Chinese Mobile Phone Cameras Are Not-So-Secretly Recording Users' Activities

Oiwan Lam, reporting for Global Voices: It has been widely reported that software and web applications made in China are often built with a "backdoor" feature, allowing the manufacturer or the government to monitor and collect data from the user's device. But how exactly does the backdoor feature work? Recent discussion among mobile phone users in mainland China has shed some light on the question.

Last month, users of Vivo NEX, a Chinese Android phone, found that when they opened certain applications on the phone, including Chinese internet giant QQ browser and travel booking app Ctrip, the mobile device's camera would self-activate. [...] One Weibo user observed that the retractable camera self-activates whenever he opens a new chat on Telegram, a messaging application designed for secured and encrypted communication.

[...] After the news of the self-activated camera bug spread, users started testing the issue on other applications and found that Baidu's voice input application has access to both the camera and voice recording function, which can be launched without users' authorization. A Vivo NEX user found that once she had installed Baidu's voice input system, it would activate the phone's camera and sound recording function whenever the user opened any application -- including chat apps, browsers -- that allows the user to input text.

ITS COMING HOME

LETS GO LADS

Re:ITS COMING HOME

Wrong!

Re: ITS COMING HOME

It's going to have a holiday in France or Croatia for a few years while it thinks about coming home.

because ..

china!

China setting the precedent

Don't worry, the US and the rest of the first world will be like China in the not so distant future.
China shows the way!

Orwell that ends well

[lessthan0]

North Korea proved that an entire county can be subjugated in a 1984 fashion for long periods of time. China keeps moving that way instead of toward more openness and freedom. I would expect that to limit their economic growth at some point, but who knows. Freedom is not a given in the future of any country.

Re:Orwell that ends well

If China were the only one moving that way, it would possibly limit their economic growth. The problem is the entire WORLD seems to be moving that way, some at a faster rate than others. But it's not like I can honestly look at my United States and say we aren't doing the exact same thing, and whenever one of us plebes mention it in a public forum all that has to happen is somebody whines about how it's for our own protection and then it ceases to be an issue of importance.

Re:Orwell that ends well

[DontBeAMoran]

North Korea, China, UK, USA.

Who's next?

Re:Orwell that ends well

[PPH]

Beware of leaders with funny hairstyles. Things have been going downhill here since Eisenhower.

Re:Orwell that ends well

North Korea, China, UK, USA.

Who's next?

I hope none.

And let's not assume either. Just because a few kids on the playground like to eat dirt for lunch doesn't mean every kid is going to join in on that fucking stupidity.

Re: Orwell that ends well

The most important thing is to not post on internet about your dislike of government and to individually and secretly be seditious. All governments are bad. Religion is even worse. Be silent and help others!

Re:Orwell that ends well

[Actually,+I+do+RTFA]

I would expect that to limit their economic growth at some point

I don't know why it would. I mean, "don't do your job well and the police will beat you for 30 minutes" is a pretty excellent motivator for their workers... or even the bosses.

Re:Orwell that ends well

Yep ... Antifa sluts pollute American political free speech like nibbers pollute an educational system. Or Hollyweird cunts flap their gobs without blojobbing. Pretty snarky results ... in all cases ... when Rawlsian mud-people howl.

Re:Orwell that ends well

"If China were the only one moving that way"
China has NEVER moved away from it's authoritarian police state. Their growing economy has just allowed the Chinese government to launch effective global marketing programs to convince the outside world that their brand of government was improving on par with their economy.

"look at my United States and say we aren't doing the exact same thing" In the US you can protest anything you want to. This is hardly a secret since it seems that a good number of people spend the bulk of their time doing nothing but protesting. You will never see any Chinese citizens protesting anything the Chinese government does. The last time any Chinese citizen protested their government was in Tiananmen Square and that protest was broken up with tanks running over any protester not fast enough to get out of the way. One result of China's global marketing campaign has translated to an increase in the number of nimrods that make these kinds of statements. And the US does face very legitimate security threats that require some type of response. That doesn't mean every government action should be condoned for security or that every response has been correct but it doesn't mean no response is ever warranted. Some people in the US are basically arguing that US intelligence agencies should be transparent with every action submitted to public debate. Granted most of hardcore supporters of this approach are most likely Russian, Chinese, Iranian, or NK operatives along with the more progressively stupid US citizens.

