• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Video of carrierIQ in action

I am going to assume those of us running a custom ROM are "safe"?


Motorola really needs to unlock those bootloaders... my OG Droid needs to be retired!
 
podspi said:
I am going to assume those of us running a custom ROM are "safe"?

Motorola really needs to unlock those bootloaders... my OG Droid needs to be retired!
Click to expand...

If you installed your custom ROM recently, you should be. I know that with my phone, the ROM chefs didn't figure out how to disable CIQ immediately, so some early ROMs still have it. All the popular ones released in the past 8 or so months have it removed though. The only recent ROMs that might still have it are stock ROMs, but even then most "stock" ROMs only LOOK stock and have a number of under-the-hood tweaks such as disabling CIQ.

And agreed on the locked bootloaders. I don't know why anyone does it. It's not like ROM hackers represent an extremely large percentage of smartphone users, and installing a custom ROM has never done any damage to a phone maker. Even phones and tablets with locked bootloaders have root exploits and people install new launchers and delete existing software pretty regularly, so it doesn't prevent anyone from removing bloatware if that's what they're trying to do. And it probably makes things worse from a service standpoint since in most cases, the harder a phone is to hack, the easier it is to brick.
 
WelshBloke said:
I'd be quite happy to bet that all stock phones from all manufacturers do this to some extent regardless of OS.
Click to expand...
Nope. Evil US carriers. The Rogers firmware for the SGS2 LTE (Skyrocket) has no Carrier IQ, while the hardware-identical AT&T one does.

And, as an editorial I read this morning points out: Nexus.
 
s44 said:
Nope. Evil US carriers. The Rogers firmware for the SGS2 LTE (Skyrocket) has no Carrier IQ, while the hardware-identical AT&T one does.

And, as an editorial I read this morning points out: Nexus.
Click to expand...

Just because a phone doesn't have carrier IQ doesn't mean it wont be doing something similar.
 
Is it actually recording or just monitoring?

Everyone has been saying "logging" but this is him turning on debug mode, no? Not to say that makes it any better, but it's an important distinction for now, I feel.
 
podspi said:
I am going to assume those of us running a custom ROM are "safe"?
Click to expand...

Majority of rom "developers" are dubbed winzip developers, they take a stock rom, add/remove some apps, add a kernel/modem/theme they like and zip it up and release it. So no, a custom rom is not safe unless ciq is specifically ripped out, and only a handful of developers are capable of doing this.

WelshBloke said:
Just because a phone doesn't have carrier IQ doesn't mean it wont be doing something similar.
Click to expand...
Great scott! Using that logic my calculator could be logging my additions and subtractions!


randomlinh said:
Is it actually recording or just monitoring?
Everyone has been saying "logging" but this is him turning on debug mode, no? Not to say that makes it any better, but it's an important distinction for now, I feel.
Click to expand...

The "submit" and "pushtociq" "smstociq" words from the logs almost suggest that these are being sent. Debug mode simply gives you the ability to query and send commands to the phone.
 
Last edited:
shabby said:
Majority of rom "developers" are dubbed winzip developers, they take a stock rom, add/remove some apps, add a kernel/modem/theme they like and zip it up and release it. So no, a custom rom is not safe unless ciq is specifically ripped out, and only a handful of developers are capable of doing this..
Click to expand...

I'm using ChevyNo1's Simply Stunning. If anybody could do it, it would be him 😎.

Although I don't think he did, SS is based off of CyanogenMod, which is built from source. So yay.

Has anybody found any references to CIQ in any privacy agreements? I never saw any myself. This could turn into a class-action lawsuit if this news picks up steam.
 
kyrax12 said:
what is the point of CarrierIQ?

Why is it in smartphones?
Click to expand...

supposed to be used for diagnostics, but it looks like the carriers are taking it too far

ideally it's supposed to collect a minimum set of data for carriers to get data about issues in their networks, usage and bugs to keep developing the OS, etc
 
sciwizam said:
Looks like iOS also has it..

Carrier IQ references discovered in Apple's iOS

Check @chpwn for more info

https://twitter.com/#!/chpwn
Click to expand...

iOS has it, but its not as bad as Android. On iOS it only works when its in diagnostic mode and its disabled by default.

"It’s present on nearly all Android devices, but not Galaxy Nexus, Google Nexus One, Nexus S, or the Motorola Xoom. It’s also present on iOS devices, but it seems to be active only when the device is in diagnostic mode." -Mashable

When Apple caught flak for the geo tracking Steve said that Android does too, I guess it was true.
 
Outside of privacy issues, the problem with this root level key logging software is that, although the chances are that carrierIQ might never intends to take advantage of any personal or secure info (like logins and passwords) that is transmitted, unscrupulous crminals can simply hack the paths and/or points to which the data is sent instead of having to directly hack your phone. Why bother hacking the phone since a "legit" company has already provided that part for the bad guys. As was shown in the video, supposedly "secure" https information was logged before it was even encrypted.

All the bad guys need to do is find a way to intercept the data points or data aggregation for the entire wealth of logins to banks, etc, and a bajillion or nice things like blackmailable texts, numbers called, etc, etc. Basically everything you do through your phone since it's logging everything for nefarious reasons (rather than simple dumb corporate advertising/sales reasons).

If I was a nefarious hacker, I would be giggling with joy at a new single source of getting all that info, rather than having to trick you or hack your phone. And the worst part is that you'd never know it or even have a chance to prevent it since the majority of customers are clueless that their phones is logging every damn thing they do and sending it to a third party..
 
Oops double posted sorry! Can't figure out how to delete it..

Outside of privacy issues, the problem with this root level key logging software is that, although the chances are that carrierIQ might never intends to take advantage of any personal or secure info (like logins and passwords) that is transmitted, unscrupulous crminals can simply hack the paths and/or points to which the data is sent instead of having to directly hack your phone. Why bother hacking the phone since a "legit" company has already provided that part for the bad guys. As was shown in the video, supposedly "secure" https information was logged before it was even encrypted.

All the bad guys need to do is find a way to intercept the data points or data aggregation for the entire wealth of logins to banks, etc, and a bajillion or nice things like blackmailable texts, numbers called, etc, etc. Basically everything you do through your phone since it's logging everything for nefarious reasons (rather than dumb corporate advertising/sales reasons).

If I was a nefarious hacker, I would be giggling with joy at a new single source of getting all that info, rather than having to trick you or hack your phone. And the worst part is that you'd never know it or even have a chance to prevent it since the majority of customers are clueless that their phones is logging every damn thing they do and sending it to a third party..
 
shabby said:
Majority of rom "developers" are dubbed winzip developers, they take a stock rom, add/remove some apps, add a kernel/modem/theme they like and zip it up and release it. So no, a custom rom is not safe unless ciq is specifically ripped out, and only a handful of developers are capable of doing this.
Click to expand...

Then again, a lot of them also base their roms on other custom roms, which may have CIQ removed.

But you're right, to be safe you have to make sure you read everything the developer writes about the rom and if he doesn't mention that CIQ is removed, assume that it isn't.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top