This is _exactly_ my problem. HTCAppUsageStats is NOT ment to be disabled, from what ive seen it does NOT have an off switch. I dont know for sure this s CIQ, it could be its whole own animal for what i know. All i know is i can tell ya i dont remember clicking I AGREE, so i "opted out"
If you look in any HTC app (say rosie.apk) the service is attempted to be restarted every time you run the app, with no break for checking an off switch or something. see below:
Gets called on app start, bring to front:
Code:boolean loadApplications(boolean flag, Launcher launcher, boolean flag1) { this; JVM INSTR monitorenter ; refreshUsageStatCache(launcher); -----clipped
Code:private static void refreshUsageStatCache(Context context) { HtcAppUsageStats ahtcappusagestats1[]; int i; int j; if(sUsageStatsService == null) sUsageStatsService = new HtcUsageStats(context);
You can see when rosie gets brought to the front, stats gets started if its stopped. There is no check if (sUsageDisabled == true THEN blahbalh) it just runs.
Also notePackage* from /com/android/server/am/HtcAppUsageStatsService.smali needed the same stuff ripped from it , it will start itself if its not running and an app triggers something.(why i return void on everything)
Long story short, i dont see how an official off switch is possible for AppUsageStats in current code.
*edit* let me make this clear too, this appears to be writing in the same folders dumped to amazon cloud ips, this does not appear to have anything to do with the recent programs list.
Easiest fix would to just have refreshUsageStatCache() do nothing
I wonder is the logging sophisticated enough for example to tell HTC or Sprint et all that phone number x visited xda.com at this time of day? If so that's way too personal and definitely is unethical to not give the user a choice in opting out.
Outstanding work as usual Trevor. I'm sure I'm not alone when I say how much I truly appreciate you opening the box on this and shedding some MUCH needed light on HTC's secret operation.
One has to ask themselves how or why it's "LEGAL" for a large company to use such unobtrusive tactics to acquire information, personal and random in such secrecy.
I guess that's what bothers me the most. The secrecy behind the services and the lack of information surrounding it. Let alone anyone actually AGREEING to allow HTC to collect such sensitive information.
The FCC should step in.
I can see the future now, imagine not being able to log into your bank account without having your webcam enabled?
Imagine not being able to drive your car without without inputting your destination first, otherwise your car won't start?
America the free...
What about changing permissions? I have changed all the logger and user stuff to read only. A few days later, I removed all permissions. Files have not been added since. No negative effects either way
Just my .02
chmodding is just a hack and only half effective. if you look at logcat it throws errors every app open/closed/message received/phonecall/etc, anythng thats in the list ni post 1- and you still checkin with raw sockets. This is completely removing the services so they are not running wasting cycles and crippling them best way ive found how.
So is this the best way at the moment to remove all logging or are you working on something else?
after doing all the mods on synergy i have found the services do not run, do not check in, do not error (unless you start an HTC app with the stats service start built in, then itll only error that it cant start service one time)
I have also used tcpdump and have not found them to be checking in yet.
There may be less changes required to get these services fully off, but i sure as hell havent found it. There are some prop variables around the framework for profiler, but they dont even disable this stuff.
(unless you start an HTC app with the stats service start built in, then itll only error that it cant start service one time)
are you referring erroring out to having issues with the rom or just in logcat showing the errors.
This is a good fine, good job on that too.
NetLogger:lib JNI_OnLoad(): library version = %d
JNI_OnLoad(): failed to GetEnv()
com/htc/android/netlogger/HtcNative JNI_OnLoad(): result = 0x%x
2012/01/13 shooteru getLibVersion ()I confNew (Ljava/lang/String;)J confLoad confSave (J)Z confClose (J)V confGetNative (JLjava/lang/String;)Ljava/lang/String; confSet (JLjava/lang/String;Ljava/lang/String;)Z confClear confSort confDebugDump startNetLogger ()Z stopNetLogger isNetLoggerRunning isDebugOn Z B S I J F D Ljava/lang/String; java/lang/String utf-8 getBytes (Ljava/lang/String;)[B <init> ([BLjava/lang/String;)V NetLogger:conf conf [%s]
[%s]=[%s]
!! null member !!
wb %s: %s
%s = %s
rb %s: invalid config [%s]
NetLogger:board invalid buffer [%s], len = [%d]!
cannot open [%s].
read data failed!