Re: Orwell that ends well

All them mass murdering democidal lunatics had hair. Bald is best.

Re: Orwell that ends well

You forgot Russia. Bit of a glaring omission, don't you think? Tut tut, most careless.

Re:Orwell that ends well

[tsa]

In the Netherlands we also know how to keep an eye on our citizens. But we sem to be working to go in the opposite direction, luckily.

Re: Orwell that ends well

[DontBeAMoran]

Yeah, you're right. But they're easy to forget, since it's such a small country all the way down there in the south hemisphere.

Would the same be possible with Apple iOS?

[sinij]

Would the same level of abuse be possible with Apple iOS, or is this intrinsic flaw in open-sourced Android where it is possible to modify OS functionality without it becoming obvious?

Re:Would the same be possible with Apple iOS?

[cascadingstylesheet]

Would the same level of abuse be possible with Apple iOS, or is this intrinsic flaw in open-sourced Android where it is possible to modify OS functionality without it becoming obvious?

The examples in the summary are apps.

It's just that a voice input app will kick in whenever a keyboard is needed - oops.

Re:Would the same be possible with Apple iOS?

[carlhaagen]

While the level of scrutiny and inspection procedures performed by Apple before publishing an iOS application is on a completely different level than that of Google and their Play Store, it's technically possible. But the case with these Chinese Android phones isn't really about this or that rogue app possibly showing up on the Play Store, but rather that they all come with a customized Android build prepared from start with a selection of malware/spyware. It's a complete ready-to-go, ready-to-spy package.

Re:Would the same be possible with Apple iOS?

[Solandri]

Both iOS and Android already give the device owner control over what functions an app is able to access. For example, Android notified me that an update to one of the games on my tablet was asking for access to the microphone and camera. I of course denied those permissions (the game seems to run just fine without them). Since my tablet is rooted, I also get control over which apps are allowed to use the network. So even with the few programs which need such access (like a photo-to-PDF converter), I'm confident it isn't transmitting info about me back to the app maker.

There are two reasons for the problem.

• Certain apps need such permissions. The voice input app mentioned in the summary requires access to the microphone to function. The maker of the app can then abuse that permission to use the microphone to record conversations and transmit them back to the mothership. This is even more insidious with voice recognition apps, which have to record conversations and transmit them back for the recognition stage anyway. At that point the difference between legitimate and illegitimate use becomes whether the company keeps the recordings on file, or deletes them after the recognition is completed (which is why I've long advocated that voice recognition be moved to the device itself now that processors are getting to the point where that's feasible). It's impossible for OS-level restrictions to prevent this type of abuse.
• China has encouraged forking Android and developing its own version for use in the Chinese market. Ostensibly this is to reduce the amount of control foreign companies (namely Google) have over products used within China. Most people however suspect that it's done so the Chinese government can insert its own monitoring software directly within the OS itself. The kind of stuff the NSA only dreams it could do. The maker of an open-source OS has no control over what happens to forks.

Re:Would the same be possible with Apple iOS?

[tlhIngan]

Blockquote>

Would the same level of abuse be possible with Apple iOS, or is this intrinsic flaw in open-sourced Android where it is possible to modify OS functionality without it becoming obvious?

The examples in the summary are apps.

It's just that a voice input app will kick in whenever a keyboard is needed - oops.

Except iOS keyboard apps are restricted by default into only doing a few things, and must be functional in restricted mode. If a user wants, they may remove the restriction, allowing they keyboard access to things like network.

However, secure input boxes like passwords pop up the default iOS keyboard to prevent exfiltration of passwords by keyboard apps.

Re:Would the same be possible with Apple iOS?

Lookie here... it's an Apple fagboy, taking it up the ass from Tim Cook.

