Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[GUIDE][MOD]Permenantly disable CarrierIQ[GUIDE][MOD]

OP cstayton

15th July 2014, 03:21 AM   |  #1  
cstayton's Avatar
OP Recognized Developer
Flag Waite Park, MN.
Thanks Meter: 3,407
 
2,233 posts
Join Date:Joined: Mar 2011
Donate to Me
More
Permenantly Disable CarrierIQ WIP


What is CarrierIQ - In a nutshell CarrierIQ is OEM Sanctioned SpyWare
Quote:

IQ Agent is software, typically pre-installed on mobile devices by handset manufacturers or network operators, designed to gather, store and forward diagnostic measurements on their behalf. Data available can include metrics on the device itself (e.g., firmware, battery levels, application performance, web performance) and performance data on voice and data connectivity between the device and radio towers. The mobile device manufacturers or network operators determine which of these metrics are actually collected, according to a set of criteria known as a "profile."[6] The IQ Agent software runs in the background, and the user is not usually aware of its presence unless the implementation includes an on-off switch

How do I get rid of it?
Quote:

There are several different schools of thought in regards to "How do I get rid of it" One is just delete (De-Bloat) the carrier branded files from your ROM or use a custom ROM, unfortunately the only custom ROM gaurenteed not to have CIQ is either AOKP, AOSP, or CM outside of those there is no 100% garauntee that CIQ isn't lurking around in some obscure apk or service within your ROM.

Why this guide then if I can't garauntee its gone?
Quote:

For two reasons, one so we can hopefully get multiple developers involved in researching exactly what is needed in order to completely once and for all remove CIQ. Two, since we can't be 100% sure it's gone we can at least minimize it's impact on our device.

There are already tools to remove CIQ on the PlayStore why not use those?
Quote:

That's the easiest answer of all, none of them work NONE OF THEM. The most predomanent one wants you to purchase the full version for .99cents in order to remove CIQ and even then it doesn't remove it, it can't remove it for one very simple reason, CIQ is intrenched in multiple applications, services and frameworks requiring very careful expert coding to remove, miss one thing and your device no longer boots. Want proof? try this but make a backup first because your device won't boot anymore afterwords. With a root explorer browse to your /system/lib folder and delete these two files libiq_client.so and libiq_service.so. even if your rom is completely debloated with no carrier branded apks at all now reboot. Whoops stuck at the bootanimation? Yep because those modules are called from not only within the framework but several other apks and also the kernel ramdisk.

The nuts and bolts of this MOD (Remember it's a W.I.P.)

Phase 1: - /system/framework/ext.jar
Quote:

I'm not going to go into how to decompile or edit smali thats for a different
thread, If you don't know how then stop here, go learn and then come back.

1. adb pull /system/framework/ext.jar
2. Decompile the jar file (I recomend Virtuous Ten Studio)
3. browse to /smali/com/carrieriq/client
4. Locate IQClient.smali
5. search for the word "submit" there are three submit .methods we are going to change each one.

REPLACE: (The entire method)
Code:
.method public shouldSubmitMetric(I)Z
WITH:
Code:
.method public shouldSubmitMetric(I)Z
    .locals 2

    const/4 v0, 0x0

    return v0
.end method
REPLACE: (The entire method)
Code:
.method public submitMetric(IJ[BII)I
WITH:
Code:
.method public submitMetric(IJ[BII)I
    .locals 7

    const/4 v0, 0x0

    return v0
.end method
REPLACE: (The entire method)
Code:
.method public submitMetric(Lcom/carrieriq/iqagent/client/Metric;)I
WITH:
Code:
.method public submitMetric(Lcom/carrieriq/iqagent/client/Metric;)I
    .locals 9

    const/4 v0, 0x0

    return v0
.end method
6. Re-Compile ext.jar
7. Reboot to recovery (and mount system)
8. abd push ext.jar /system/framework/ext.jar
9. chmod 0644 ext.jar
10. wipe cache and dalvik cache
11. reboot


Ok, What did we just do?
Quote:

Phase 1: Is complete, at this point even tho CIQ still has it's fingers in our device at least now it is hobbled as to exactly what it can do with the information it gathers, keystrokes, pictures, web urls, apps downloaded etc. There is a lot more to do yet but for now Phase 1 will give you a small amount of relief from CIQ. Stay tuned and visit this thread often for discussion, updates and general info regarding CIQ.

NOTES:
Quote:

Ok so further research also shows IP connection information being obtained through the services.jar however, if we replace the submit methods in services.jar the device will reboot while trying to verify the stability of your network connection. So obviously there is more CIQ fingers stuck in the OS somewhere else. In comparison to an international S5 Rom which appears to have little to no carrier branding there is a significant difference in the services.jar. Hmmmm more research ahead I think.

Phase 2: - /system/framework/services.jar
1.adb pull /system/framework/services.jar
2. Decompile the jar file (I recomend Virtuous Ten Studio)
3. We are going to replace an entire smali fragment.
4. Browse to \smali\com\android\server\ciq
5. Open "IPConnectivityCIQ.smali"
6. Replace the entire contents of the file with the code below.

