[DEV|APPv14] CIQ / HTC & Google Checkin / HTC loggers / Tell HTC Info & Removal

Search This thread

TrevE

Retired Recognized Developer
Apr 27, 2007
2,031
3,659
androidsecuritytest.com
[DEV|APPv14] CIQ / HTC & Google Checkin / HTC loggers / Tell HTC Info & Removal

********LOGGING REVEAL***********


Over the past few weeks there has been alot about these "spyware" services running on our phones. I'm looking for dev input/a single place to document this all. I would also love for HTC to show us the real off switches for everything as they seem to make a big point about "opting out" lately - http://www.xda-developers.com/android/htcs-statement-regarding-ciq-data-collection/ This is all obviously more than just tell HTC crash reporting.

The only way I have found to "opt-out" is to make changes below. HARDLY an on/off switch. You can see my analysis of stock logs getting written and processes running even though i "opted out" of everything officially possible here, here , and here



Other devs, please chime in with your findings I also have a more non technical writeup, a poll and visio diagram up in general if you just want a quick and dirty picture of whats going on here



3 reasons I think this is important:
1- Where did I "opt-in" to this? It would be entirely one thing if it was like location, where an agree message pops up, but as for most of these I havent seen anything of the sorts. I would not care in the least if it was apparent.

2- Why does htc/sprint/google whoever need to waste my mobile data (goes through my airave, so its my bandwidth) and CPU cycles/battery logging?

3- Who the hell is getting my data?



Below are the services, and i believe what goes to what.

Google Checkin - /system/app/GoogleServicesFramework.apk. reports to https://android.clients.google.com/checkin see analysis here
-Dropbox Services- I had 500+ files in it including full logcat/dmesg etc. Synced on google checkin.
-App Usage Stats- what apps you use, install, uninstall time used uploaded with dropbox

CIQ
HTC/Sprint, not sure whose responsible for this. User Behavior Logging Service may be related
-You can see what info the app seems capable of sending here hidden test functions detailed here


Tell HTC - Tell HTC reports App crashes to HTC automatically. Even if you shut this off in htcstetupwizard it still runs and logs data.


HTC Loggers - Seems to log certain kernel events. Has a hidden UI See http://forum.xda-developers.com/showpost.php?p=17270348&postcount=44


HTC Checkin - sends recovery logs (real cute), app usage stats, dmesg, mobile data usage etc. See here

-HTC App Usage Stats. I believe these get get sent out when you "checkin"

HTC App Usage Stats is triggered on the following:
Code:
1 = ("com.htc.feedback", "feedback_usageOpt")
2 = ("com.android.browser", "user_action")
3 = ("com.android.htccontacts", "contact_type")
4 = ("com.android.htccontacts", "group_info")
5 = ("com.android.mms", "message_send")
6 = ("com.android.mms", "message_receive")
7 = ("com.android.mms", "message_count")
8 = ("com.android.phone", "user_action")
9 = ("com.android.phone", "settings_quietRing")
10 = ("com.android.phone", "settings_pocketMode")
11 = ("com.android.phone", "settings_flipForSpeaker")
12 = ("com.android.phone", "edit_b4_call")
13 = ("com.futuredial", "transfer_data")
14 = ("com.htc.album", "storage")
15 = ("com.htc.android.htcime", "press_duration")
16 = ("com.htc.android.htcime", "UDB_words")
17 = ("com.htc.android.htcime", "special_correction")
18 = ("com.htc.android.htcime", "WCL_cnt")
19 = ("com.htc.android.htcime", "duration_SIP")
20 = ("com.htc.android.htcime", "lang_key")
21 = ("com.htc.android.htcime", "voice_key")
22 = ("com.htc.android.htcime", "set_CIME")
23 = ("com.htc.android.htcime", "duration_SIP")
24 = ("com.htc.android.htcime", "user_action")
25 = ("com.htc.android.htcime", "waiting_time")
26 = ("com.htc.android.htcime", "fuzzy_pinYin")
27 = ("com.htc.android.htcsetupwizard", "is_sysTimeChanged")
28 = ("com.htc.android.htcsetupwizard", "feedback_usageOpt")
29 = ("com.htc.android.mail", "mail_count")
30 = ("com.htc.android.mail", "update_schedule")
31 = ("com.htc.android.mail", "default_mailsize")
32 = ("com.htc.android.mail", "widget_clickcount")
33 = ("com.htc.android.mail", "EAS_success")
34 = ("com.htc.launcher", "layout")
35 = ("com.htc.launcher", "scene")
36 = ("com.htc.launcher", "user_action")
37 = ("com.htc.launcher", "app_launch")
38 = ("com.htc.launcher", "leap_view")
39 = ("com.htc.launcher", "skin_picker")
40 = ("com.htc.music", "storage")
41 = ("device_status", "battery")
42 = ("device_status", "battery_low")
43 = ("device_status", "bluetooth")
44 = ("download_manager", "download")
45 = ("system_server", "application_launch")
46 = ("system_server", "activity_launch_history")
47 = ("system_server", "MRU_click")
48 = ("system_server", "activity_tabCount")
49 = ("system_server", "tab_index")
50 = ("system_server", "app_uninstalled")
51 = ("system_server", "launcher_downloaded")



Testing / Removal App

I have also written an app to check these services easily. See all details for that here - http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110


Part 1 - Framework.jar
Part 2 - Services.jar
Part 3 - Ramdisk/Kernel Source Misc Files
 
Last edited:

TrevE

Retired Recognized Developer
Apr 27, 2007
2,031
3,659
androidsecuritytest.com
Framework.jar


/com/htc/utils/ulog/ULog.smali- this stops logging services from starting (removing init lines)

.method public static log(Lcom/htc/utils/ulog/ULogData;)V
Code:
    sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;

    if-nez v1, :cond_2

  [B]ORIGINAL LINE- [/B] invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
  [B]MODDED LINE- [/B] goto :goto_0

.method private static log(Ljava/lang/String;)V
Code:
    :cond_1
    sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;

    if-nez v1, :cond_2

    [B]ORIGINAL LINE- [/B]  invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
  [B]MODDED LINE- [/B] goto :goto_0
.method public static logStat(Lcom/htc/utils/ulog/ULogStat;)V
Code:
    sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;

    if-nez v1, :cond_2

   [B]ORIGINAL LINE- [/B] invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
  [B]MODDED LINE- [/B] goto :goto_0




/com/htc/profileflag/TellHtcController.smali - disables auto reporting to HTC

.method static constructor <clinit>()V
Code:
    .locals 11

    const/16 v9, 0xc

    const/16 v6, -0x6b

   [B]original line[/B] const/4 v8, 0x1
[B]modded line [/B] const/4 v8, 0x0
Code:
    sget-object v5, Lcom/htc/profileflag/TellHtcController;->EnabledTellHtcDevice:[B

    aget-byte v5, v5, v3

    if-ne v5, v6, :cond_4

 [B]original line[/B] const/4 v0, 0x1
 [B]modded line[/B]  const/4 v0, 0x0

.method public static isDisableErrorRport()Z
Code:
    .locals 1

     [B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->profile_force_disable_error_report:Z
    [B]modded line[/B]   const/4 v0, 0x1

    return v0
.end method
.method public static isDisableUlog()Z
Code:
    .locals 1

   [B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->profile_force_disable_ulog:Z
    [B]modded line[/B]   const/4 v0, 0x1
    return v0
.end method

.method public static isEnableAutoSend()Z
Code:
    .locals 1

    [B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->setting_enable_auto_send:Z
    [B]modded line[/B]   const/4 v0, 0x0
    return v0
.end method



/com/htc/profileflag/HtcBuildFlag.smali Tells framework it was built without CIQ support

Code:
.field public static final HtcCIQFlag:Z = true [B]change to false[/B]

/com/android/internal/app/IHtcAppUsageStatsService$Stub.smali - Disables HTC app usagestats service

.method public static asInterface(Landroid/os/IBinder;)Lcom/android/internal/app/IHtcAppUsageStatsService;
Code:
[B]replace WHOLE old method with just following[/B]
  .locals 1

    const/4 p0, 0x0

    return-object p0

/com/android/internal/app/IUsageStats$Stub
.method public static asInterface(Landroid/os/IBinder;)Lcom/android/internal/app/IUsageStats;
Code:
[B]replace WHOLE old method with just following[/B]
  .locals 1

    const/4 p0, 0x0

    return-object p0

/android/provider/htcCheckin.smali htc/google checkin disable
Code:
[B]original[/B]
    sput-boolean v0, Landroid/provider/htcCheckin;->bCHECKIN:Z
    sput-boolean v0, Landroid/provider/htcCheckin;->bGOOGLE_CHECKIN:Z

[B]modded[/B]
    sput-boolean v1, Landroid/provider/htcCheckin;->bCHECKIN:Z
    sput-boolean v1, Landroid/provider/htcCheckin;->bGOOGLE_CHECKIN:Z

/android/net/http/htchttpiqagent.smali - IQ agent uploader (i think)
Code:
.field public static final CIQVersion:Ljava/lang/String; = "1.1.1" [B]change to "6.6.6" (anything > 3)[/B]
.field static final enableCIQ:Z = true [B]change to false[/B]
Code:
    .locals 8

[B]original[/B]    const/4 v2, 0x1
[B]modded[/B] const/4 v2, 0x0

    const-wide/16 v4, 0x0

    const/4 v3, 0x0

    const-string v7, "EVDO"

    const-string v6, "1.1.1" [B]anything > 3.0.0[/B]

    const-string v0, "1.1.1" [B]anything > 3.0.0[/B]

    const-string v0, "1.1.1" [B]anything > 3.0.0[/B]
Code:
.method public static getCIQFlag()Z
    .locals 1

[B]original[/B]    const/4 v0, 0x1
[B]modded[/B]  const/4 v0, 0x0

    return v0
.end method

/android/media/MediaCIQ
.method public static enableCIQ(Ljava/lang/String;)Z
Code:
    :cond_0
[B]original line[/B]    const/4 v1, 0x1
[B]modded line[/B]  const/4 v1, 0x0

    :goto_0
    return v1

    :cond_1
    const/4 v1, 0x0

    goto :goto_0

/com/android/internal/telephony/SMSDispatcher.smali
Code:
.field public static final COMPILE_OPTION_CIQ_SUPPORT:Z = true [B]change to false[/B]
 
Last edited:

TrevE

Retired Recognized Developer
Apr 27, 2007
2,031
3,659
androidsecuritytest.com

/com/android/server/ulog:
Utils.smali-

.method static isTellHtcEnableAutoSend(Landroid/content/Context;)Z
Code:
    .locals 4

[B]original:[/B]    const/4 v3, 0x1
[B]modded:[/B]    const/4 v3, 0x0

.method static isUserProfilingSettingEnabled(Landroid/content/Context;)Z
Code:
    .locals 4

[B]original:[/B]    const/4 v3, 0x1
[B]modded:[/B]    const/4 v3, 0x0



UserBehaviorLoggingService.Smali
Code:
[B]original:[/B]    const/4 v0, 0x1
[B]modded:[/B]  const/4 v0, 0x0
    iput-boolean v0, p0, Lcom/android/server/ulog/UserBehaviorLoggingService;->mEnableHTCUBLog:Z

PolicyStore$DefaultPolicyLoader.smali- Defaults for database on what to log.

There are 10000s of changes I made, just search for "1" and change to "0" (for the most part) These are the trigger actions

There are also 2 IPs, change to 127.0.0.1
Code:
    const-string v2, "policy"

    const-string v3, "url"

    const-string v5, "175.41.155.212:2021"
Code:
    const-string v2, "log"

    const-string v3, "url"

    const-string v5, "175.41.164.137:8000"

/com/android/server/ServerThread.smali- Dropbox/Userbehavior Disable
Code:
    invoke-direct {v9, v6, v10}, Lcom/android/server/DropBoxManagerService;-><init>(Landroid/content/Context;Ljava/io/File;)V

[B]original:[/B] invoke-static {v5, v9}, Landroid/os/ServiceManager;->addService(Ljava/lang/String;Landroid/os/IBinder;)V
[B]modded:[/B]     invoke-static {v5, v9}, Landroid/os/ServiceManager;->deleteService(Ljava/lang/String;Landroid/os/IBinder;)V
Code:
    invoke-direct {v9, v6}, Lcom/android/server/ulog/UserBehaviorLoggingService;-><init>(Landroid/content/Context;)V

[B]original:[/B]    invoke-static {v5, v9}, Landroid/os/ServiceManager;->addService(Ljava/lang/String;Landroid/os/IBinder;)V
 [B]Modded:[/B]      invoke-static {v5, v9}, Landroid/os/ServiceManager;->deleteService(Ljava/lang/String;Landroid/os/IBinder;)V


/com/android/server/am/HtcAppUsageStatsService.smali - this is the dreaded HTC logging that has no off switch. This is the only way I could disable by replacing full methods with nulls.
Code:
[B]remove all old junk and make these methods look exactly like this:[/B]
.method public notePackageRemoved(Ljava/lang/String;Ljava/lang/String;)V
    .locals 0

    return-void
.end method

.method public notePauseActivity(ILjava/lang/String;)V
    .locals 0

    return-void
.end method

.method public noteRecentTaskChange(Lcom/android/server/am/TaskRecord;)V
    .locals 0

    return-void
.end method

.method public noteResumeActivity(ILjava/lang/String;ZZ)V
    .locals 1

    return-void
.end method

.method public noteResumeActivity_pkg(ILjava/lang/String;Ljava/lang/String;ZZ)V
    .locals 1

    return-void
.end method

.method public publish(Landroid/content/Context;)V
    .locals 0

    return-void
.end method


.method public registerAppLaunchObserver(Lcom/android/internal/os/IHtcAppLaunchObserver;)V
Code:
    .locals 5
    .annotation system Ldalvik/annotation/Throws;
        value = {
            Landroid/os/RemoteException;
        }
    .end annotation

[B]original line:[/B]     if-nez p1, :cond_0
[B]modded line:[/B] if-eqz p1, :cond_0
 
Last edited:

TrevE

Retired Recognized Developer
Apr 27, 2007
2,031
3,659
androidsecuritytest.com
Code:
[B]/system/app/MyReportAgent.apk[/B] - tell htc
[B]/system/app/HtcLoggers.apk[/B] - writes to /data/data/com.htc.loggers/. Has a checksu function. [URL="http://forum.xda-developers.com/showpost.php?p=17270348&postcount=44"]Analysis here[/URL]
[B]/system/app/HTCIQAgent.apk[/B] - IQ agent app. Analysis [URL="http://forum.xda-developers.com/showpost.php?p=17316913&postcount=61"]here[/URL]
[B]/system/app/CheckinProvider.apk[/B] - HTC Checkin. [URL="http://forum.xda-developers.com/showpost.php?p=17332445&postcount=73"]Analysis here[/URL]
[B]/system/bin/htcipcd[/B] - HTC IPC server. [URL="http://forum.xda-developers.com/showpost.php?p=17366102&postcount=94"]Analysis here[/URL]
[B]/system/bin/iqfd[/B] - CIQ frontend daemon. [URL="http://forum.xda-developers.com/showpost.php?p=17365547&postcount=93"]Analysis here  [/URL]
[B]/system/bin/iqd[/B] - CIQ backend daemon. [URL="http://forum.xda-developers.com/showpost.php?p=17365391&postcount=92"]Analysis here[/URL]
[B]/system/bin/androidvncserver[/B] - VNC remote screen display
[B]/system/bin/usbnet[/B] - config for local vnc
[B]/system/lib/libciq_client.so[/B] - ciq client lib
[B]/system/lib/libciq_htc.so[/B] - ciq lib
[B]/system/lib/libhtciqagent.so[/B] - ciq agent lib
[B]/system/etc/iqprofile.pro[/B] - has a url for [url]https://collector.iota.spcsdns.net:10003/collector/c[/url]
 
GSM/OTHER ROMS(For now)
[B]/system/app/RamdumpEnabler.apk"[/B]
[B]/sys/lib/libhtc_ramdump.so[/B]
[B]/system/app/NetLogger.apk[/B]
[B]/sys/lib/libhtc_netlogger.so[/B] - writes to /data/data/com.htc.android.netlogger/.  Uses TCPDUMP!??!?!?!??!?!?! (SEE WIRESHARK)

Build.prop
Code:
[B]ril.iq.quickboot=1[/B] - IQ start 

# Disable checkin/profiling services
ro.config.htc.nocheckin=1
ro.config.nocheckin=1
profiler.force_disable_err_rpt=1
profiler.force_disable_ulog=1


[B]ALL OF THESE MIGHT NOT NEED TO BE REMOVED[/B]
id guess at crash/checkin being bad.  replace url with http://127.0.0.1  so you dont go to defaults.
# For FOTA setting (leave empty value to use default)
ro.htc.checkin.url = http://andchin.htc.com/android/checkin
ro.htc.checkin.crashurl = http://andchin.htc.com/android/crash
ro.htc.checkin.url_CN = http://andchin.htccomm.com.cn/android/checkin
ro.htc.checkin.crashurl_CN = http://andchin.htccomm.com.cn/android/crash
ro.htc.checkin.exmsg.url = http://fotamsg.htc.com/android/extra/
ro.htc.checkin.exmsg.url_CN = http://fotamsg.htccomm.com.cn/android/extra/
ro.htc.appupdate.url = http://apu-chin.htc.com/check-in/rws/and-app/update
ro.htc.appupdate.url_CN = http://apu-chin.htccomm.com.cn/check-in/rws/and-app/update
ro.htc.appupdate.exmsg.url = http://apu-msg.htc.com/extra-msg/rws/and-app/msg
ro.htc.appupdate.exmsg.url_CN = http://apu-msg.htccomm.com.cn/extra-msg/rws/and-app/msg

PLACES IN KERNEL/RAMDISK
PLEASE HAVE YOUR KERNEL DEV DISABLE STUFF IN THIS POST - http://forum.xda-developers.com/showpost.php?p=17327620&postcount=68

In ramdisk remove the following
Code:
#for CIQ ipc
mkdir /app-cache/ciq 0711 root system
mkdir /app-cache/ciq/socket 0777 root system

# HTC IPC server
service htcipcd /system/bin/htcipcd
    user root
    group root system

# CIQ backend daemon
service iqd /system/bin/iqd
    user root
    group root system

# CIQ frontend daemon
service iqfd /system/bin/iqfd
    user root
    group root system


service htc_ebdlogd /system/bin/htc_ebdlogd -s -k -P 7
    user root
    disabled
    oneshot
    ioprio idle 0

service htc_ebdlogd_rel /system/bin/htc_ebdlogd -s -k
    user root
    disabled
    oneshot
    ioprio idle 0


on property:ril.iq.quickboot=1
    start iqfd
    start iqd


# for vnc
service androidvncserver /system/bin/androidvncserver -a
    disabled
    oneshot

service usbnet /system/bin/usbnet on
    disabled
    oneshot

While your in ramdisk, you will want to change default.prop. Here we can hide our bootloader and unlock state from being reported to htc/sprint/google/whoever else. See - http://forum.xda-developers.com/showpost.php?p=18754843&postcount=279 The following two should be set in default.prop:
Code:
ro.lb=unknown
ro.bootloader=unknown

DIRECTORIES/ FILES USED:
After making all above changes, remove anything in the below directories than reboot. Make sure nothing new is being added

Code:
/data/anr/
/data/data/com.android.htcprofile/
/cache/recovery/
/data/wimax/log/
/devlog
/data/system/usagestats
/data/system/appusagestats
/data/system/dropbox
/data/system/userbehavior.db
/data/system/userbehavior.xml
/app-cache/ciq/
/app-cache/iqserver
/data/misc/agent_htc/
/data/data/com.htc.loggers/

For safety you can chmod 400 or 000. Doing this alone without above framework changes will result in errors on write

How to tell Services running on phone
Code:
adb reboot
adb shell
logcat | grep Service

also make sure you dont see iq stuff here
Code:
adb shell
getprop | grep svc
 
Last edited:

TrevE

Retired Recognized Developer
Apr 27, 2007
2,031
3,659
androidsecuritytest.com
Thanks guys, im passing out for now ill update more later. Im pretty sure everything to disable all the services are there now, ill get into the places its in ramdisk/etc later.

Hopefully it gets my point across to HTC how freeking hard it is to shut this off, and that we need a real optout? This stuff is hardcoded everywhere, especially Htc App Usage crap, its really not ment to be shut off. It was alot of work tracing these methods all through framework.
 

xHausx

Inactive Recognized Developer
Jul 5, 2010
6,782
4,521
Central Florida
My main goal was trying to find that off switch to completely shut it down, that way it wouldn't be running in the background wasting CPU time. I haven't had a chance to look at the kernel yet but framework wise it looks like there are multiple flags that can disable portions of it. A lot of the stuff I found was already covered by TrevE so I'll do my best not to post anything redundant.

This is mainly for cIQ

Files Involved
(incomplete)
Code:
[I]Apks:[/I]
Browser.apk
Calculator.apk -- Front end?
HtcContacts.apk
HtcDialer.apk
HtcIQAgent.apk
IQRD.apk
SprintZoneNC.apk
[I]
Framework:[/I]
android.policy.jar
com.htc.framework.jar
framework.jar
services.jar

[I]Binaries:[/I]
htcipcd
htc_inittest
htc_timezonetest
iqd
iqfd
[I]
Libraries:[/I]
libciq_client.so
libcig_htc.so
libhtciq_agent.so



To prevent metrics data from being sent (still logs though) getCIQFlag()z in framework.jar -> HTChttpIQagent.java needs to return False
 
Last edited:

sgt. slaughter

Retired Forum Moderator
Jun 12, 2010
5,724
3,075
Raleigh
Im no dev like you guys in anyway so I may be completely wrong here as I also haven't looked at it much either.
I took the article as saying that on a crash report you will then have the option to opt-in and send a log of the event to HTC, or you could opt-out to not send one of that event. Their response I didn't take as the phone was constantly sending data/info to HTC from our phone, and more so that only on a crash would it poll up and send give you the option ot report or not.

could it be that we are seeing the phone log everything and not actually sending it to HTC till a crash happens and you get a pop up message? so in this case its not as harmful as first thought??

just an early east coast thought here. dissregard if im completely wrong guys.
 
  • Like
Reactions: lexusmike

xHausx

Inactive Recognized Developer
Jul 5, 2010
6,782
4,521
Central Florida
Im no dev like you guys in anyway so I may be completely wrong here as I also haven't looked at it much either.
I took the article as saying that on a crash report you will then have the option to opt-in and send a log of the event to HTC, or you could opt-out to not send one of that event. Their response I didn't take as the phone was constantly sending data/info to HTC from our phone, and more so that only on a crash would it poll up and send give you the option ot report or not.

could it be that we are seeing the phone log everything and not actually sending it to HTC till a crash happens and you get a pop up message? so in this case its not as harmful as first thought??

just an early east coast thought here. dissregard if im completely wrong guys.

Wether or not you opt in is decided when the phone is first setup. However, it looks like HTC's error logging is separate from the cIQ spyware that does the logging of your usage, what apps you use, websites, etc. That is always recording information and saving statistics about you regardless.

Edit: I did find a function that I believe will disable it but it appears to have been removed, I'm guessing during optimization.

Sent from my PG86100 using XDA Premium App
 
Last edited:
  • Like
Reactions: lexusmike

sgt. slaughter

Retired Forum Moderator
Jun 12, 2010
5,724
3,075
Raleigh
Wether or not you opt in is decided when the phone is first setup. However, it looks like HTC's error logging is separate from the cIQ spyware that does the logging of your usage, what apps you use, websites, etc. That is always recording information and saving statistics about you regardless.

Edit: I did find a function that I believe will disable it but it appears to have been removed, I'm guessing during optimization.

Sent from my PG86100 using XDA Premium App

Im currently back on pure stock just rooted and s-off and went through setup again to see but only saw the google location reporting. Nothing on htc less its included as "other services" when it asks if you want to automatically sync data like gmail, calander, contacts,and other services.
So optimization wouldnt be when it was removed since im on stock here and dont see it.

My 2cents on it. I think its a attempt to be faster at fixing things and for regular users the reporting will help speed the process up as they wont have to email them over and over. That is l ok ng as it only sends data out after user says okay fir each instance.
For us here though it might not be needed at all since you guys are creeme of the crop and usually fix htc's stuff anyway. :)

Same with the ciq stuff. Just an attempt to know more about usage and help more in future hopefully. It coyld be used for bad things too but its def not a 100% sure neg thing for the reg user. Long as sprint uses the info un right way.

Sent from my PG86100 using XDA App
 
Last edited:
  • Like
Reactions: lexusmike

smw6180

Senior Member
Oct 31, 2007
6,078
4,841
Bear, DE
Im currently back on pure stock just rooted and s-off and went through setup again to see but only saw the google location reporting. Nothing on htc less its included as "other services" when it asks if you want to automatically sync data like gmail, calander, contacts,and other services.
So optimization wouldnt be when it was removed since im on stock here and dont see it.

My 2cents on it. I think its a attempt to be faster at fixing things and for regular users the reporting will help speed the process up as they wont have to email them over and over. That is l ok ng as it only sends data out after user says okay fir each instance.
For us here though it might not be needed at all since you guys are creeme of the crop and usually fix htc's stuff anyway. :)

Same with the ciq stuff. Just an attempt to know more about usage and help more in future hopefully. It coyld be used for bad things too but its def not a 100% sure neg thing for the reg user. Long as sprint uses the info un right way.

Sent from my PG86100 using XDA App

The point is not whether it's ultimately helpful. The point is that it's being done without the knowledge of the end user. The only opt-in stuff is strictly about telling HTC about force-closed apps. The stuff it's sending by and large isn't useful for that anyhow.

And there is not now, nor has there ever been ANY opt-in for CiQ. (Unless it's buried super deep in a licensing agreement or something). Bottom line here is that while I'm not OPPOSED to sending metrics to make things better in the future, I want the CHOICE of whether I do it or not. Since they didn't give me that choice I feel no moral qualms about having all of it completely disabled.
 

pstevep

Retired Senior Mod / Inactive Recognized Themer
Aug 31, 2010
6,091
8,077
A place just beyond throwing distance
a little info

i have been having horrible network issues over the past week and have been on the phone with sprint more than i would like to admit trying to resolve them.. however i did get some "cool" information yesterday from the advanced tech that i was talking to.. he was trying to determine my data flow or something like that on my phones, so he was polling each phone independently, to pull the information from them (he actually was explaining it to me as he did).. he could pull information from each phone on my account except for mine (which obviously has had ciq and other spy stuff removed).. be he was baffled by it, and said that he didnt quite understand how my data from my phone was so sporatic, and he gave a timeline, of when it showed they could get data and when they couldnt, and it was almost completely in tune with when i either flashed back to stock, or a rom that didnt have the spy stuff in it.. but he said it was almost as if my phone were invisible to their network in that respect.. so removing this stuff is having an affect, at least seems to make so sprint cant just poll your phone at request.

i personally dont care one way or the other about the spyware, i understand the point for it, and the points against it.. i am just indifferent.. but keep up the amazing work, all of the devs here deserve all the respect and donations we can give..
 

smw6180

Senior Member
Oct 31, 2007
6,078
4,841
Bear, DE
i have been having horrible network issues over the past week and have been on the phone with sprint more than i would like to admit trying to resolve them.. however i did get some "cool" information yesterday from the advanced tech that i was talking to.. he was trying to determine my data flow or something like that on my phones, so he was polling each phone independently, to pull the information from them (he actually was explaining it to me as he did).. he could pull information from each phone on my account except for mine (which obviously has had ciq and other spy stuff removed).. be he was baffled by it, and said that he didnt quite understand how my data from my phone was so sporatic, and he gave a timeline, of when it showed they could get data and when they couldnt, and it was almost completely in tune with when i either flashed back to stock, or a rom that didnt have the spy stuff in it.. but he said it was almost as if my phone were invisible to their network in that respect.. so removing this stuff is having an affect, at least seems to make so sprint cant just poll your phone at request.

i personally dont care one way or the other about the spyware, i understand the point for it, and the points against it.. i am just indifferent.. but keep up the amazing work, all of the devs here deserve all the respect and donations we can give..

Sorry for the quick OT post:

If you're having network issues the past week, check your PRL number. If it's not 21081 and is a 50 number, that's the issue. Downgrade PRL and your network problems should go away. I doubt it has anything to do with the spyware removal.

As for the 'not being seen on the network' that's common right after a phone is rooted, too, which is why you get an error 16 (most people do, anyhow) and have to have sprint refresh your phone on their network.
 
  • Like
Reactions: pstevep

pstevep

Retired Senior Mod / Inactive Recognized Themer
Aug 31, 2010
6,091
8,077
A place just beyond throwing distance
Sorry for the quick OT post:

If you're having network issues the past week, check your PRL number. If it's not 21081 and is a 50 number, that's the issue. Downgrade PRL and your network problems should go away. I doubt it has anything to do with the spyware removal.

As for the 'not being seen on the network' that's common right after a phone is rooted, too, which is why you get an error 16 (most people do, anyhow) and have to have sprint refresh your phone on their network.

yeah my prl is up to date with 21081, and has been rooted since the first day that revolutionary was released.. the network issues started a week or so ago and are affecting all the lines on my account, and they are all rooted.. which is why its a problem.. i appreciate the insight though..
 

smw6180

Senior Member
Oct 31, 2007
6,078
4,841
Bear, DE
yeah my prl is up to date with 21081, and has been rooted since the first day that revolutionary was released.. the network issues started a week or so ago and are affecting all the lines on my account, and they are all rooted.. which is why its a problem.. i appreciate the insight though..

Weird. I still don't think it's because it's rooted....maybe a problem in your area. I have 3 rooted evo3ds in my house and another 5 (2 evo3d's) at my brother's 5 minutes from me and no issues, other than the PRL one. Hope you got it all straightened out.

Ok, sorry, I won't OT anymore. ;)
 

TrevE

Retired Recognized Developer
Apr 27, 2007
2,031
3,659
androidsecuritytest.com
The point is not whether it's ultimately helpful. The point is that it's being done without the knowledge of the end user. The only opt-in stuff is strictly about telling HTC about force-closed apps. The stuff it's sending by and large isn't useful for that anyhow.

And there is not now, nor has there ever been ANY opt-in for CiQ. (Unless it's buried super deep in a licensing agreement or something). Bottom line here is that while I'm not OPPOSED to sending metrics to make things better in the future, I want the CHOICE of whether I do it or not. Since they didn't give me that choice I feel no moral qualms about having all of it completely disabled.

This is _exactly_ my problem. HTCAppUsageStats is NOT ment to be disabled, from what ive seen it does NOT have an off switch. I dont know for sure this s CIQ, it could be its whole own animal for what i know. All i know is i can tell ya i dont remember clicking I AGREE, so i "opted out"

If you look in any HTC app (say rosie.apk) the service is attempted to be restarted every time you run the app, with no break for checking an off switch or something. see below:

Gets called on app start, bring to front:
Code:
 boolean loadApplications(boolean flag, Launcher launcher, boolean flag1)
    {
        this;
        JVM INSTR monitorenter ;
        refreshUsageStatCache(launcher);
-----clipped

Code:
private static void refreshUsageStatCache(Context context)
    {
        HtcAppUsageStats ahtcappusagestats1[];
        int i;
        int j;
        if(sUsageStatsService == null)
            sUsageStatsService = new HtcUsageStats(context);

You can see when rosie gets brought to the front, stats gets started if its stopped. There is no check if (sUsageDisabled == true THEN blahbalh) it just runs.

Also notePackage* from /com/android/server/am/HtcAppUsageStatsService.smali needed the same stuff ripped from it , it will start itself if its not running and an app triggers something.(why i return void on everything)

Long story short, i dont see how an official off switch is possible for AppUsageStats in current code.

*edit* let me make this clear too, this appears to be writing in the same folders dumped to amazon cloud ips, this does not appear to have anything to do with the recent programs list. You can see when its _suppose_ to be triggered in default policy loader
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 406
    Logging Test App v14

    Logging Test App v14


    Attached to this post is my app that should interface with these logging services. Lets start by saying I HATE JAVA. Im an IT guy so i know my way around a few languages but im not the best so deal with uglyness. It is a work in progress and I will be adding more later.

    This app has started to turn into a full security suite. It can be used to verify what logging is being done on your phone and where data is going to. It will assist you in manually removing parts you do not running (see post#1), or you can go pro for automatic everything (and support me)

    You may use this version of the app anywhere and redistribute it. I have only tested on e3d, but it should work everywhere. I have heard it working on thunderbolt and e4g so far. Just make sure to give me credit if you bundle this in somewhere and do not modify it. Also please do not distribute the market key-- Its only $1.
    tFcVz.png


    • Check CIQ files (Root Only)- Sees if CIQ exists in your system
    • Check Google Usage Logs(Root Only)- Checks for logs in /data/system/usagestats
    • Check HTC Usage Logs (Root Only)- Checks for logs in /data/system/appusagestats
    • Check Devlog (Root Only) - Checks /devlog partition, written out by htc_ebdlogd
    • Check Dropbox Logs(Root Only)- Checks for logs in /data/system/dropbox
    • Check UserBehavior DB(Root Only)- Reads user Behavior monitoring database
    • AppUsage UI - See app usage logs in UI
    • CIQ APP UI - Attempts to open all known CIQ Activities
    • Start HTCLoggers - Start HTC Logging Activitie

    Services: You first must run a list to get a dump of all active services. Anything running on your phone will return to the spinner. Select a service and press the button again to get a dump of the service.

    • HTC Checkin DB (Root Only)- Shows what info you are sending to htc when checking in automatically
    • Google Checkin DB (Root Only)- Shows what triggers Google checking in automatically
    • HTC Report Agent - Shows what triggers HTC Reporting.
    • Common Commands- Network Diagnostic tools to see IP address/routes/outbound connections/automatically control port dialog (see below)
    • Port Control- Lets you input manual commands (or use above spinner) to local ports on your machines. Unix Domain Sockets will be enabled next

    • Read Cookies (Root Only)- Reads Sticky "Location Cookies" - clearing all data in browser does not wipe these
    • Wipe Cookies (Root Only)- Wipes Location Cookies. (pro not required)
    • Flash Settings Set local storage to "Only from sites I visit" and disable "Peer-Assisted Networking"
    • Convert to HTTPs (Root Only)- Updates stock top 500 db with https where possible. See pro options
    • Change Firefox Search to HTTPS (Root Only)- Changes default search to use HTTPs
    • Check/Set IPv6 Privacy(Root Only) - Sets if your MAC address is used as part of your IPv6 address. Dialog explains more


    Starting with version 3, i will be supporting cleanup/removal from many devices. The checking part of the app will always be free here but because of the time it took me to universally code the removal and because we already have documented 100000 ways to do it yourself (see post 1) I have decided to put the key to unlock removal features on any device on the market. It should be listed under package com.treve.loggingkey Its called Logging TestApp Pro Key. Just install the apk linked here first, get the key from market (99 cents, hardly much to support dev in progress) and install, then go back to original app and enjoy pro. You will now have access to the menu items to patch logging on the device.


    Version 5 of pro adds in an option to convert webdb to https. What this does is goes through the default websites and resets the address to the https site. What I hope to end up getting is something like the EFF's HTTPS Everywhere until then this is the "ghetto way"

    To use https convert option:
    • Set homepage to https://www.google.com/m
    • Kill browser with a taskilller, open logging test app
    • press menu, go to convert to https
    • open browser and start typing in some letters like facebook or wiki or google or bank you should see https infront of them.


    It has been tested on evo4g, evo3d, and thunderbolt so far. I will be supporting more devices if a device you have does not work let me know.


    Screenshots/How to read output

    To tell if you are spyware/logging free, none of these buttons should do much of anything. For example:
    • if you check usage stats/dropbox/devlog, you should see no files or 0k for anything listed.
    • if you start the usage service intent, you should see no apps listed. All other intents should not start.
    • You should not be able to connect to port 65511.


    Screenshots of a "fail condition" Shows on stock rom regardless of tell HTC or location setting logging is enabled and running, proving HTCs statement wrong, wasting resources, io, memory, bandwidth the works - http://forum.xda-developers.com/showpost.php?p=17614324&postcount=114


    Screenshots of a "pass condition". Shows all logs not writing and intents disabled (only possible after modifications, i cannot find a stock setting that will do this. see post1) - http://forum.xda-developers.com/showpost.php?p=17614542&postcount=116


    Let me know how this works out, more goodies will keep on flowing :) It does use permission internet, its required to open sockets.
    236
    [DEV|APPv14] CIQ / HTC & Google Checkin / HTC loggers / Tell HTC Info & Removal

    ********LOGGING REVEAL***********


    Over the past few weeks there has been alot about these "spyware" services running on our phones. I'm looking for dev input/a single place to document this all. I would also love for HTC to show us the real off switches for everything as they seem to make a big point about "opting out" lately - http://www.xda-developers.com/android/htcs-statement-regarding-ciq-data-collection/ This is all obviously more than just tell HTC crash reporting.

    The only way I have found to "opt-out" is to make changes below. HARDLY an on/off switch. You can see my analysis of stock logs getting written and processes running even though i "opted out" of everything officially possible here, here , and here



    Other devs, please chime in with your findings I also have a more non technical writeup, a poll and visio diagram up in general if you just want a quick and dirty picture of whats going on here



    3 reasons I think this is important:
    1- Where did I "opt-in" to this? It would be entirely one thing if it was like location, where an agree message pops up, but as for most of these I havent seen anything of the sorts. I would not care in the least if it was apparent.

    2- Why does htc/sprint/google whoever need to waste my mobile data (goes through my airave, so its my bandwidth) and CPU cycles/battery logging?

    3- Who the hell is getting my data?



    Below are the services, and i believe what goes to what.

    Google Checkin - /system/app/GoogleServicesFramework.apk. reports to https://android.clients.google.com/checkin see analysis here
    -Dropbox Services- I had 500+ files in it including full logcat/dmesg etc. Synced on google checkin.
    -App Usage Stats- what apps you use, install, uninstall time used uploaded with dropbox

    CIQ
    HTC/Sprint, not sure whose responsible for this. User Behavior Logging Service may be related
    -You can see what info the app seems capable of sending here hidden test functions detailed here


    Tell HTC - Tell HTC reports App crashes to HTC automatically. Even if you shut this off in htcstetupwizard it still runs and logs data.


    HTC Loggers - Seems to log certain kernel events. Has a hidden UI See http://forum.xda-developers.com/showpost.php?p=17270348&postcount=44


    HTC Checkin - sends recovery logs (real cute), app usage stats, dmesg, mobile data usage etc. See here

    -HTC App Usage Stats. I believe these get get sent out when you "checkin"

    HTC App Usage Stats is triggered on the following:
    Code:
    1 = ("com.htc.feedback", "feedback_usageOpt")
    2 = ("com.android.browser", "user_action")
    3 = ("com.android.htccontacts", "contact_type")
    4 = ("com.android.htccontacts", "group_info")
    5 = ("com.android.mms", "message_send")
    6 = ("com.android.mms", "message_receive")
    7 = ("com.android.mms", "message_count")
    8 = ("com.android.phone", "user_action")
    9 = ("com.android.phone", "settings_quietRing")
    10 = ("com.android.phone", "settings_pocketMode")
    11 = ("com.android.phone", "settings_flipForSpeaker")
    12 = ("com.android.phone", "edit_b4_call")
    13 = ("com.futuredial", "transfer_data")
    14 = ("com.htc.album", "storage")
    15 = ("com.htc.android.htcime", "press_duration")
    16 = ("com.htc.android.htcime", "UDB_words")
    17 = ("com.htc.android.htcime", "special_correction")
    18 = ("com.htc.android.htcime", "WCL_cnt")
    19 = ("com.htc.android.htcime", "duration_SIP")
    20 = ("com.htc.android.htcime", "lang_key")
    21 = ("com.htc.android.htcime", "voice_key")
    22 = ("com.htc.android.htcime", "set_CIME")
    23 = ("com.htc.android.htcime", "duration_SIP")
    24 = ("com.htc.android.htcime", "user_action")
    25 = ("com.htc.android.htcime", "waiting_time")
    26 = ("com.htc.android.htcime", "fuzzy_pinYin")
    27 = ("com.htc.android.htcsetupwizard", "is_sysTimeChanged")
    28 = ("com.htc.android.htcsetupwizard", "feedback_usageOpt")
    29 = ("com.htc.android.mail", "mail_count")
    30 = ("com.htc.android.mail", "update_schedule")
    31 = ("com.htc.android.mail", "default_mailsize")
    32 = ("com.htc.android.mail", "widget_clickcount")
    33 = ("com.htc.android.mail", "EAS_success")
    34 = ("com.htc.launcher", "layout")
    35 = ("com.htc.launcher", "scene")
    36 = ("com.htc.launcher", "user_action")
    37 = ("com.htc.launcher", "app_launch")
    38 = ("com.htc.launcher", "leap_view")
    39 = ("com.htc.launcher", "skin_picker")
    40 = ("com.htc.music", "storage")
    41 = ("device_status", "battery")
    42 = ("device_status", "battery_low")
    43 = ("device_status", "bluetooth")
    44 = ("download_manager", "download")
    45 = ("system_server", "application_launch")
    46 = ("system_server", "activity_launch_history")
    47 = ("system_server", "MRU_click")
    48 = ("system_server", "activity_tabCount")
    49 = ("system_server", "tab_index")
    50 = ("system_server", "app_uninstalled")
    51 = ("system_server", "launcher_downloaded")



    Testing / Removal App

    I have also written an app to check these services easily. See all details for that here - http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110


    Part 1 - Framework.jar
    Part 2 - Services.jar
    Part 3 - Ramdisk/Kernel Source Misc Files
    62
    Framework.jar


    /com/htc/utils/ulog/ULog.smali- this stops logging services from starting (removing init lines)

    .method public static log(Lcom/htc/utils/ulog/ULogData;)V
    Code:
        sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;
    
        if-nez v1, :cond_2
    
      [B]ORIGINAL LINE- [/B] invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
      [B]MODDED LINE- [/B] goto :goto_0

    .method private static log(Ljava/lang/String;)V
    Code:
        :cond_1
        sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;
    
        if-nez v1, :cond_2
    
        [B]ORIGINAL LINE- [/B]  invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
      [B]MODDED LINE- [/B] goto :goto_0
    .method public static logStat(Lcom/htc/utils/ulog/ULogStat;)V
    Code:
        sget-object v1, Lcom/htc/utils/ulog/ULog;->sUserBehaviorLoggingService:Lcom/htc/utils/ulog/IUserBehaviorLoggingService;
    
        if-nez v1, :cond_2
    
       [B]ORIGINAL LINE- [/B] invoke-static {}, Lcom/htc/utils/ulog/ULog;->init()V
      [B]MODDED LINE- [/B] goto :goto_0




    /com/htc/profileflag/TellHtcController.smali - disables auto reporting to HTC

    .method static constructor <clinit>()V
    Code:
        .locals 11
    
        const/16 v9, 0xc
    
        const/16 v6, -0x6b
    
       [B]original line[/B] const/4 v8, 0x1
    [B]modded line [/B] const/4 v8, 0x0
    Code:
        sget-object v5, Lcom/htc/profileflag/TellHtcController;->EnabledTellHtcDevice:[B
    
        aget-byte v5, v5, v3
    
        if-ne v5, v6, :cond_4
    
     [B]original line[/B] const/4 v0, 0x1
     [B]modded line[/B]  const/4 v0, 0x0

    .method public static isDisableErrorRport()Z
    Code:
        .locals 1
    
         [B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->profile_force_disable_error_report:Z
        [B]modded line[/B]   const/4 v0, 0x1
    
        return v0
    .end method
    .method public static isDisableUlog()Z
    Code:
        .locals 1
    
       [B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->profile_force_disable_ulog:Z
        [B]modded line[/B]   const/4 v0, 0x1
        return v0
    .end method

    .method public static isEnableAutoSend()Z
    Code:
        .locals 1
    
        [B]original line[/B] sget-boolean v0, Lcom/htc/profileflag/TellHtcController;->setting_enable_auto_send:Z
        [B]modded line[/B]   const/4 v0, 0x0
        return v0
    .end method



    /com/htc/profileflag/HtcBuildFlag.smali Tells framework it was built without CIQ support

    Code:
    .field public static final HtcCIQFlag:Z = true [B]change to false[/B]

    /com/android/internal/app/IHtcAppUsageStatsService$Stub.smali - Disables HTC app usagestats service

    .method public static asInterface(Landroid/os/IBinder;)Lcom/android/internal/app/IHtcAppUsageStatsService;
    Code:
    [B]replace WHOLE old method with just following[/B]
      .locals 1
    
        const/4 p0, 0x0
    
        return-object p0

    /com/android/internal/app/IUsageStats$Stub
    .method public static asInterface(Landroid/os/IBinder;)Lcom/android/internal/app/IUsageStats;
    Code:
    [B]replace WHOLE old method with just following[/B]
      .locals 1
    
        const/4 p0, 0x0
    
        return-object p0

    /android/provider/htcCheckin.smali htc/google checkin disable
    Code:
    [B]original[/B]
        sput-boolean v0, Landroid/provider/htcCheckin;->bCHECKIN:Z
        sput-boolean v0, Landroid/provider/htcCheckin;->bGOOGLE_CHECKIN:Z
    
    [B]modded[/B]
        sput-boolean v1, Landroid/provider/htcCheckin;->bCHECKIN:Z
        sput-boolean v1, Landroid/provider/htcCheckin;->bGOOGLE_CHECKIN:Z

    /android/net/http/htchttpiqagent.smali - IQ agent uploader (i think)
    Code:
    .field public static final CIQVersion:Ljava/lang/String; = "1.1.1" [B]change to "6.6.6" (anything > 3)[/B]
    .field static final enableCIQ:Z = true [B]change to false[/B]
    Code:
        .locals 8
    
    [B]original[/B]    const/4 v2, 0x1
    [B]modded[/B] const/4 v2, 0x0
    
        const-wide/16 v4, 0x0
    
        const/4 v3, 0x0
    
        const-string v7, "EVDO"
    
        const-string v6, "1.1.1" [B]anything > 3.0.0[/B]
    
        const-string v0, "1.1.1" [B]anything > 3.0.0[/B]
    
        const-string v0, "1.1.1" [B]anything > 3.0.0[/B]
    Code:
    .method public static getCIQFlag()Z
        .locals 1
    
    [B]original[/B]    const/4 v0, 0x1
    [B]modded[/B]  const/4 v0, 0x0
    
        return v0
    .end method

    /android/media/MediaCIQ
    .method public static enableCIQ(Ljava/lang/String;)Z
    Code:
        :cond_0
    [B]original line[/B]    const/4 v1, 0x1
    [B]modded line[/B]  const/4 v1, 0x0
    
        :goto_0
        return v1
    
        :cond_1
        const/4 v1, 0x0
    
        goto :goto_0

    /com/android/internal/telephony/SMSDispatcher.smali
    Code:
    .field public static final COMPILE_OPTION_CIQ_SUPPORT:Z = true [B]change to false[/B]
    59
    Code:
    [B]/system/app/MyReportAgent.apk[/B] - tell htc
    [B]/system/app/HtcLoggers.apk[/B] - writes to /data/data/com.htc.loggers/. Has a checksu function. [URL="http://forum.xda-developers.com/showpost.php?p=17270348&postcount=44"]Analysis here[/URL]
    [B]/system/app/HTCIQAgent.apk[/B] - IQ agent app. Analysis [URL="http://forum.xda-developers.com/showpost.php?p=17316913&postcount=61"]here[/URL]
    [B]/system/app/CheckinProvider.apk[/B] - HTC Checkin. [URL="http://forum.xda-developers.com/showpost.php?p=17332445&postcount=73"]Analysis here[/URL]
    [B]/system/bin/htcipcd[/B] - HTC IPC server. [URL="http://forum.xda-developers.com/showpost.php?p=17366102&postcount=94"]Analysis here[/URL]
    [B]/system/bin/iqfd[/B] - CIQ frontend daemon. [URL="http://forum.xda-developers.com/showpost.php?p=17365547&postcount=93"]Analysis here  [/URL]
    [B]/system/bin/iqd[/B] - CIQ backend daemon. [URL="http://forum.xda-developers.com/showpost.php?p=17365391&postcount=92"]Analysis here[/URL]
    [B]/system/bin/androidvncserver[/B] - VNC remote screen display
    [B]/system/bin/usbnet[/B] - config for local vnc
    [B]/system/lib/libciq_client.so[/B] - ciq client lib
    [B]/system/lib/libciq_htc.so[/B] - ciq lib
    [B]/system/lib/libhtciqagent.so[/B] - ciq agent lib
    [B]/system/etc/iqprofile.pro[/B] - has a url for [url]https://collector.iota.spcsdns.net:10003/collector/c[/url]
     
    GSM/OTHER ROMS(For now)
    [B]/system/app/RamdumpEnabler.apk"[/B]
    [B]/sys/lib/libhtc_ramdump.so[/B]
    [B]/system/app/NetLogger.apk[/B]
    [B]/sys/lib/libhtc_netlogger.so[/B] - writes to /data/data/com.htc.android.netlogger/.  Uses TCPDUMP!??!?!?!??!?!?! (SEE WIRESHARK)

    Build.prop
    Code:
    [B]ril.iq.quickboot=1[/B] - IQ start 
    
    # Disable checkin/profiling services
    ro.config.htc.nocheckin=1
    ro.config.nocheckin=1
    profiler.force_disable_err_rpt=1
    profiler.force_disable_ulog=1
    