Re:Would the same be possible with Apple iOS?

Lookie here... it's a jealous and butthurt Fagdroid user, taking it up the ass from the entire Android malware ecosystem.

Re: Would the same be possible with Apple iOS?

Lookin here, it's an ignorant moron dumber than a pile of rocks who was raped by his father and molests women to cope wi th his homophobia.

Re:Would the same be possible with Apple iOS?

Both iOS and Android already give the device owner control over what functions an app is able to access. For example, Android notified me that an update to one of the games on my tablet was asking for access to the microphone and camera. I of course denied those permissions (the game seems to run just fine without them). Since my tablet is rooted, I also get control over which apps are allowed to use the network. So even with the few programs which need such access (like a photo-to-PDF converter), I'm confident it isn't transmitting info about me back to the app maker.

The thing wanted access to the microphone and camera and you are still using the game? I would have uninstalled the damn thing at the very least. If I was in a particularly suspicious mood I might even have re-installed the OS and installed some malware protection before installing any apps. Also, did you ever stop to think that one of your free games may have installed a root kit on your tablet?

Re:Would the same be possible with Apple iOS?

While the level of scrutiny and inspection procedures performed by Apple before publishing an iOS application is on a completely different level than that of Google and their Play Store, it's technically possible.

That's the problem with the Mobile era. Back in the day I didn't need [or wanted] anyone else's scrutiny and inspection to publish my website. And that's the reason why I dig web apps, even having to pay the performance price.

Well then

who's really surprised?

so inspect some packets, its not hard (or is it)

Have they inspected packets? No.

Whats more likely.. a grand conspiracy, or a web-dev copy-pasting from a sample that enables everything, when all they wanted to enable is the onscreen keyboard.

And this is suprising/shocking how?

This is China we're talking about. This is normal and expected activity. Move along, nothing to see (or hear) here. (Captcha word = obvious)

LRRH: Grandma what big eyes you have

Wolf: The better to see you my dear.

Re:LRRH: Grandma what big eyes you have

Good foresight to make a retractable camera, with popular brands in the US we wouldn't know if we were being watched.

Burn them to the ground

[BuckBundy]

Ban any company caught doing so from doing business in the USA.
The bastards wont learn until the cost of such activities is not prohibitive.

Re:Burn them to the ground

You don't understand this issue at all, do you? This is not a corporate directive. This is a Chinese government directive. China is a COMMUNIST country, and government controls at least 51% of EVERY SINGLE COMPANY in China. Government calls all the shots. Do you not know how a communist dictatorship works?

Re:Burn them to the ground

[BuckBundy]

I do, I used to live under one.
What this has to do with how the rest of the world operates?
Are you saying we can't live w/o Chinese tech?

Re:Burn them to the ground

You don't understand this issue at all, do you? This is not a corporate directive. This is a Chinese government directive. China is a COMMUNIST country, and government controls at least 51% of EVERY SINGLE COMPANY in China. Government calls all the shots. Do you not know how a communist dictatorship works?

clearly you do not. "Communisim" normally means the state owns everything. china is moving to a messy 'hybrid'.

How about US companies (liek GM) operating in China? are they doing this as well? are they "chinese" or "american"?

suggest you get a passport at some point, a chinese entry visa and go see it for yourself instead of repeating fox news.

PS - you might be confused if you really beleive the chinese government is watching you instead of the 1.3 billion citizens it already has to watch.
this is like those "area 51" people who band together, take a few pics of the gate then talk about how the government is now after them.

Re:Burn them to the ground

government controls at least 51% of EVERY SINGLE COMPANY in China.

Clearly a Faux News lie.
Is that you Windy?

Full body scan for national security

Send the party full body nudes to show your nationalistic patriotism

And that includes America.

Our phones spy on us. They send that data to everyone who is interested. It goes to google and apple, it goes to your carrier, it goes to whoever wrote any app at all that you installed on your phone, and it goes to the government. This is not paranoia. This has all been demonstrated.