Code:
.class public Lcom/android/server/ciq/IPConnectivityCIQ;
.super Ljava/lang/Object;
.source "IPConnectivityCIQ.java"


# direct methods
.method public constructor <init>()V
    .locals 0

    invoke-direct {p0}, Ljava/lang/Object;-><init>()V

    return-void
.end method


# virtual methods
.method public connectivityChanged()V
    .locals 0

    return-void
.end method
7. Re-Compile services.jar
8. Reboot to recovery (and mount system)
9. abd push services.jar /system/framework/services.jar
10. chmod 0644 services.jar
11. wipe cache and dalvik cache
12. reboot

Ok, What did we just do?
Quote:

Phase 2: Is complete, At this point we have now removed the ability for CIQ to submit not only specific keystokes and user collected data but, we have also remove the ability for CIQ to track our location, network stability, cell strength and many more Network statistics. We aren't done yet there will be more and as I locate code and test i will be adding it to this guide.

Quote:

!!!NOTICE!!!
DEVS are free to use this code as a basis for their own work, also free to include in your own ROM or mods,
the only requirements are that you must give mention in your OP to my work. Check back here often for code
additions and changes as well as for any needed downloads if they become a part of this MOD.

Last edited by cstayton; 21st July 2014 at 02:55 AM.
The Following 11 Users Say Thank You to cstayton For This Useful Post: [ View ]
15th July 2014, 03:22 AM   |  #2  
cstayton's Avatar
OP Recognized Developer
Flag Waite Park, MN.
Thanks Meter: 3,407
 
2,233 posts
Join Date:Joined: Mar 2011
Donate to Me
More
Reserved
REserved
15th July 2014, 05:42 AM   |  #3  
Twiddler's Avatar
Senior Member
Flag Indianapolis, Indiana
Thanks Meter: 8
 
116 posts
Join Date:Joined: Aug 2007
Donate to Me
More
Why not simply post the recompiled JAR file here?
15th July 2014, 01:17 PM   |  #4  
cstayton's Avatar
OP Recognized Developer
Flag Waite Park, MN.
Thanks Meter: 3,407
 
2,233 posts
Join Date:Joined: Mar 2011
Donate to Me
More
For one this is a work in progress, for two that's not what this thread is about. As the title says it's a [GUIDE][MOD] Which means it's HOW to do it.

Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
The Following 3 Users Say Thank You to cstayton For This Useful Post: [ View ]
17th July 2014, 07:56 PM   |  #5  
jm2k7's Avatar
Senior Member
Flag Black Mesa :P
Thanks Meter: 64
 
173 posts
Join Date:Joined: Mar 2011
More
make a zip for SS Recovery and apply odex and deodexed roms, but I see you are busy with other projects.
19th July 2014, 03:12 AM   |  #6  
Senior Member
Thanks Meter: 119
 
322 posts
Join Date:Joined: Jul 2012
Quote:
Originally Posted by jm2k7

make a zip for SS Recovery and apply odex and deodexed roms, but I see you are busy with other projects.

the point of this whole website is to learn, educate, and share.

none of that occurs when all a user does is flash other peoples mods.

just sayin
20th July 2014, 02:06 AM   |  #7  
eric-filth's Avatar
Senior Member
Flag Ponta Grossa - PR
Thanks Meter: 975
 
1,473 posts
Join Date:Joined: Nov 2011
Donate to Me
More
Quote:
Originally Posted by Twiddler

Why not simply post the recompiled JAR file here?

Because how to is for everybody and for any build.

Enviado do meu SM-G900F
23rd July 2014, 06:26 AM   |  #8  
Senior Member
Thanks Meter: 172
 
715 posts
Join Date:Joined: Aug 2009
More
Hmm this is interesting. Is this the equivalence of using something like carrier iq detector to find out what's triggering the ciq to start then using something like android tuner to disable those receivers from starting up carrier iq? What I did was found as many of the receivers that kick up ciq in the system disabled them and this allowed me to stop libiq (renaming to .bak) from running without getting stuck in boot loop. If this is a better way I'll definitely follow this.

Sent from my LG-D850 using XDA Premium 4 mobile app
23rd July 2014, 07:32 AM   |  #9  
jm2k7's Avatar
Senior Member
Flag Black Mesa :P
Thanks Meter: 64
 
173 posts
Join Date:Joined: Mar 2011
More
Well, I followed the guide. But when I install carrier iq detector, there still appears carrier iq.

tell me if this is normal, it is disabled even if it is detected?

23rd July 2014, 07:43 AM   |  #10  
Senior Member
Thanks Meter: 172
 
715 posts
Join Date:Joined: Aug 2009
More
Quote:
Originally Posted by jm2k7

Well, I followed the guide. But when I install carrier iq detector, there still appears carrier iq.

tell me if this is normal, it is disabled even if it is detected?

What mine picked up was the files I had renamed to .bak and the apk that I had frozen. If you never deleted the lib files which I wouldn't recommend without disabling all ciq receivers then they are what the detector is picking up. Like the op said. His guide is a work in progress. Maybe his guide along with freezing/deleting any apps and deleting or renaming libs with disabling receivers could optimize killing ciq.

Sent from my LG-D850 using XDA Premium 4 mobile app

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes