CarrierIQ: Most Phones Ship With "Rootkit"

First time accepted submitter Kompressor writes "According to a developer on the XDA forums, TrevE, many Android, Nokia, and BlackBerry smartphones have software called Carrier IQ that allows your carrier full access into your handset, including keylogging, which apps have been run, URLs that have been loaded in the browser, etc." Since this was submitted, a few more details have come to light. The software was designed to give carriers useful feedback on aggregate usage patterns, but the software runs as root and the privacy implications are pretty severe.

Re:So

[Rootkit]

http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/ [androidsecuritytest.com] The bottom of this page has a section about detection including an app to detect hidden UIs.

Re:Really?

[Smallpond]

" By entering this Agreement, you consent to our data collection, use and sharing practices described in our Privacy Policy available at verizon.com/privacy." -- from Verizon Customer Agreement

That's why.

Samsung Vibrant

[oakgrove]

When I rooted my Vibrant and stripped out CIQ, the performance went through the roof. Logging every single thing a user does takes a toll apparently.

Re:Cyanogen

[oakgrove]

I put Cyanogen on my Samsung Vibrant. It has "removed carrier iq" in the release notes.

Re:but but but... Apple

[strech]

And you're sure of this why?
And from geek.com (http://www.geek.com/articles/mobile/how-much-of-your-phone-is-yours-20111115/):

Currently, Trevor has found CarrierIQ in a number of Sprint phones, including HTC and Samsung Android devices. CarrierIQ is confirmed to be found on the iPhone or on feature phones, but Trevor has found RIM’s Blackberry handsets and several Nokia devices with CarrierIQ on board as well.

This may just be a terribly worded sentence and CarrierIQ isn't on the iPhone (and I can't find any other cites), but even if this specific software isn't there, that doesn't mean other software that does the same thing under the excuse of "improving the network" isn't. Further, "Apple doesn't engage in abuse <x>" is a bullshit excuse for other problems.

Re:but but but... Apple

[sootman]

You don't even need to go as far as the EULA -- iOS 5 actually asks you during setup if you want to allow usage data to be sent.
http://www.thewwwblog.com/wp-content/uploads/2011/10/ipad-ios-5-diagnostics-7.jpg [thewwwblog.com]
(From http://www.thewwwblog.com/apple-ios-5-setup-steps-apple-ipad.html [thewwwblog.com] )

Re:but but but... Apple

[popoutman]

EULAs are not contracts. They are a wishlist by the software writers, and such are part of an honour system. They are not legally binding in sane jurisdictions.

Re:but but but... Apple

[Anonymous Coward]

The iPhone isn't even mentioned (like not at all) in any of the linked articles, so I don't know where you're imagining you read this.

Also, the word you're looking for is spelled "speech".

RMS was right

[SigmundFloyd]

Stallman [slashdot.org] doesn't sound so crazy now...

Re:but but but... Apple

[LoverOfJoy]

CarrierIQ is confirmed to be found on the iPhone

Not directly in the article but in the links within the article.

Here's the direct link: http://www.geek.com/articles/mobile/how-much-of-your-phone-is-yours-20111115/ [geek.com]

Re:Doesn't Matter

[gauauu]

What Marcos said. Android is not "open source". It's "kinda sorta open to downstream proprietors, but not to end users", which is not open source at all.

Well, it's not "free" according to GPLv3 (android devices can be Tivo'ised preventing you from running modified code), but anyone can download the android source and modify and rebuild it. If your device supports it (many do), you can run your modified code on your device. I'm not sure how you can say Android isn't open source, as that's pretty much the definition of open-source.

Now you could argue that it's not "free" as defined by RMS and the FSF, and you'd have a decent argument. But claiming it's not open source is just incorrect.

Re:2 Questions

[compro01]

1. Ask around basically.

2. a guy on xdadevs whomped up an app to detect (requires root) and remove (requires root and 99 cent donation) CIQ, among other things. http://forum.xda-developers.com/showpost.php?p=17612559&postcount=109 [xda-developers.com]

Re:A troll, by any other name would smell as awful

[jeffmeden]

"CarrierIQ is confirmed to be found on the iPhone or on feature phones, but Trevor has found RIM’s Blackberry handsets and several Nokia devices with CarrierIQ on board as well." This would be so poorly worded otherwise, that it is hard to believe that the author didn't simply mean to write "not confirmed". That, and all of the articles by Trevor (and those in the scene) make NO mention at all about the iPhone.

Re:RMS was right

[Anonymous Coward]

Being right and being crazy aren't mutually exclusive.

