Jump to content

Carrier IQ


amenditman

Recommended Posts

So, this is not new but I did not find it with a search.

 

Carrier IQ has been in the news for a few weeks. What it does is track almost everything you do with/on your smartphone, as well as location data, then it phones home to report on you. It is supposed to be for the phone provider to use to improve service, but it does so much more than is required for that. Another problem is that it is a BIG secret, you were never informed of it's presence or activities. Here's a short article about it's discovery from the Reg. http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/

 

So now, after a few weeks, the politicians are all over this privacy violation. Public hearings and such, another waste of already thin resources. But that's another rant!

The Android anti-virus services have released a bunch of tools to help detect if your phone has this application installed. Here's another The Reg article about that. http://www.theregister.co.uk/2011/12/08/ca...roid_detection/ The last 2 paragraphs are worth getting to, stick it out to the end.

 

I use Lookout and they released a tool to detect it. I downloaded it and found that my AT&T Motorola Atrix 4G does not have this particular tracker installed. That does not mean that they aren't using something similar, some as yet undiscovered app which "helps" them to improve service by reporting my activities to them.

 

Removal is another subject. If you have your phone rooted (also read as voided the warranty) you can remove it. If you are not rooted, you can ask your provider to remove it. Good luck with that!

 

Download one of these tools and check your phone. Post here what your phone is, carrier, and whether you are infected or not. Be interesting to see who has been naughty.

Edited by amenditman
Link to comment
Share on other sites

The link to Bruce Schneier is old because it links to Sony's rootkit fiasco. Here is a newer one on Carrier IQ

http://www.schneier.com/blog/archives/2011...er_iq_spyw.html

 

Program to help you check what sort of things your phone might be logging

http://forum.xda-developers.com/showpost.p...p;postcount=110

 

and another article

http://www.geek.com/articles/mobile/how-mu...yours-20111115/ (from link on Bruce Schneier's site).

 

At times I am really glad we have two old dumb cellphones.

 

 

 

Link to comment
Share on other sites

So, this is not new but I did not find it with a search.

 

Carrier IQ has been in the news for a few weeks. What it does is track almost everything you do with/on your smartphone, as well as location data, then it phones home to report on you. It is supposed to be for the phone provider to use to improve service, but it does so much more than is required for that. Another problem is that it is a BIG secret, you were never informed of it's presence or activities. Here's a short article about it's discovery from the Reg. http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/

 

The issue of not being notified about it is the big issue here. Carrier IQ does not record your text messages, emails, and every keystroke.

 

Apple did use CIQ, but dropped it in iOS 5. They now have their own implementation of a diagnostic feature. When you set up a device on iOS 5, your are specifically asked if you want to send diagnostic info to Apple.

 

You can turn it on or off at any time.

 

ios-diagnostics-usage.jpg

 

You can view the information that will be sent to Apple:

 

diag_usage_dta.jpg

 

CLick to see a log.

 

Apple did this right.

 

So, in the end, I say this is much ado about nothing. Carrier IQ is not spying on you. The data is sent to the carriers, but it is there to measure the performance of the network. The issue of the carriers not notifying users is one that needs to be addressed, but I think the software itself is benign.

 

Adam

Link to comment
Share on other sites

You are correct. It is watching events on the phone. No question there.

 

However, it does very little in the way of *actual logging* of the data.

 

http://blogs.cio.com/smartphones/16672/car...hill-out-people

 

From the article:

 

What's more, a number of security experts with no ties to Carrier IQ have come forward to debunk the scare stories. One of them is Dan Rosenberg, a well-known security expert who works for Virtual Security Research in the Boston area. He reverse-engineered the code on several Android phones, and saw no evidence of a threat. "Everyone is concerned that it is logging keystrokes. But the application is not doing that," he told me when I reached him at his office.

 

But Rosenberg told me that Eckhart misunderstood what he saw. In fact, Carrier IQ only logs keystrokes that are part of a diagnostic sequence a help desk technician would ask a user to input. The keystrokes are transmitted to the application, but aren't recorded and even if they were, they contain no personal information, Rosenberg said.

 

Does Carrier IQ code send some information back to the carriers? It does. But according to Rosenberg, the information has to do with diagnostics information carriers use to monitor and maintain their networks. For example, if your phone or its browser crashes, the software would probably tell the carrier where that happened (using GPs-type data) and what the device was doing that may have been related to the crash. It does not record, and is probably not even capable of recording, the body of a text message or an email.

 

;)

 

Adam

Link to comment
Share on other sites

At times I am really glad we have two old dumb cellphones.

 

I am also glad we have two old dumb cellphones. We also have a "home" phone VOIP line (no charge for unlimited long distance) service that's included with our triple play Uverse service. We switched both cellphones to a "Pay-as-you-go" plan about a year and a half ago. The family plan that we were on was costing us $50 or more a month, and we were only using about 100 minutes/mo of the 500 minute/mo plan. Plus whenever we traveled out of state, we would get charged a 79¢ per minute roaming charge. Since the switch, we're only spending about $20 a month between the two phones, and there's no roaming charges.

Link to comment
Share on other sites

Our cellphones cost us $5/month plus tax, each. I have accumulated over $120 on my phone because I rarely use it. My hubby's has over $60 accumulated.

Link to comment
Share on other sites

securitybreach

And the latest news:

An enterprising advocate for openness in government has filed a Freedom of Information Act (FOIA) request to the FBI for all information the agency uses related to Carrier IQ, the company under fire for monitoring user activity on smartphones—and his request was flatly denied. The FBI claims data gathered by Carrier IQ software is exempt from disclosure laws because it is located in an investigative file that was "compiled for law enforcement purposes" and "could reasonably be expected to interfere with enforcement proceedings."..........

http://arstechnica.com/tech-policy/news/20...ase-records.ars

 

:thumbsdown: :thumbsdown: :thumbsdown: :thumbsdown:

 

Thanks to Cyanogenmod (rom), I do not have CIQ on any of my devices.

Link to comment
Share on other sites

securitybreach
wow. and wow again.

 

our government (and that of most nations) has forgotten that they work for us. :icon8:

Unfortunately that happened long ago :whistling:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...