Hardware cannot find keyword!
: parse error!
/proc/cpuinfo debugtool.anrhistory 0 /data/data/com.htc.android.netlogger/data/.debug /proc/cmdline androidboot.mode=mfgkernel DETACH ATTACH OK
%s%d-%d /data/misc/cw/cw_ctrl %s cw_service NetLogger:cw failed to connect to cw_daemon - ctrl_conn failed to connect to cw_daemon - monitor_conn cw attach failed attached to cw_daemon successfully
FAIL OK ctl.start cwdaemon connect_to_cwdaemon failed!
TCPDUMP stat_tpdump failed!
ENDTCPDUMP stop_tpdump failed!
RUNNINGSTATUS RUNNING
I have ruued my phone and am trying to find all the logging stock and see if we cant extract what its sending.
One thing that really bothers me is
/system/lib/libhtc_netlogger.so
Code:NetLogger:lib JNI_OnLoad(): library version = %d JNI_OnLoad(): failed to GetEnv() com/htc/android/netlogger/HtcNative JNI_OnLoad(): result = 0x%x 2012/01/13 shooteru getLibVersion ()I confNew (Ljava/lang/String;)J confLoad confSave (J)Z confClose (J)V confGetNative (JLjava/lang/String;)Ljava/lang/String; confSet (JLjava/lang/String;Ljava/lang/String;)Z confClear confSort confDebugDump startNetLogger ()Z stopNetLogger isNetLoggerRunning isDebugOn Z B S I J F D Ljava/lang/String; java/lang/String utf-8 getBytes (Ljava/lang/String;)[B <init> ([BLjava/lang/String;)V NetLogger:conf conf [%s] [%s]=[%s] !! null member !! wb %s: %s %s = %s rb %s: invalid config [%s] NetLogger:board invalid buffer [%s], len = [%d]! cannot open [%s]. read data failed! Hardware cannot find keyword! : parse error! /proc/cpuinfo debugtool.anrhistory 0 /data/data/com.htc.android.netlogger/data/.debug /proc/cmdline androidboot.mode=mfgkernel DETACH ATTACH OK %s%d-%d /data/misc/cw/cw_ctrl %s cw_service NetLogger:cw failed to connect to cw_daemon - ctrl_conn failed to connect to cw_daemon - monitor_conn cw attach failed attached to cw_daemon successfully FAIL OK ctl.start cwdaemon connect_to_cwdaemon failed! TCPDUMP stat_tpdump failed! ENDTCPDUMP stop_tpdump failed! RUNNINGSTATUS RUNNING
TCPDUMP? thats wireshark guys....
1- Where did I "opt-in" to this? It would be entirely one thing if it was like location, where an agree message pops up, but as for most of these I havent seen anything of the sorts. I would not care in the least if it was apparent.
2- Why does htc/sprint/google whoever need to waste my mobile data (goes through my airave, so its my bandwidth) and CPU cycles/battery logging?
3- Who the hell is getting my data?
1 = ("com.htc.feedback", "feedback_usageOpt")
2 = ("com.android.browser", "user_action")
3 = ("com.android.htccontacts", "contact_type")
4 = ("com.android.htccontacts", "group_info")
5 = ("com.android.mms", "message_send")
6 = ("com.android.mms", "message_receive")
7 = ("com.android.mms", "message_count")
8 = ("com.android.phone", "user_action")
9 = ("com.android.phone", "settings_quietRing")
10 = ("com.android.phone", "settings_pocketMode")
11 = ("com.android.phone", "settings_flipForSpeaker")
12 = ("com.android.phone", "edit_b4_call")
13 = ("com.futuredial", "transfer_data")
14 = ("com.htc.album", "storage")
15 = ("com.htc.android.htcime", "press_duration")
16 = ("com.htc.android.htcime", "UDB_words")
17 = ("com.htc.android.htcime", "special_correction")
18 = ("com.htc.android.htcime", "WCL_cnt")
19 = ("com.htc.android.htcime", "duration_SIP")
20 = ("com.htc.android.htcime", "lang_key")
21 = ("com.htc.android.htcime", "voice_key")
22 = ("com.htc.android.htcime", "set_CIME")
23 = ("com.htc.android.htcime", "duration_SIP")
24 = ("com.htc.android.htcime", "user_action")
25 = ("com.htc.android.htcime", "waiting_time")
26 = ("com.htc.android.htcime", "fuzzy_pinYin")
27 = ("com.htc.android.htcsetupwizard", "is_sysTimeChanged")
28 = ("com.htc.android.htcsetupwizard", "feedback_usageOpt")
29 = ("com.htc.android.mail", "mail_count")
30 = ("com.htc.android.mail", "update_schedule")
31 = ("com.htc.android.mail", "default_mailsize")
32 = ("com.htc.android.mail", "widget_clickcount")
33 = ("com.htc.android.mail", "EAS_success")
34 = ("com.htc.launcher", "layout")
35 = ("com.htc.launcher", "scene")
36 = ("com.htc.launcher", "user_action")
37 = ("com.htc.launcher", "app_launch")
38 = ("com.htc.launcher", "leap_view")
39 = ("com.htc.launcher", "skin_picker")
40 = ("com.htc.music", "storage")
41 = ("device_status", "battery")
42 = ("device_status", "battery_low")
43 = ("device_status", "bluetooth")
44 = ("download_manager", "download")
45 = ("system_server", "application_launch")
46 = ("system_server", "activity_launch_history")
47 = ("system_server", "MRU_click")
48 = ("system_server", "activity_tabCount")
49 = ("system_server", "tab_index")
50 = ("system_server", "app_uninstalled")
51 = ("system_server", "launcher_downloaded")
Part 1 - Framework.jar
Part 2 - Services.jar
Part 3 - Ramdisk/Kernel Source Misc Files
sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;
if-nez v1, :cond_2
[B]ORIGINAL LINE- [/B] invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
[B]MODDED LINE- [/B] goto :goto_0
:cond_1
sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;
if-nez v1, :cond_2
[B]ORIGINAL LINE- [/B] invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
[B]MODDED LINE- [/B] goto :goto_0
sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;
if-nez v1, :cond_2
[B]ORIGINAL LINE- [/B] invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
[B]MODDED LINE- [/B] goto :goto_0
.locals 11
const/16 v9, 0xc
const/16 v6, -0x6b
[B]original line[/B] const/4 v8, 0x1
[B]modded line [/B] const/4 v8, 0x0
sget-object v5, Lcom/htc/profileflag/TellHtcController;->EnabledTellHtcDevice:[B
aget-byte v5, v5, v3
if-ne v5, v6, :cond_4
[B]original line[/B] const/4 v0, 0x1
[B]modded line[/B] const/4 v0, 0x0
.locals 1
[B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->profile_force_disable_error_report:Z
[B]modded line[/B] const/4 v0, 0x1
return v0
.end method
.locals 1
[B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->profile_force_disable_ulog:Z
[B]modded line[/B] const/4 v0, 0x1
return v0
.end method
.locals 1
[B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->setting_enable_auto_send:Z
[B]modded line[/B] const/4 v0, 0x0
return v0
.end method
.field public static final HtcCIQFlag:Z = true [B]change to false[/B]
[B]replace WHOLE old method with just following[/B]
.locals 1
const/4 p0, 0x0
return-object p0
[B]replace WHOLE old method with just following[/B]
.locals 1
const/4 p0, 0x0
return-object p0
[B]original[/B]
sput-boolean v0, Landroid/provider/htcCheckin;->bCHECKIN:Z
sput-boolean v0, Landroid/provider/htcCheckin;->bGOOGLE_CHECKIN:Z
[B]modded[/B]
sput-boolean v1, Landroid/provider/htcCheckin;->bCHECKIN:Z
sput-boolean v1, Landroid/provider/htcCheckin;->bGOOGLE_CHECKIN:Z
.field public static final CIQVersion:Ljava/lang/String; = "1.1.1" [B]change to "6.6.6" (anything > 3)[/B]
.field static final enableCIQ:Z = true [B]change to false[/B]
.locals 8
[B]original[/B] const/4 v2, 0x1
[B]modded[/B] const/4 v2, 0x0
const-wide/16 v4, 0x0
const/4 v3, 0x0
const-string v7, "EVDO"
const-string v6, "1.1.1" [B]anything > 3.0.0[/B]
const-string v0, "1.1.1" [B]anything > 3.0.0[/B]
const-string v0, "1.1.1" [B]anything > 3.0.0[/B]
.method public static getCIQFlag()Z
.locals 1
[B]original[/B] const/4 v0, 0x1
[B]modded[/B] const/4 v0, 0x0
return v0
.end method
:cond_0
[B]original line[/B] const/4 v1, 0x1
[B]modded line[/B] const/4 v1, 0x0
:goto_0
return v1
:cond_1
const/4 v1, 0x0
goto :goto_0
.field public static final COMPILE_OPTION_CIQ_SUPPORT:Z = true [B]change to false[/B]
[B]/system/app/MyReportAgent.apk[/B] - tell htc
[B]/system/app/HtcLoggers.apk[/B] - writes to /data/data/com.htc.loggers/. Has a checksu function. [URL="http://xdaforums.com/showpost.php?p=17270348&postcount=44"]Analysis here[/URL]
[B]/system/app/HTCIQAgent.apk[/B] - IQ agent app. Analysis [URL="http://xdaforums.com/showpost.php?p=17316913&postcount=61"]here[/URL]
[B]/system/app/CheckinProvider.apk[/B] - HTC Checkin. [URL="http://xdaforums.com/showpost.php?p=17332445&postcount=73"]Analysis here[/URL]
[B]/system/bin/htcipcd[/B] - HTC IPC server. [URL="http://xdaforums.com/showpost.php?p=17366102&postcount=94"]Analysis here[/URL]
[B]/system/bin/iqfd[/B] - CIQ frontend daemon. [URL="http://xdaforums.com/showpost.php?p=17365547&postcount=93"]Analysis here [/URL]
[B]/system/bin/iqd[/B] - CIQ backend daemon. [URL="http://xdaforums.com/showpost.php?p=17365391&postcount=92"]Analysis here[/URL]
[B]/system/bin/androidvncserver[/B] - VNC remote screen display
[B]/system/bin/usbnet[/B] - config for local vnc
[B]/system/lib/libciq_client.so[/B] - ciq client lib
[B]/system/lib/libciq_htc.so[/B] - ciq lib
[B]/system/lib/libhtciqagent.so[/B] - ciq agent lib
[B]/system/etc/iqprofile.pro[/B] - has a url for [url]https://collector.iota.spcsdns.net:10003/collector/c[/url]
GSM/OTHER ROMS(For now)
[B]/system/app/RamdumpEnabler.apk"[/B]
[B]/sys/lib/libhtc_ramdump.so[/B]
[B]/system/app/NetLogger.apk[/B]
[B]/sys/lib/libhtc_netlogger.so[/B] - writes to /data/data/com.htc.android.netlogger/. Uses TCPDUMP!??!?!?!??!?!?! (SEE WIRESHARK)
[B]ril.iq.quickboot=1[/B] - IQ start
# Disable checkin/profiling services
ro.config.htc.nocheckin=1
ro.config.nocheckin=1
profiler.force_disable_err_rpt=1
profiler.force_disable_ulog=1
[B]ALL OF THESE MIGHT NOT NEED TO BE REMOVED[/B]
id guess at crash/checkin being bad. replace url with http://127.0.0.1 so you dont go to defaults.