And dumbphones aren't off the hook. Your location data is sent back to your carrier at all times, and the government can remotely and covertly activate your mic and camera at any time to spy on you (presumably, with a warrant, of course).

Your only way to prevent this is to remove the battery. So long as the phone has power, you must assume that it is spying on you.

Re:And that includes America.

What Orwell failed to predict is that we'd buy the cameras ourselves, and that our biggest fear would be that nobody was watching. -- Keith Lowell Jensen

Re:And that includes America.

[schnell]

Our phones spy on us. They send that data to everyone who is interested. It goes to google and apple, it goes to your carrier, it goes to whoever wrote any app at all that you installed on your phone, and it goes to the government. This is not paranoia. This has all been demonstrated.

It's really not that simple or that nefarious. Your data does not go to "everyone who is interested." At least in the US, it goes to potentially five groups of people depending on circumstances:

• Your cellphone carrier: Otherwise your phone would not work. The cell network can locate you based on which tower(s) you can "see" and which sectors, within a resolution of several hundred meters. Additionally, Android (but not iOS) will let your carrier ask the phone for its GPS location. This was originally done per government mandate in order to know where to route your 9-1-1 calls, but can also be repurposed by your cell carrier for big data/ad purposes. But honestly that isn't where the cell carriers make their money so keeping tabs on your exact location isn't a high priority to them.
• Your mobile OS vendor: *If* and *only if* you opt in to using their "free" services (in which you of course are the product; that's the trade-off). If you use Google Maps or Apple Maps or their ilk, Apple and/or Google are "fingerprinting" your location every few seconds via a combination of your GPS, altimeter, cell signal strength, nearby WiFi hotspots and nearby Bluetooth sources to know exactly where you are and remember it over time. *Selling this information (along with what you searched for and what somebody Gmailed your about, etc.) to advertisers indirectly via targeting is Google's core business model.* For Apple, they do sell that data but that is a sideline - they mainly just want to make your location services really good so you buy another iPhone instead of a Galaxy.
• Your device OEM: Actually not so much in the US, unless you have an iPhone or Google Pixel (see above). Most name-brand device OEMs sold through carriers in the US don't have the size and sophistication to try to monetize location data and wouldn't know what to profitably use it for if they did. Buy a cheap shady phone at a flea market in Shenzhen? Absolutely.
• Mobile app developers: Did you get an awesome app for free? Your "free" app means you are the product. Any "free" mobile app service you are using is almost certainly using the sale of advertising based on your location as its business model. But you signed up for that when you clicked the "sure, whatever" button on the EULA. Not to sound callous, but that's the price of "free."
• The US government: The US government *does not know where you are via your cellphone* except in the following cases: 1.) you have dialed 9-1-1 in which case your call needs to be routed to the closest Public Safety Answering Point; 2.) a warrant has been issued by a court (open or secret/FISA) for your wireless carrier to record your conversations and location for the government; or 3.) with or without a warrant a government agency has gotten access to your phone/vehicle/whatever. People generally don't understand both how poor government IT is and how worthless the data of 99.97% of 300 million people's cellular location data is, even if they got it. "They" almost certainly aren't following you. Really.

And dumbphones aren't off the hook. Your location data is sent back to your carrier at all times, and the government can remotely and covertly activate your mic and camera at any time to spy on you (presumably, with a warrant, of course).

Yes, sort of kinda. See above - your carrier knows where you are at all times within a broad range to provide service, and in a small range when you call 9-1-1. Otherwise, not really. What the government does to your phone with or without a warrant if they have accessed it, I can't say.

Your only way to prevent this is to

Citizens don't know any better

In the US or any free country the people would be outraged by this sort of behavior. But people in communist or dictatorship countries seem to just expect that this is the normal and its to be expected. Not that anyone likes it, but we all know any resistance will be dealt with swiftly by said government. But even if free countries you have governments installing public cameras, many probably mic'd and even some shady connections with companies who have a data base full of user information. As US companies like Google encroach more and more on people's information. You see countries like China growing more resistant to those companies.

