• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Video of carrierIQ in action

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
kyrax12 said:
what is the point of CarrierIQ?

Why is it in smartphones?
Click to expand...
Well here is the CEO explaining, but I suspect he is also lying through his teeth about not recording keystrokes for clearly they are being captured and sent.

http://www.youtube.com/watch?v=ofHr8Lv5cNk&feature=related

Guess it's time to research all the possible URL's and how to edit the hosts file in my phone. Have already added 'carrieriq.com' to my blocked list on openDNS account, which at least blocks them when I'm using my home WiFi.
 
Last edited:
MtnMan said:
Well here is the CEO explaining, but I suspect he is also lying through his teeth about not recording keystrokes for clearly they are being captured and sent.

http://www.youtube.com/watch?v=ofHr8Lv5cNk&feature=related

Guess it's time to research all the possible URL's and how to edit the hosts file in my phone. Have already added 'carrieriq.com' to my blocked list on openDNS account, which at least blocks them when I'm using my home WiFi.
Click to expand...

If you believe the CEO, then read this...
http://www.xda-developers.com/android/carrier-iq-sues-treve/

they stopped their lawsuit after the EFF contacted them and the internet started talking about CIQ
http://www.cfoworld.com/technology/26143/carrier-iq-drops-legal-threat-against-security-researcher

From what I read VZW said they dont use CIQ on any of their phones on twitter.
 
Last edited:
shabby said:
WelshBloke said:
Just because a phone doesn't have carrier IQ doesn't mean it wont be doing something similar.
Click to expand...

Great scott! Using that logic my calculator could be logging my additions and subtractions!
Click to expand...

Well if your calculator had network connections thats quite possible. 😉

Seriously though phones have been logging stuff before carrier IQ came along and will probably be doing it afterwards as well.
 
WelshBloke said:
Well if your calculator had network connections thats quite possible. 😉

Seriously though phones have been logging stuff before carrier IQ came along and will probably be doing it afterwards as well.
Click to expand...
That's pretty much assumed, but did anyone expect that data that is supposed to be encrypted (SSL) is being captured as clear text.
 
MtnMan said:
That's pretty much assumed, but did anyone expect that data that is supposed to be encrypted (SSL) is being captured as clear text.
Click to expand...

Frankly I'm not keen on anyone logging my data and uploading it to their servers. Once I've lost control of it I'd consider it insecure anyway.
 
WelshBloke said:
Seriously though phones have been logging stuff before carrier IQ came along and will probably be doing it afterwards as well.
Click to expand...

There's logging information that may be useful to the network provider to diagnose problems or identify areas that need additional towers, and then there's logging information that is of no use for those purposes and generally considered an egregious violation of privacy, if not completely illegal.

Why any carrier would even log keystrokes, even if those strokes are not transmitted, is beyond me. The potential for abuse is highly unsettling. Hopefully, this kind of scare will resonate with the general population and we can get enough of an outcry to get better privacy rights put in place.

It's utterly stupid to argue about who did what, when this shouldn't be going on at all. There're reasonable limits to what carriers can collect and even those should be opt-in from the customer, especially if sending the logs counts against data usage.
 
s44 said:
Removing CIQ isn't that hard.
Click to expand...

oh cool! 1% of Android users visits XDA and flash custom ROMS on a daily basis.


WelshBloke said:
Seriously though phones have been logging stuff before carrier IQ came along and will probably be doing it afterwards as well.
Click to expand...

From what I'm reading, CarrierIQ is logging keystrokes. They even log activity under https through wifi. To me, this is a serious offense.
 
Last edited:
Mopetar said:
There's logging information that may be useful to the network provider to diagnose problems or identify areas that need additional towers, and then there's logging information that is of no use for those purposes and generally considered an egregious violation of privacy, if not completely illegal.

Why any carrier would even log keystrokes, even if those strokes are not transmitted, is beyond me. The potential for abuse is highly unsettling. Hopefully, this kind of scare will resonate with the general population and we can get enough of an outcry to get better privacy rights put in place.

It's utterly stupid to argue about who did what, when this shouldn't be going on at all. There're reasonable limits to what carriers can collect and even those should be opt-in from the customer, especially if sending the logs counts against data usage.
Click to expand...

Yeah my point is just because you dont have carrier IQ on your phone doesn't mean your not getting logged up the arse.

I dont have it on my phone but I'm certain Google knows whats in my emails if they want, and my carrier knows whats in my texts if they want. Both Google and my carrier probably know more about my browsing history than I do.
 
Mopetar said:
There's logging information that may be useful to the network provider to diagnose problems or identify areas that need additional towers, and then there's logging information that is of no use for those purposes and generally considered an egregious violation of privacy, if not completely illegal.

Why any carrier would even log keystrokes, even if those strokes are not transmitted, is beyond me. The potential for abuse is highly unsettling. Hopefully, this kind of scare will resonate with the general population and we can get enough of an outcry to get better privacy rights put in place.

It's utterly stupid to argue about who did what, when this shouldn't be going on at all. There're reasonable limits to what carriers can collect and even those should be opt-in from the customer, especially if sending the logs counts against data usage.
Click to expand...
If the logger is built-in and can't be removed or even stopped, then the data is there for the next hacker to harvest.

Remember the Sony root-kit, not only was that egregious enough, but the mechanism Sony used to hide the files could easily be used by any amateur hacker to hide their files. I forget the specific format but it was as simple as starting a file name with $sys$ or similar and it became invisible to any utility, yet could be executed.
 