# For FOTA setting (leave empty value to use default)
ro.htc.checkin.url = http://andchin.htc.com/android/checkin
ro.htc.checkin.crashurl = http://andchin.htc.com/android/crash
ro.htc.checkin.url_CN = http://andchin.htccomm.com.cn/android/checkin
ro.htc.checkin.crashurl_CN = http://andchin.htccomm.com.cn/android/crash
ro.htc.checkin.exmsg.url = http://fotamsg.htc.com/android/extra/
ro.htc.checkin.exmsg.url_CN = http://fotamsg.htccomm.com.cn/android/extra/
ro.htc.appupdate.url = http://apu-chin.htc.com/check-in/rws/and-app/update
ro.htc.appupdate.url_CN = http://apu-chin.htccomm.com.cn/check-in/rws/and-app/update
ro.htc.appupdate.exmsg.url = http://apu-msg.htc.com/extra-msg/rws/and-app/msg
ro.htc.appupdate.exmsg.url_CN = http://apu-msg.htccomm.com.cn/extra-msg/rws/and-app/msg
PLEASE HAVE YOUR KERNEL DEV DISABLE STUFF IN THIS POST - http://xdaforums.com/showpost.php?p=17327620&postcount=68
#for CIQ ipc
mkdir /app-cache/ciq 0711 root system
mkdir /app-cache/ciq/socket 0777 root system
# HTC IPC server
service htcipcd /system/bin/htcipcd
user root
group root system
# CIQ backend daemon
service iqd /system/bin/iqd
user root
group root system
# CIQ frontend daemon
service iqfd /system/bin/iqfd
user root
group root system
service htc_ebdlogd /system/bin/htc_ebdlogd -s -k -P 7
user root
disabled
oneshot
ioprio idle 0
service htc_ebdlogd_rel /system/bin/htc_ebdlogd -s -k
user root
disabled
oneshot
ioprio idle 0
on property:ril.iq.quickboot=1
start iqfd
start iqd
# for vnc
service androidvncserver /system/bin/androidvncserver -a
disabled
oneshot
service usbnet /system/bin/usbnet on
disabled
oneshot
ro.lb=unknown
ro.bootloader=unknown
After making all above changes, remove anything in the below directories than reboot. Make sure nothing new is being added
/data/anr/
/data/data/com.android.htcprofile/
/cache/recovery/
/data/wimax/log/
/devlog
/data/system/usagestats
/data/system/appusagestats
/data/system/dropbox
/data/system/userbehavior.db
/data/system/userbehavior.xml
/app-cache/ciq/
/app-cache/iqserver
/data/misc/agent_htc/
/data/data/com.htc.loggers/
adb reboot
adb shell
logcat | grep Service
adb shell
getprop | grep svc
.locals 4
[B]original:[/B] const/4 v3, 0x1
[B]modded:[/B] const/4 v3, 0x0
.locals 4
[B]original:[/B] const/4 v3, 0x1
[B]modded:[/B] const/4 v3, 0x0
[B]original:[/B] const/4 v0, 0x1
[B]modded:[/B] const/4 v0, 0x0
iput-boolean v0, p0, Lcom/android/server/ulog/UserBehaviorLoggingService;->mEnableHTCUBLog:Z
const-string v2, "policy"
const-string v3, "url"
const-string v5, "175.41.155.212:2021"
const-string v2, "log"
const-string v3, "url"
const-string v5, "175.41.164.137:8000"
invoke-direct {v9, v6, v10}, Lcom/android/server/DropBoxManagerService;-><init>(Landroid/content/Context;Ljava/io/File;)V
[B]original:[/B] invoke-static {v5, v9}, Landroid/os/ServiceManager;->addService(Ljava/lang/String;Landroid/os/IBinder;)V
[B]modded:[/B] invoke-static {v5, v9}, Landroid/os/ServiceManager;->deleteService(Ljava/lang/String;Landroid/os/IBinder;)V
invoke-direct {v9, v6}, Lcom/android/server/ulog/UserBehaviorLoggingService;-><init>(Landroid/content/Context;)V
[B]original:[/B] invoke-static {v5, v9}, Landroid/os/ServiceManager;->addService(Ljava/lang/String;Landroid/os/IBinder;)V
[B]Modded:[/B] invoke-static {v5, v9}, Landroid/os/ServiceManager;->deleteService(Ljava/lang/String;Landroid/os/IBinder;)V
[B]remove all old junk and make these methods look exactly like this:[/B]
.method public notePackageRemoved(Ljava/lang/String;Ljava/lang/String;)V
.locals 0
return-void
.end method
.method public notePauseActivity(ILjava/lang/String;)V
.locals 0
return-void
.end method
.method public noteRecentTaskChange(Lcom/android/server/am/TaskRecord;)V
.locals 0
return-void
.end method
.method public noteResumeActivity(ILjava/lang/String;ZZ)V
.locals 1
return-void
.end method
.method public noteResumeActivity_pkg(ILjava/lang/String;Ljava/lang/String;ZZ)V
.locals 1
return-void
.end method
.method public publish(Landroid/content/Context;)V
.locals 0
return-void
.end method
.locals 5
.annotation system Ldalvik/annotation/Throws;
value = {
Landroid/os/RemoteException;
}
.end annotation
[B]original line:[/B] if-nez p1, :cond_0
[B]modded line:[/B] if-eqz p1, :cond_0