Re:Citizens don't know any better

People in countries like Russia, China, NK, and Iran have been systematically indoctrinated to expect imprisonment and death if they publicly complain about their governments. While the Russia and China state governments are not as proficient at crushing their populations as they used to be under Stalin and Mao they are still capable of keeping things under control for now.

The Chinese leadership is deathly afraid their citizens will start to realize that there is no amount of death or destruction that could keep a rebellion from being successfully waged. That's why the Chinese leadership keep a sizeable chunk of their fortunes invested in the US and their private jets standing by fueled and ready to go at a moments notice.

And quite frankly no one really gives a shit what happens to the Russians. Compared to the US and China Russia is a nonentity on the global stage. The state of California has a higher GDP than Russia. Russia could have a liquidation sale of their entire nuclear arsenal and still be an economic midget. And I wouldn't put it past the Russians to sale their arsenal. They sold off a surprising chunk of their space and missile technologies when the USSR fell. China's space program was built upon all the space technology they bought during the last Russian going out of business sale.

The Iranians justify their beat downs using religious doctrine as if that provides legitimacy in the eyes of the world but the younger generations are getting bolder each year with their defiance. The Iranians and most ME governments have been relegated to cracking down on their female populations to feel any sense of accomplishment. The Iranian theocracy killed or drove away any dissenters after 1979 but the number of dissenters is now growing each year and disposing large numbers of them is hard to do today.

And of course NK is the poster child of controlling the masses and they make no apologies for their state building practices.

This is the default situation...

[carlhaagen]

...with practically any cheap Chinese crapdroid phone/tablet, as well as Android TV boxes, aimed at the western markets - pretty much all of them run customized (often half-assed) Android builds bundled with various sets of malware/spyware. This even goes for the somewhat larger brands that have an office presence on the European continent trying to profile themselves in the west with TV/magazine/sports advertisements, like f.e. Doogee and Oukitel.

Over the past 5-6 years I've purchased close to two dozen Chines phones/tablets (as development toys) in both the low and mid price tiers, and I've yet to find a single one that actually comes with a clean and honest Android build. Spending time on the various Android phone/tablet hacking forums on the Internet you'll find droves of new reports about this every month, and all popular Chinese brands are mentioned.

Re:This is the default situation...

[OYAHHH]

Android, the OS itself, it one huge piece of spyware. Don't limit it to just Chinese produced items.

Re:This is the default situation...

"Over the past 5-6 years I've purchased close to two dozen [Android] phones/tablets (as development toys) in both the low and mid price tiers, and I've yet to find a single one that actually comes with a clean and honest Android build. "

Fixed that for you. Phone/tablet makers choose Android so they can lock down (to prevent competitors from cloning!) their product and install spyware. I don't see why "Chinese" needs thrown in except for clickbait.

PS (to phone/tablet makers) - Your competitors ability to clone your hardware isn't going to really be stopped by your software because they'll do the exact thing same thing you are: hack together a shitty build of a mostly Android system + spyware/malware/bloat. You're just wasting effort trying to "lock it down" and honestly making consumers avoid your phone/tablet to some degree. That is to say, the few phones/tablets that are clean and readily hackable are preferred by a minority of people. Without that, you're reducing it all down to price/components and that's a horrible area to compete in.

Re:This is the default situation...

i don't see why this would be considered clickbait. the topic is concerned with cheap chinese android products, of which there are thousands of models to choose from, all of which are intentionally plagued by malware, not cheap european or american android products, of which there are none.

Re: This is the default situation...

Trump isn't going far enough. Just tell China to keep all the cr@p they manufacture. Its all worthless. I won't miss it on the shelves of walmart!!

Re:This is the default situation...

[drinkypoo]

Fixed that for you. Phone/tablet makers choose Android so they can lock down (to prevent competitors from cloning!) their product and install spyware. I don't see why "Chinese" needs thrown in except for clickbait.

Because the American makers do not do this, nor do the Japanese ones. Carriers do, but the makers of the phones themselves don't. That's why you can buy e.g. a Motorola phone and then unlock it with help from their website, and load AOSP if you like.

