said he would just follow the guide. It's been a week and still no power menu mod in his rom.

There is definitely a culture clash over at XDA. A lot of devs don't seem to get the point of open source.

Samsung Vibrant

[oakgrove]

When I rooted my Vibrant and stripped out CIQ, the performance went through the roof. Logging every single thing a user does takes a toll apparently.

Re:Samsung Vibrant

[gstoddart]

When I rooted my Vibrant and stripped out CIQ, the performance went through the roof. Logging every single thing a user does takes a toll apparently.

And, I'm betting it's the users paying for the data plan usage that sends this stuff.

So, you're paying extra to be snooped on. I highly doubt they exclude this data from what they charge you.

The Price of Progress

[NicknamesAreStupid]

Those who can, do. It has always been true with technology. As we get older and see more of the effects, we are more aware, more affected. Privacy has been shrinking along with the open terrain since the Garden of Eden (metaphorically speaking). In 100 years, the privacy issues will extend into our subconscious minds. This seems inevitable as much as it seems disturbing. I guess that is why we grow old and die.

Re:"Smart" phones are a dumb buy.

[JDG1980]

Anyone that complains about personal info / privacy concerns and uses hotmail, yahoo, gmail, facebook, twitt-head-er, etc. etc. has NO leg to stand on.

Oh, please. With Facebook, anyone with half a clue knows going in that you shouldn't post anything you don't want seen in public. Same goes for Twitter.

Phone calls are very different. You have an expectation of privacy when calling someone. Laws going back decades prohibit wiretapping without a warrant.

2 Questions

[JustNiz]

1) How can you authoritatively determine the android phone you are about to buy doesn't have Carrier IQ installed, BEFORE you buy it?

2) If you already have an android phone, (how) can you check for and uninstall Carrier IQ?

Re:2 Questions

[SmurfButcher+Bob]

3. If your lawyer has this on his (her) phone, are they in breach of confidence? What about now that they know about CIQ?
4. If a medical *anything* has this on their phone, is this a HIPAA issue?

Re:2 Questions

[compro01]

1. Ask around basically.

2. a guy on xdadevs whomped up an app to detect (requires root) and remove (requires root and 99 cent donation) CIQ, among other things. http://forum.xda-developers.com/showpost.php?p=17612559&postcount=109

Re:2 Questions

[CimmerianX]

Those are 2 excellent questions.

How about

5. How about Financial information transmitted through banking apps or to and from your bank staff's phones? Would this be a violation of GLBA or SOX?

Re:list?

I can only speak for my Employer... BlackBerry: 0
It's a very misleading article. Yes it shows that a "root kit" install has appeared on an Android device, but it is clear that the author has no idea about the security restrictions applicable to BB devices. Want to block your Carrier's Application? Simply go to Security Options -> Advanced Security Options -> Certificates. Find your Carrier certs and revoke them. It won't block your phone calls, or data connections, but any app which your carrier has installed to your device with a Service Book will be prevented from running.
Oh, and you can also see exactly what modules are stored on your device under the Options->Applications listings. I seriously doubt you will ever find this stuff in there.

Re:Troll this guy down to where he belongs.

[filthpickle]

Not saying this is the case for the GP....but I know lots of parents who would laugh at you for saying that and then say "Hell no I don't trust him". Some of us had to be taught the consequences of doing wrong.

A troll, by any other name would smell as awful...

[jeffmeden]

Jesus, mods, way to fall for a troll. Parent should be (Score:-5, Lying). There is no suggestion in any of the articles on this subject that the iPhone has this software, other than a CarrierIQ job requirement listing iPhone experience as optional...

RMS was right

[SigmundFloyd]

Stallman doesn't sound so crazy now...

Re:RMS was right

Being right and being crazy aren't mutually exclusive.

Re:RMS was right

[swillden]

Being right and being crazy aren't mutually exclusive.

Being occasionally right and being crazy aren't mutually exclusive. Being consistently right and being crazy are, though.

Re:So

[Andy+Dodd]

Identify - not too hard, the linked articles have a good number of ways.

Remove - that's a LOT harder. It's got hooks all over the system, so often removing the libraries causes everything to start crashing. As time progresses, CIQ implementations become more and more invasive, to the point where on recent leaks for the Samsung Infuse 4G, it appears that they even modified wpa_supplicant with CIQ hooks! (I don't have the logcat with me now - but it's obvious that CIQ is trying to phone home when I try to associate with my access point. This may be why wifi fails on that leak if you're running without a SIM card.)

