ALL Android phones have hidden Carrier IQ software stealing info!?!

---

Ok guys i just saw this today and it really got me worried:

http://m.gizmodo.com/5863849/your-an...ou-do?autoplay

I'm sorry if i'm breaking a rule by posting this link, but if true, this is something to really worry about! Just read!

Update: here is a link for an app designed to detect and remove it from your android phones

http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110

Hope it helps!


Sent from my X10i using XDA App

Whole post, just in case:

If you have any decently modern Android phone, everything you do is being recorded by hidden software lurking inside. It even circumvents web encryption and grabs everything—including your passwords and Google queries.

Worse: it's the handset manufacturers and the carriers who—in the name of "making your user experience better"—install this software without any way for you to opt-out. This video, recorded by 25-year-old Android developer Trevor Eckhart, shows how it works. This is bad. Really bad.

Update: Nokia wrote to us saying that Carrier IQ's spyware is not included in any of their cellphones.

Fast forward to 9:00 for the damning sequence.

The spying software is developed by a company called Carrier IQ. In their site, the company says they are "the only embedded analytics company to support millions of devices simultaneously, we give Wireless Carriers and Handset Manufacturers unprecedented insight into their customers' mobile experience."

Who has this problem? It seems like a good goal and, indeed, most manufacturers and carriers agree: according to Eckhart, the spyware is included in most Android phones out there.

Eckhart claims that Carrier IQ software is also included in Blackberry and Nokia smartphones too. It probably works exactly the same in those smartphones as well. However, there's no proof showing these problems in those phones. There's no mention about Apple's iPhone.

It also doesn't even matter if your telephone was purchased free of carrier contracts. As Eckhart shows in this video, it's always there.

The problem is that it does a lot more than log anonymous generic data. It grabs everything.

How does it work? Carrier IQ's software is installed in your phone at the deepest level. You don't know it's there. You are never warned this is happening. You can't opt-in and you certainly can't opt-out.

The commercial spyware sits between the user and the applications in the phone so, no matter how secure and private your apps are, the spyware intercepts anything you do. From your location to your web browsing addresses and passwords to the content of your text messages.

This even happens using a private Wi-Fi connection instead of the carrier 3G or 4G connection.

The company denied all this in a public statement (PDF):

While we look at many aspects of a device's performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools

But the video clearly demonstrates that this is not true: Keystrokes submit unique key codes to Carrier IQ. Even secure connections are intercepted by the spyware, allowing it to record your moves in the open. These connections to the web are encrypted but, since Carrier IQ's spyware sits between the browser and the user, it grabs it and sends it in plain text.

The spyware can even log your location, even if the user declines to allow an app to know where it is. The hidden Carrier IQ app ignores your desires, intercepts the data and gets your location anyway.

What can you do to avoid it? Unfortunately, not much. The hidden spyware is always running, and there's no option in any of the menus to deactivate it. Unless you're a grade-A blackbelt hacker, you're out of luck. Even Eckhart, who is a developer, finds it difficult to remove:

Why is this not opt-in and why is it so hard to fully remove?

It's an excellent question. One that urgently needs an answer, from Carrier IQ but especially from every handset manufacturer and carrier involved in this situation.

The solution to this problem is not installing a custom ROM. That's something that shouldn't be required from consumers, something that normal people will not be willing to do. Products must respect privacy rights out of the box. Consumers must be informed about this the moment they turn on their phones in a clear way. They should have the possibility to opt-in and opt-out whenever they want, with a single click. This matter should be solved now by Carrier IQ, the handset manufacturer and the carriers.

If it isn't solved as soon as possible, authorities in the US and Europe should nail them with everything they have. [Twitter, Android Security Test, EFF and Carrier IQ via Threat Level]

Update from Nokia's PR firm Next15, Gretchen Bender: I know you've followed today's news that software from CarrierIQ has been found on Nokia devices. I wanted to quickly reach out following your story to let you know that in fact, CarrierIQ does not ship products for any Nokia devices. Therefore, these reports are inaccurate.


Sent from my X10i using XDA App

I was waiting to see this thread open here. This is a bomb to the platform's reputation.

Does rooting and installing any 3rd party ROM eliminate this?

Also, does this only apply to US carriers and devices?

AOSP mods (including cyanogenmod) don't have carrier IQ since Google didn't do it in the first place. Nor do the Nexus phones..

Nor do a handful of OTHER phones. I'm curious to see just how far that goes. It kinda explains why manufacturers/cell providers are SO insistent on locking firmware though.

Updated OP with link to removal app

Sent from my X10i using XDA App

Quote:

Originally Posted by Barzobius

Ok guys i just saw this today and it really got me worried:

http://m.gizmodo.com/5863849/your-an...ou-do?autoplay

I'm sorry if i'm breaking a rule by posting this link, but if true, this is something to really worry about! Just read!

Update: here is a link for an app designed to detect and remove it from your android phones

http://forum.xda-developers.com/show...&postcount=110

Hope it helps!


Sent from my X10i using XDA App

Thanks for posting the link! l was watching the XDA:TV and Bob was on about this, while playing the video l was searching all over the market place, couldn't find it. Now l did.

Quote:

Originally Posted by Barzobius

Ok guys i just saw this today and it really got me worried:

http://m.gizmodo.com/5863849/your-an...ou-do?autoplay

I'm sorry if i'm breaking a rule by posting this link, but if true, this is something to really worry about! Just read!

Update: here is a link for an app designed to detect and remove it from your android phones

http://forum.xda-developers.com/show...&postcount=110

Hope it helps!


Sent from my X10i using XDA App

I happened upon it as well here:

http://news.yahoo.com/smartphone-spying-204933867.html

So, a rooted device doesn't have it? That's good news. I'm now thinking of flashing my G2 to get rid of this (if it has it).

Does anyone here know how to find it on the device?

Joe

We have a thread with same topic in General section