WelshBloke said:
Yeah my point is just because you dont have carrier IQ on your phone doesn't mean your not getting logged up the arse.
Click to expand...

I'm not disagreeing with you. I just feel like this is a good opportunity to get better privacy laws in place. There are enough people affected by this issue to raise a large level of public awareness. Also, there are probably more than a few people in Congress who own smart phones. A few of them will most likely be livid as hell over the prospect of their phone logging everything they've done on it.
 
Mopetar said:
I'm not disagreeing with you. I just feel like this is a good opportunity to get better privacy laws in place. There are enough people affected by this issue to raise a large level of public awareness. Also, there are probably more than a few people in Congress who own smart phones. A few of them will most likely be livid as hell over the prospect of their phone logging everything they've done on it.
Click to expand...

Yeah but if you just bang on about carrier IQ as if its something unique and new the carriers will just say "sorry we've removed it, our bad" and just carry on doing it by some other method.
 
WelshBloke said:
Yeah but if you just bang on about carrier IQ as if its something unique and new the carriers will just say "sorry we've removed it, our bad" and just carry on doing it by some other method.
Click to expand...

Precisely why laws should clearly define what carriers are allowed to collect and whether or not they need user consent to do so. If it's illegal to replace carrier IQ with anything remotely similar, carriers won't do it, especially if the financial consequences are harsh.
 
Mopetar said:
Precisely why laws should clearly define what carriers are allowed to collect and whether or not they need user consent to do so. If it's illegal to replace carrier IQ with anything remotely similar, carriers won't do it, especially if the financial consequences are harsh.
Click to expand...

I'd completely agree with you, which is why I was saying not to get too hitched up on the carrier IQ part.

Its the unauthorised logging thats the problem not the program thats being used to do it.
 
The CarrierIQ part is just the vehicle that drives the whole discussion forward. There's nothing special about it beyond that. I'm still somewhat surprised that some carriers chose to keep using it after the iOS location data debacle. Apple caught hell over that and that was just over location data.
 
adamantinepiggy said:
Outside of privacy issues, the problem with this root level key logging software is that, although the chances are that carrierIQ might never intends to take advantage of any personal or secure info (like logins and passwords) that is transmitted, unscrupulous crminals can simply hack the paths and/or points to which the data is sent instead of having to directly hack your phone. Why bother hacking the phone since a "legit" company has already provided that part for the bad guys. As was shown in the video, supposedly "secure" https information was logged before it was even encrypted.

All the bad guys need to do is find a way to intercept the data points or data aggregation for the entire wealth of logins to banks, etc, and a bajillion or nice things like blackmailable texts, numbers called, etc, etc. Basically everything you do through your phone since it's logging everything for nefarious reasons (rather than simple dumb corporate advertising/sales reasons).

If I was a nefarious hacker, I would be giggling with joy at a new single source of getting all that info, rather than having to trick you or hack your phone. And the worst part is that you'd never know it or even have a chance to prevent it since the majority of customers are clueless that their phones is logging every damn thing they do and sending it to a third party..
Click to expand...

that's not the real problem. The real problem is the fallout among government agencies that were treating Android and iPhone as "secure". Now if you can gain physical access to his android, you can enable debug mode when he's not looking, then come back a day later and nab his passwords.
 
And this is why I hate US carriers. Though my ROMs have had it removed for months it still pisses me off that US carriers do this crap.
 
soccerballtux said:
that's not the real problem. The real problem is the fallout among government agencies that were treating Android and iPhone as "secure". Now if you can gain physical access to his android, you can enable debug mode when he's not looking, then come back a day later and nab his passwords.
Click to expand...

Its not Android or iPhone. Its 3rd party software thats installed on it.
 
To me, at least, it's still far from clear what data CIQ actually keeps and sends.

There are lots of videos and demonstrations of CIQ receiving and processing keystrokes. However, I've not yet come across any article or video which shows that those keystrokes are actually *logged*. So far, all that has been shown is that the CIQ app receives data about keystrokes, web browsing, text messages, etc. but it is far from clear what it actually does with that data.

So far, no one has actually demonstrated either a keylog file/URL log file/SMS log file, or a transmission of such data. Based on what the CEO of CIQ says, I suspect that the app just transmits statistics, or information on "quality" events (like the battery running out, or a call being dropped).

Even apple has stated that they use CIQ, and apparently, all the app does is collect statistics - but does doesn't actually transmit them to apple (at least, not by default).
 
So from this link it looks like its just Apple and HTC that install it themselves and the carriers AT&T, Sprint and T Mobile US that request it on their phones.

Any more info out there?
 
I've tried the Carrier IQ test app, it didn't find anything on my international Galaxy S2 and I'm running TouchWiz stock.
There are a lot of reports from people that Carrier IQ isn't present on the regular AT&T Galaxy S2 version as well, but many say that it is present on the SkyRocket LTE.

I doubt CarrierIQ is unique. If Verizon, Microsoft, Google Nexus, and others aren’t using CarrierIQ, they may well be using a similar product with a different name. Or maybe they do the same thing, but in-house.
Luckily for me, I'm one of those overly paranoid people that hasn't installed "mobile banking" apps or accessed my bank's website on my smartphone yet.

Since my international Galaxy S2 doesn't have Carrier IQ installed and since I'm already overly paranoid to begin with, it looks like I have nothing to be worried about.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top