DVD Talk
Widely installed software allegedly monitors your mobile/cellphone usage [Archive] - DVD Talk Forum
 
Best Sellers
1.
2.
3.
4.
5.
6.
7.
8.
The Longest Day
Buy: $54.99 $24.99
9.
10.
DVD Blowouts
1.
2.
3.
4.
5.
6.
7.
Alien [Blu-ray]
Buy: $19.99 $9.99
8.
9.
10.

PDA
DVD Reviews

View Full Version : Widely installed software allegedly monitors your mobile/cellphone usage


benedict
12-01-11, 03:50 AM
The article I read about it was in Wired: http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/

The techy stuff is here: http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/

The down side to all of this is the “portal administrator” is also able to “task” a single phone with a profile containing any combinations of metric and trigger. From leaked training documents we can see that portal operators can view and task metrics by equipment ID, subscriber ID, and more. So instead of seeing dropped calls in California, they now know “Joe Anyone’s” location at any given time, what he is running on his device, keys being pressed, applications being used...

CarrierIQ as seen in real world usage (HTC Devices especially) is nothing like the stock copies shown on the first page. All menus have been stripped, hiding it from users presence without advanced knowledge. The service also runs as user Root in ramdisk. It checks in to a server (or receives commands through other various access) with commands to allow someone undetected access...

Devices are automatically entered into using Carrier IQ. Samsung android devices have an on off switch, but it is not easily accessible or made known to users that it’s even there. HTC android devices have no such off switch. Even if you purchase a phone on eBay completely off of sprint, use it on wifi only, Sprint will still be enabled to task your device with metrics because of no available off switch and Carrier IQs aggressive reporting nature across multiple protocols...

It also should be noted all the surveys and user facing dialogs have been stripped besides the below screenshots which require advanced skills to access...

The only way to remove Carrier IQ is with advanced skills. If you choose to void your warranty and unlock your bootloader you can (mostly) remove Carrier IQ. Logging Test App can identify files used in logging and you can manually patch or use Pro version to automatically remove.
So, M$ stored your browser history [via index.dat] originally without telling anyone. Then Google drove by pretty much every house in the civilised world, ostensibly taking pics for their Streetview database but also electronically snooping and collecting data without telling anyone. And now we are told that Carrier IQ appears to have facilitated the phone companies having knowledge of your every text and call made without any realistic chance of an opt-in/out...

Perhaps those more paranoid than myself are wondering who all this data gathering activity is intended to benefit... maybe whether there is even a common sponsor/beneficiary!

http://www.millan.net/minimations/smileys/tinfoilhatsmile.gif

al_bundy
12-01-11, 08:36 AM
to be fair it's also on iphones and is designed to be used for diagnostics. and the wifi thing is actually very useful to almost everyone who uses location services.

it's just that the carriers on android phones turn the logging level to high. explains why android phones need twice the hardware to function at the same level as iphones and why the battery is worse

RichC2
12-01-11, 09:44 AM
I dunno, I have a Droid Incredible still and that thing is a performance champ.

I am curious about the logging though, I noticed that while on Airplane mode, Android lasts weeks without recharge. Enable the radio and it's toast. I mean that's a given with the radios and such, but still...

Groucho
12-01-11, 10:10 AM
Then Google drove by pretty much every house in the civilised world, ostensibly taking pics for their Streetview database but also electronically snooping and collecting data without telling anyone. Huh?

al_bundy
12-01-11, 10:22 AM
google collected wifi data from everyone's routers. they used this in an evil way so that if you're on wifi and not 3g you can easily determine your location in google maps and other location apps

Jay G.
12-01-11, 11:07 AM
google collected wifi data from everyone's routers. they used this in an evil way so that if you're on wifi and not 3g you can easily determine your location in google maps and other location apps
It was a little worse than that. What you describe is what they were intending to collect. However, they also collected samples of payload data from unencrypted networks, which they claim was unintentional. Google says they never used this payload data, and are in the process of purging it after getting approval from the various governments' regulation agencies:

http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html
http://www.msnbc.msn.com/id/40280537/ns/technology_and_science-security/t/google-purge-uk-personal-data-gotten-wi-fi/#.Ttek2mMk43M

al_bundy
12-01-11, 11:16 AM
i collect payload data every time i walk down the street, when people are broadcasting radio waves it's impossible not to receive it if you're within range

Dan
12-01-11, 11:25 AM
It was a little worse than that. What you describe is what they were intending to collect. However, they also collected samples of payload data from unencrypted networks, which they claim was unintentional. Google says they never used this payload data, and are in the process of purging it after getting approval from the various governments' regulation agencies:

http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html
http://www.msnbc.msn.com/id/40280537/ns/technology_and_science-security/t/google-purge-uk-personal-data-gotten-wi-fi/#.Ttek2mMk43M

I think I believe them. If not "unintentional" then it was likely "unauthorized" by Google's management. When they claim that they became aware of it, they did seem to handle it very well.