Re:So?

[Andy+Dodd]

Because it only has an opt-out option in the original software as delivered to the carriers/manufacturers.

By the time it gets into your hands, it is more invasive and the opt-out option has been removed. In fact, the software is fairly aggressively hidden from the user so it becomes difficult to even know about it.

Re:"Smart" phones are a dumb buy.

[Sloppy]

doesn't it worry you about what can be hidden in the baseband?

As long as the baseband really just includes the radio (i.e. microphone, keys/touch, screen, etc drivers aren't included in that) then it can be treated as being part of the network. And the network is already untrusted, i.e. your own radio being compromised is no worse than your ISP (or a backbone, or the person-you're-talking-to's ISP) being compromised.

Re:"Smart" phones are a dumb buy.

[zill]

Ooops, disregard that. I didn't read his baseband exception. Baseband is software, so it's part of the software stack.

Re:A troll, by any other name would smell as awful

[jeffmeden]

"CarrierIQ is confirmed to be found on the iPhone or on feature phones, but Trevor has found RIM’s Blackberry handsets and several Nokia devices with CarrierIQ on board as well." This would be so poorly worded otherwise, that it is hard to believe that the author didn't simply mean to write "not confirmed". That, and all of the articles by Trevor (and those in the scene) make NO mention at all about the iPhone.

Limited info really.. But it *IS* for iphone

[pjr.cc]

From what I have read, and baring in mind the amount of information is limited, but IOS is indeed capable of carrying the carrieriq software and there are versions of the iphone out there with it already installed OR at least that is the suggestion from this particular site:

http://www.geek.com/articles/mobile/how-much-of-your-phone-is-yours-20111115/

I dont have an iphone, so i dont care either way personally.

Google's fault?

[pjr.cc]

I am something of a self-confessed google fan-boy - though the lustre of theirs has been very much tarnished by things they have done lately, such as keeping 3.x out of AOSP - amongst many other things. Generally my love of google is pretty low at the moment.

But, I personally dont really hold google responsible for any of this. They make an OS. Did microsoft get blamed when sony had that drm root-kit flooding cd's?

Or would you blame ubuntu if a fork of ubuntu carried a similar piece of software? Even if it were an ubuntu sanctioned derivative work?

Ultimately though, what control would google have over people doing this? probably not alot. The devices makers make the roms and (probably) customise them for the carriers, the fact that an app is capable of doing such a thing is unsurprising given it operates at the root level and i doubt there would be much from the android side you could really do to stop it from occurring.

However, given its in the open now, I wonder what the legal (i.e. government) response might be, It could have serious implications to numerous compliance-type privacy issues. I suspect we'll probably see a government probe coming along sometime soon personally.

What do you mean? It already has.

[SuperKendall]

A walled garden would not have prevented this.

How do you you figure that?

The case in point is obviously Apple. They do not do an end-run around the providers as you advocate for. Yet there is no such software on any iPhone.

The carriers will screw with whoever they can. You have to stand up to them; Apple did, and Google never even tried.

Re:How much data?

[skr95062]

Unfortunately SCOTUS has ruled the binding arbitration clause in the contract prohibits you from filing or joining a class action suit against the carrier.
So if the carrier is transmitting the data collected by CIQ and counting it against your data cap, which they probably are, you might stand a chance of winning an arbitration case against the carrier. After all they are using data from the data plan you are paying for that you can't use. You could always try a criminal complaint against the carrier, I doubt if that would work, but technically they are depriving you of data that you paid for. It would be interesting to see how much data they are transmitting each time CIQ phones home.

Re:What do you mean? It already has.

[idontgno]

Ad hominem: the sophisticated way to say "I lose".

It's not in my phone.

[ross.w]

I have a Samsung Galaxy SII with the current Australian firmware. Based on the information at http://forum.xda-developers.com/showpost.php?p=11763089 CIQ is not installed. I don't know if the standard Samsung firmware as supplied is the same, but it's one of the things I like about my carrier, Virgin. Their phones really are. With Optus or Telstra YMMV.

This is why I bought a Nokia N900

[jonwil]

Yes the Nokia N900 has a pile of closed-source packages. But if it WAS running this CarrierIQ crap (which it isn't because its a product direct from Nokia and has never been tainted by any carrier) I could just open up an xterm and type "apt-get remove carrieriq" and get rid of it.