Re:This is the default situation...

[schnell]

I don't see why "Chinese" needs thrown in except for clickbait.

Because the American makers do not do this, nor do the Japanese ones ... That's why you can buy e.g. a Motorola phone and then unlock it with help from their website, and load AOSP if you like.

Uh-oh. You may want to check on the nationality of Motorola's ownership. Hint: not in Schaumburg, Illinois anymore.

Re:This is the default situation...

[drinkypoo]

Because the American makers do not do this, nor do the Japanese ones ... That's why you can buy e.g. a Motorola phone and then unlock it with help from their website, and load AOSP if you like.

Uh-oh. You may want to check on the nationality of Motorola's ownership. Hint: not in Schaumburg, Illinois anymore.

Yeah, I remembered that just after hitting submit. However, I bought my Moto G before they sold out, and it's not running their software anyway. And AFAIK, you can still unlock the bootloader.

Re: This is the default situation...

The problem is that you are shopping at Walmart.

Wasn't this expected?

[EndlessNameless]

Baidu's voice input system... would activate... whenever the user opened any application... that allows the user to input text

So, looking at the technical underpinning, it functions like the native keyboard app, which loads on demand for applications which support its input.

I can't reach the article, so here is the real question: Is there evidence of nefarious activity, particularly the suspicious caching or transmission of data?

Because a camera/mic activating on its own isn't necessarily doing much of anything. It certainly merits investigation, but the headline is not justified by the content of the summary.

After all, if it's "not-so-secretly" doing bad things, there should be plentiful, clear evidence of bad things happening. If there are hours of audio/video being recorded or transmitted by some phone, why not mention that?

Re:Wasn't this expected?

That's because you have missed the subtext: the nanny state should do something to help "us all". Because the Sunday journalist can't handle it, "we" should not be able to handle what "we" buy, but there should be a law and some governmental agencies to lovingly watch over "us".

Re:Wasn't this expected?

[sabbede]

Well, that's better worded than what I was probably going to say, so thank you.

It does seem like it's just the voice input kicking in when you're likely to want it, not a nefarious plot. Besides, the Party probably has better bits of spyware on there already.

whoa oh

[bobmagicii]

black mirror, whoa-ah-oh.

Why complain about Telegram?

Telegram is open source, you could see which line of code is triggering the camera and patch it. Why complain about it?

Re:Why complain about Telegram?

[gweihir]

Because this is very likely not Telegram doing it?

Re:Why complain about Telegram?

Why would you assume that any given user has the ability to debug the code and write a patch for it?

Black PVC tape

[gweihir]

The only way to deal with cameras that do not have a hard-wired activation light.

Re:Black PVC tape

[TheDarkener]

I do this on my current phone, but am always still worried about the microphone. You can't easily muffle a microphone from all sound.

Re:Black PVC tape

[JaredOfEuropa]

Maybe that's how they found out: the phone mentioned in TFA has an all-screen front, with the front facing camera sliding out of the top of the phone when needed. The thing popped up when people opened Telegram, for instance.

Re:Black PVC tape

[gweihir]

Ah, yes. And you cannot rip it out either (as I did with my Amazon tablet as their voice assistant cannot be removed), because then it does not work as a phone anymore. I think there is no good solution for microphones at the moment. Hopefully somebody will find one soon.

Re:Black PVC tape

[gweihir]

I was thinking the same thing.

Re:Black PVC tape

[antdude]

What about microphones?

It took a long time

They have learned it from Cisco, RSA and Microsoft decades ago. Never mind the Europeans for which *everything* is backdoored. They call that "lawful interception".

Support Purism products

[TheDarkener]

Purism products offer hardware kill-switches for camera, mic and multiple radios (bluetooth/wifi/...). They are vigilant in defending against shit like what is happening these days, likely not only in China.