    
    [B]ALL OF THESE MIGHT NOT NEED TO BE REMOVED[/B]
    id guess at crash/checkin being bad.  replace url with http://127.0.0.1  so you dont go to defaults.
    # For FOTA setting (leave empty value to use default)
    ro.htc.checkin.url = http://andchin.htc.com/android/checkin
    ro.htc.checkin.crashurl = http://andchin.htc.com/android/crash
    ro.htc.checkin.url_CN = http://andchin.htccomm.com.cn/android/checkin
    ro.htc.checkin.crashurl_CN = http://andchin.htccomm.com.cn/android/crash
    ro.htc.checkin.exmsg.url = http://fotamsg.htc.com/android/extra/
    ro.htc.checkin.exmsg.url_CN = http://fotamsg.htccomm.com.cn/android/extra/
    ro.htc.appupdate.url = http://apu-chin.htc.com/check-in/rws/and-app/update
    ro.htc.appupdate.url_CN = http://apu-chin.htccomm.com.cn/check-in/rws/and-app/update
    ro.htc.appupdate.exmsg.url = http://apu-msg.htc.com/extra-msg/rws/and-app/msg
    ro.htc.appupdate.exmsg.url_CN = http://apu-msg.htccomm.com.cn/extra-msg/rws/and-app/msg

    PLACES IN KERNEL/RAMDISK
    PLEASE HAVE YOUR KERNEL DEV DISABLE STUFF IN THIS POST - http://forum.xda-developers.com/showpost.php?p=17327620&postcount=68

    In ramdisk remove the following
    Code:
    #for CIQ ipc
    mkdir /app-cache/ciq 0711 root system
    mkdir /app-cache/ciq/socket 0777 root system
    
    # HTC IPC server
    service htcipcd /system/bin/htcipcd
        user root
        group root system
    
    # CIQ backend daemon
    service iqd /system/bin/iqd
        user root
        group root system
    
    # CIQ frontend daemon
    service iqfd /system/bin/iqfd
        user root
        group root system
    
    
    service htc_ebdlogd /system/bin/htc_ebdlogd -s -k -P 7
        user root
        disabled
        oneshot
        ioprio idle 0
    
    service htc_ebdlogd_rel /system/bin/htc_ebdlogd -s -k
        user root
        disabled
        oneshot
        ioprio idle 0
    
    
    on property:ril.iq.quickboot=1
        start iqfd
        start iqd
    
    
    # for vnc
    service androidvncserver /system/bin/androidvncserver -a
        disabled
        oneshot
    
    service usbnet /system/bin/usbnet on
        disabled
        oneshot

    While your in ramdisk, you will want to change default.prop. Here we can hide our bootloader and unlock state from being reported to htc/sprint/google/whoever else. See - http://forum.xda-developers.com/showpost.php?p=18754843&postcount=279 The following two should be set in default.prop:
    Code:
    ro.lb=unknown
    ro.bootloader=unknown

    DIRECTORIES/ FILES USED:
    After making all above changes, remove anything in the below directories than reboot. Make sure nothing new is being added

    Code:
    /data/anr/
    /data/data/com.android.htcprofile/
    /cache/recovery/
    /data/wimax/log/
    /devlog
    /data/system/usagestats
    /data/system/appusagestats
    /data/system/dropbox
    /data/system/userbehavior.db
    /data/system/userbehavior.xml
    /app-cache/ciq/
    /app-cache/iqserver
    /data/misc/agent_htc/
    /data/data/com.htc.loggers/

    For safety you can chmod 400 or 000. Doing this alone without above framework changes will result in errors on write

    How to tell Services running on phone
    Code:
    adb reboot
    adb shell
    logcat | grep Service

    also make sure you dont see iq stuff here
    Code:
    adb shell
    getprop | grep svc
    58

    /com/android/server/ulog:
    Utils.smali-

    .method static isTellHtcEnableAutoSend(Landroid/content/Context;)Z
    Code:
        .locals 4
    
    [B]original:[/B]    const/4 v3, 0x1
    [B]modded:[/B]    const/4 v3, 0x0

    .method static isUserProfilingSettingEnabled(Landroid/content/Context;)Z
    Code:
        .locals 4
    
    [B]original:[/B]    const/4 v3, 0x1
    [B]modded:[/B]    const/4 v3, 0x0



    UserBehaviorLoggingService.Smali
    Code:
    [B]original:[/B]    const/4 v0, 0x1
    [B]modded:[/B]  const/4 v0, 0x0
        iput-boolean v0, p0, Lcom/android/server/ulog/UserBehaviorLoggingService;->mEnableHTCUBLog:Z

    PolicyStore$DefaultPolicyLoader.smali- Defaults for database on what to log.

    There are 10000s of changes I made, just search for "1" and change to "0" (for the most part) These are the trigger actions

    There are also 2 IPs, change to 127.0.0.1
    Code:
        const-string v2, "policy"
    
        const-string v3, "url"
    
        const-string v5, "175.41.155.212:2021"
    Code:
        const-string v2, "log"
    
        const-string v3, "url"
    
        const-string v5, "175.41.164.137:8000"

    /com/android/server/ServerThread.smali- Dropbox/Userbehavior Disable
    Code:
        invoke-direct {v9, v6, v10}, Lcom/android/server/DropBoxManagerService;-><init>(Landroid/content/Context;Ljava/io/File;)V
    
    [B]original:[/B] invoke-static {v5, v9}, Landroid/os/ServiceManager;->addService(Ljava/lang/String;Landroid/os/IBinder;)V
    [B]modded:[/B]     invoke-static {v5, v9}, Landroid/os/ServiceManager;->deleteService(Ljava/lang/String;Landroid/os/IBinder;)V
    Code:
        invoke-direct {v9, v6}, Lcom/android/server/ulog/UserBehaviorLoggingService;-><init>(Landroid/content/Context;)V
    
    [B]original:[/B]    invoke-static {v5, v9}, Landroid/os/ServiceManager;->addService(Ljava/lang/String;Landroid/os/IBinder;)V
     [B]Modded:[/B]      invoke-static {v5, v9}, Landroid/os/ServiceManager;->deleteService(Ljava/lang/String;Landroid/os/IBinder;)V


    /com/android/server/am/HtcAppUsageStatsService.smali - this is the dreaded HTC logging that has no off switch. This is the only way I could disable by replacing full methods with nulls.
    Code:
    [B]remove all old junk and make these methods look exactly like this:[/B]
    .method public notePackageRemoved(Ljava/lang/String;Ljava/lang/String;)V
        .locals 0
    
        return-void
    .end method
    
    .method public notePauseActivity(ILjava/lang/String;)V
        .locals 0
    
        return-void
    .end method
    
    .method public noteRecentTaskChange(Lcom/android/server/am/TaskRecord;)V
        .locals 0
    
        return-void
    .end method
    
    .method public noteResumeActivity(ILjava/lang/String;ZZ)V
        .locals 1
    
        return-void
    .end method
    
    .method public noteResumeActivity_pkg(ILjava/lang/String;Ljava/lang/String;ZZ)V
        .locals 1
    
        return-void
    .end method
    
    .method public publish(Landroid/content/Context;)V
        .locals 0
    
        return-void
    .end method


    .method public registerAppLaunchObserver(Lcom/android/internal/os/IHtcAppLaunchObserver;)V
    Code:
        .locals 5
        .annotation system Ldalvik/annotation/Throws;
            value = {
                Landroid/os/RemoteException;
            }
        .end annotation
    
    [B]original line:[/B]     if-nez p1, :cond_0
    [B]modded line:[/B] if-eqz p1, :cond_0