[insert rant about how engineers have no understanding of the real world and what matters to normal human beings]

explains why android phones need twice the hardware to function at the same level as iphones and why the battery is worse

Bullshit. My Nexus S lasts WAY longer than my wife's iPhone 4.

al_bundy
12-01-11, 11:30 AM
does the nexus s have carrier IQ like the carrier branded phones?

Groucho
12-01-11, 11:31 AM
I used to "collect payloads" for $5 a trick.

Dan
12-01-11, 11:35 AM
Would it be a personal attack if I called Groucho a cheap whore right now?

spainlinx0
12-01-11, 11:37 AM
I didn't even know about this until I downloaded a GB rom for my Epic which had CIQ removed. This was weeks ago though so I'm wondering why it's hitting the news big time now.

Jay G.
12-01-11, 11:47 AM
does the nexus s have carrier IQ like the carrier branded phones?
It does not, nor do other Nexus phones, or any Verizon phone.

http://www.extremetech.com/computing/107427-carrier-iq-which-phones-are-infected-and-how-to-remove-it
In other news, Nokia has confirmed that none of its devices have ever used Carrier IQ, and Verizon has also gone on the record to say that it doesn’t use the software. Google, too, has confirmed that none of its flagship Nexus devices (or the Xoom tablet) have Carrier IQ installed.

iOS devices do have it as well. It's unclear what's collected on them though, and it may be possible for the user to turn it off.

al_bundy
12-01-11, 12:02 PM
yep, and on my iphone it has all the logs it has collected for me to look at

nothing damning, bunch of low memory alerts. some apps running in the background that shouldn't really be running

Jay G.
12-01-11, 12:14 PM
I didn't even know about this until I downloaded a GB rom for my Epic which had CIQ removed. This was weeks ago though so I'm wondering why it's hitting the news big time now.
It seems to have exploded due to the youtube video, and it showing SMS messages and keyboard presses being logged.

Carrier IQ is getting slammed in the reviews section of Google Maps:
http://maps.google.com/maps/place?cid=3270451183699723088&q=carrier+IQ&gl=us&view=feature&mcsrc=google_reviews&num=10&start=0

yep, and on my iphone it has all the logs it has collected for me to look at...
I haven't read anywhere else that the CIQ logs are readily accessible to users. What logs are you looking at?

According to this blog post:
http://blog.chpwn.com/post/13572216737
It collects:
CoreTelephony
your phone number
your carrier
your country
active phone calls
(However, I only saw it noting that a phone call was active, not what number was dialed or it was received from. But, I am not going to claim it doesn’t do that: it’s certainly possible, but didn’t see it.)
CoreLocation
your location (Only, however, if Location Services are enabled.)
(Possibly more I haven’t yet found.)

al_bundy
12-01-11, 12:53 PM
in IOS on the page in settings where you can turn this off, there is another button or link or whatever to take you to the logs it collects and look at the raw data

the whole point of this is to collect diagnostics data for troubleshooting purposes. the fact that it can be used for privacy violations is separate and there will probably be a lawsuit

Giantrobo
12-03-11, 02:39 AM
Shit, and I just switched to Sprint.

shadowhawk2020
12-03-11, 03:10 PM
I didn't even know about this until I downloaded a GB rom for my Epic which had CIQ removed. This was weeks ago though so I'm wondering why it's hitting the news big time now.

The guy who found it originally (member of xDA forums) originally thought it was HTC logging on the Evo 3d. Digging deeper he realized it was a third party company Carrier IQ. be also noticed companies like HTC modified the CIQ program making it harder to opt out. He was issued a cease and desist order which was later dropped. A few months later he released a video showing that it can be used to track every keystroke.