From Wikipedia ( https://en.wikipedia.org/wiki/... ):

"Librem is a line of computers manufactured by Purism, SPC featuring free (libre) hardware and software.[1][2][3][4][5][6] The laptop line is designed to protect privacy and freedom by providing no non-free (proprietary) software in the operating system or kernel,[7][8][9][10] avoiding the Intel Active Management Technology,[11] and gradually freeing and securing firmware.[12][13] Librem laptops feature hardware kill switches[14][15][16] for the microphone, webcam, Bluetooth, & Wi-Fi, and can be purchased air gapped."

If you support these companies the security and privacy bar for all manufacturers will raise.

Re:Support Purism products

Of course spyware can be inserted during shipment at any point between the company and your door.

Not limited to China

[OYAHHH]

Google,

On it's Android platform is scanning every single url your phone is accessing and feeding those URLs into it's spider.

How do I know? I am developing an Android app which has NEVER been released, thus the website URLs used are supposed to be 100% private. Google's spider has been scanning every single one of my private website urls as accessed by my private Android app.

So, this crap is not limited to China.

Re:Not limited to China

[Kongming]

Interesting. The only arguably legitimate reason that I can think of would be if the Android web client API has some kind of anti-malicious-website functionality built-in, for which Google automatically checks for hostile or compromised websites. In any case, I have a couple of other tests that could prove illuminating, if you are interested in doing them:

1. If you access a new URL in your website from the same Internet connection but another device, does Google's spider scan it? If not, that would help to rule out factors other than Android, such as a link between you and the website, or possibly at the end of your website's hosting provider.

2. If you use SSL to access a new URL in your website, does Google still scan the full URL instead of just the hostname? (I would expect and certainly hope not.)

Re:Not limited to China

Either the domain has previous owner who linked URL to public or you have accessed URL from the device developing the said app. Don’t f**king ridiculous.

Re:Not limited to China

Turn off the chrome option to verify the safety of the sites you are visiting, turn off predictive page loads

WireShark for phones

[DCFusor]

Until there is a version of wireshark that works on the phone bands (wireless-shark) - more or less a stingray that can be had by consumers, this is going to:
A: happen and only get worse.
B: be denied and essentially not proveable.
This all depends on what amounts to a technical arms race the consumer has lost.

Re:WireShark for phones

[drinkypoo]

Until there is a version of wireshark that works on the phone bands (wireless-shark) - more or less a stingray that can be had by consumers,

Not more or less, it literally has to be that way... because the radio module code is closed-source by law to prevent tampering, and you can never trust that part of your phone.

Re:WireShark for phones

[DCFusor]

Well, whip or chop does seem the right thing for a device that can talk to the internet without you having a way of knowing who it's talking to about what. Of course, some is lazy lusers - a lot of phone-home controversy could have been trivially settled one way or the other with plain old wireshark for machines that were wire or wifi only (if you had access to the wired side of wifi which most of us at home do).
//
One wonders why even the companies so accused didn't provide set up info to look at their output themselves..no one would trust that, but it'd get the ball rolling.
//
The reason I said more or less is I've not studied the protocol to the level of knowing how much you'd have to "go active" and transmit a signal/pretend to be a tower, or whether you could just easily eavesdrop, use the standard keycracking things on the strongest signal (since you could put the device in your own cradle and be a fraction of an inch from the antenna - at that point just go with the loudest signal). After all, with wifi and enough plaintext, no problem getting into the system and listening in. If you own it, you can put out all the "plain text" you want.. A whole lot of the classic attacks are suddenly easier if it's your device.
Just a product suggestion. Whoever gets rich can thank me, and the phone guys can go and do unpleasant things with themselves.

At least they are upfront about it

[shadesofgreen]

So the Chinese Govt and Intelligence has gone Full Big-Brother in creating a surveillance state, what's missing is an official statement that if you use electronic devices in China then you will be tracked. In contrast, US Intelligence has taken half measures by creating/finding backdoors of their own. Which of these approaches is worse?

Re:At least they are upfront about it

[geekmux]

So the Chinese Govt and Intelligence has gone Full Big-Brother in creating a surveillance state, what's missing is an official statement that if you use electronic devices in China then you will be tracked. In contrast, US Intelligence has taken half measures by creating/finding backdoors of their own. Which of these approaches is worse?