Re:but but but... Apple

[BitZtream]

iOS is mostly closed and analysis tools can't be installed without jailbreaking, how do we know what's going on in there?

Uhm ... Its been jailbroken so we can just look, just like you would on a rooted android device?

Besides, does nobody remember the iPhone location privacy fiasco?

No, cause there wasn't one. It wasn't anything even slightly malicious. The only person with direct access to it was the phone owner and the person with unencrypted backups of the phone, which was also likely the owner. I'm pretty sure the owner knew where the phone was anyway, which makes the whole thing a nonpoint.

It's just idiots like you who keep pretending it was some big deal because your to ignorant to realize it wasn't a threat.

Re:but but but... Apple

[Drakino]

You mean the smartphone location fiasco where it was discovered that *gasp* AGPS caches data on phones, including Android, Blackberry, iPhone and WebOS? Yep. Typical internet echo chamber amplification that turned it into an attack point for fanboys who didn't actually do any research.

Apple did have one legitimate bug in the situation. The cache was in a folder marked for backup to computers, due to it living in the same location as the settings file to toggle what apps can use location data. This was fixed, and the cache was reduced. I personally preferred the old cache time, since it meant my phone found my location when I wanted it to quicker. But they bowed to the pressure from the echo chamber anyhow.

Re:Doesn't Matter

[Anonymous Coward]

Now you could argue that it's not "free" as defined by RMS and the FSF, and you'd have a decent argument. But claiming it's not open source is just incorrect.

Actually, you wouldn't have a decent argument. "Free software" and "open source", as defined by the FSF and OSG respectively, are as near semantically equivalent as you can get, including a whole slew of permissive licenses like Apache. The term Stallman uses for GPL (and similarly restrictive licenses) is "copyleft", which is either a horrible pun or a misunderstanding of what "copy" in copyright means (it's a noun, as in "copywriter", referrring to the work, not a verb meaning to duplicate)

And of course Android is not copyleft, and nobody would argue it is. Then again, neither is netBSD, and I somehow do fine with that on my home desktop with no worries of rootkits. Conversely, even copyleft doesn't prevent tivoisation per se, which is why GPLv2 is still considered a copyleft license.

The big problem is tivoisation, implemented as locked-down bootloaders in many phones, preventing you from compiling and installing your own non-rootkitted software. If the only thing stopping the vendor from rootkitting you is the trust that they will really comply with the GPL and release full source (including the big-brother patches, which may well be "protected" as state secrets, if they're sharing collected info with the right people), you should assume you're rootkitted already. A secondary problem is the proprietary platform-specific drivers and codecs, making it difficult to get full functionality of the hardware with your own non-rootkitted software (and copyleft does help alleviate this, by making it more effort to separate binary blobs far enough to comply), but between reverse-engineering and dropping these blobs wholesale into your new system (on the theory that, say, an h.264 DSP codec is unlikely to be a spy platform), this is less of an issue than the locked-down bootloaders.

Re:Doesn't Matter

[lindi]

cyanogenmod claims to have 745,259 users currently. I am not sure if it is completely free or not but clearly more than 10000 users are using unofficial and modified version.

Re:Doesn't Matter

[farble1670]

Why should I drop it?

because it's not a valid grievance. google didn't sign some binding agreement with the users of the world to make all android open source, all the time, immediately. compared to apple or msft they are freaking saints (w/ regard to OSS), but it's never good enough huh? can't you be just as little positive about the fact that a company is pouring millions of dollars of resources into a platform and then just giving it away? of course not, because they aren't going about it on your time table.

OSS is *expensive* for a company. it's not just throwing it over the fence. they have to manage the community, manage contributions, keep the code clean and clear and keep everything perfectly documented for moron consumption. it's much, much more expensive for a company to open source their code than to just keep it internal.

there are good reason why they didn't release 3.0. for one, there were in the middle of restructuring the source code merging the 2.x and 3.x branches. releasing the code in this state would have been confusing to users, but mainly, cause them more work and resources in the long run. that's their prerogative- they are a public company that reserves the right to make make financial decisions.

Re:Doesn't Matter

[sveinungkv]

The newest version of the GPL, version 3 [gnu.org], forbids it. GPLv2 [gnu.org], the license of the Linux kernel, may allow it. Android [android.com] is mostly Apache 2.0.

It's not in my phone.

[ross.w]

I have a Samsung Galaxy SII with the current Australian firmware. Based on the information at http://forum.xda-developers.com/showpost.php?p=11763089 [xda-developers.com] CIQ is not installed. I don't know if the standard Samsung firmware as supplied is the same, but it's one of the things I like about my carrier, Virgin. Their phones really are. With Optus or Telstra YMMV.