If an organization hides their power, they often do so because they know someone could take it away from them, particularly when that activity is legally questionable.

When an organization is arrogant enough to essentially broadcast their power and rub it in your fucking face, they do so because they know there's not a damn thing you or anyone else can do about it.

Both approaches are bad, but China has gone from bad to worse.

That was easy!

Easy solution: Find out who sold you the phone, and shove it tightly up their ass with the camera extended.

Oh, like all Apple and Android phones?

Even Apple have been doing this on at least their MacBooks and Safari. There was an "accidental bug" in Safari that could be exploited to call a hidden API in the drivers, which would allow the collection of camera pictures without turning on the LED, right onto a server-side application. No notifications, no warnings, no pop-ups, no admin access required.

From camera hardware to drivers to browser, Apple intentionally made it work this way. Think about that before you talk about how safe your Apple things are.

So it's a bug and a feature

[schwit1]

It's a snooping bug, not a software bug. The system is working exactly as designed to let apps be voyeurs.

Let's focus on China's transgressions!

Let's focus on China's transgressions while we ignore the fact that the US gov't monitors every electronic financial transaction we make and records every phone call we make (but they say they're only actively using the more-important "metadata" and supposedly only listen to the calls when they get a rubberstamp from a secret court).

Because after all, we know US/western telecomms would never do such a thing as the Chinese are doing...

Re:Let's focus on China's transgressions!

THIS!!

every day or so there are posts about bad things China does. Isnt that country around 13,000 miles away? who cares what they do.. why cant we focus on our own issues for a while?

The US had prism, and all sorts of things Snowden exposed.. but sure, we shoudl worry the chinese are usign cameras because we dont do any spying here at all?

I love how you think you're immune

[WillAffleckUW]

But, hey, it's not just China.

This is China

[nospam007]

It's not a backdoor, it's a frontdoor.

DUH!

Let's see: You buy a phone from a totalitarian one-party-rule Marxist state - and you're shocked to discover it is spying on you?
[facepalm]
I swear, the generation of people who grew up after the Reagan/Thatcher era the stupidest, most gullible, most foolish people who ever walked upright.

It's always been a core element of Marxism that "everything is political", which is why the old Soviet Union had "political officers" everywhere, the East Germans had the Stasi spying on nearly every citizen, etc. and why the term "politically correct" originated in the Soviet Union and was unheard of in Western Civilization before we were making fun of the concept in the 1980s.

It's also a universal truth that one-party-rule states are evil and paranoid and spy on their citizens to keep any alternate political thoughts and parties from arising.

As a result, you'd have to be the planet's single most-clueless moron to be surprised that a phone made in China, which checks both boxes, is anything but a disguised spying device, with some extra features like telephony... and yes that includes the iPhone which is made in China. It's entirely possible that there are spy functions built into the iPhone by the Chinese builders that Tim Cook, who puts greed above all else including the security of his company and customers, knows nothing about. The global stakes are simply too high for China to fail to install spy support into the iPhone's semiconductors, embedded code, or both.

Popup-blocker

[Mats+Svensson]

Suddenly motorized pop-up cameras on phones doesn't sound so stupid at all.

Next I propose we give some app-developers the SAW-treatment with the phone and a gun mounted on a helmet, and the camera pushing the trigger if comes up.

the hysterical crazies are out in force today

[CaffeinatedBacon]

Jesus the hysterical crazies are out in force today.

. A Vivo NEX user found that once she had installed Baidu's voice input system, it would activate the phone's camera and sound recording function whenever the user opened any application -- including chat apps, browsers -- that allows the user to input text.

How the fuck did she think voice input would work if it didn't use the microphone?

Aren't all mobile phones Chinese?

ALL Mobile Phone Cameras Are Not-So-Secretly Recording Users' Activities

FTFY

Soviet joke?

[ebvwfbw]

In soviet China the phone watches you!