So, guess our phones are spying on us??

AmberLee

High Five Champion
Jun 28, 2008
556
0
96
Pennsylvania
#1
Sorry if this is posted already, I swear I did a search :angel:

http://gizmodo.com/5863849/your-android-phone-is-secretly-recording-everything-you-do?autoplay
:wtf:
Your Android Phone Is Secretly Recording Everything You Do (Updated)
If you have any decently modern Android phone, everything you do is being recorded by hidden software lurking inside. It even circumvents web encryption and grabs everything—including your passwords and Google queries.

Worse: it's the handset manufacturers and the carriers who—in the name of "making your user experience better"—install this software without any way for you to opt-out. This video, recorded by 25-year-old Android developer Trevor Eckhart, shows how it works. This is bad. Really bad.

Update: Nokia wrote to us saying that Carrier IQ's spyware is not included in any of their cellphones.
Fast forward to 9:00 for the damning sequence.

The spying software is developed by a company called Carrier IQ. In their site, the company says they are "the only embedded analytics company to support millions of devices simultaneously, we give Wireless Carriers and Handset Manufacturers unprecedented insight into their customers' mobile experience."

Who has this problem?

It seems like a good goal and, indeed, most manufacturers and carriers agree: according to Eckhart, the spyware is included in most Android phones out there.

Eckhart claims that Carrier IQ software is also included in Blackberry and Nokia smartphones too. It probably works exactly the same in those smartphones as well. However, there's no proof showing these problems in those phones. There's no mention about Apple's iPhone.

It also doesn't even matter if your telephone was purchased free of carrier contracts. As Eckhart shows in this video, it's always there.

The problem is that it does a lot more than log anonymous generic data. It grabs everything.

How does it work?

Carrier IQ's software is installed in your phone at the deepest level. You don't know it's there. You are never warned this is happening. You can't opt-in and you certainly can't opt-out.

The commercial spyware sits between the user and the applications in the phone so, no matter how secure and private your apps are, the spyware intercepts anything you do. From your location to your web browsing addresses and passwords to the content of your text messages.

This even happens using a private Wi-Fi connection instead of the carrier 3G or 4G connection.

The company denied all this in a public statement (PDF):

While we look at many aspects of a device's performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools

But the video clearly demonstrates that this is not true: Keystrokes submit unique key codes to Carrier IQ. Even secure connections are intercepted by the spyware, allowing it to record your moves in the open. These connections to the web are encrypted but, since Carrier IQ's spyware sits between the browser and the user, it grabs it and sends it in plain text.

The spyware can even log your location, even if the user declines to allow an app to know where it is. The hidden Carrier IQ app ignores your desires, intercepts the data and gets your location anyway.

What can you do to avoid it?

Unfortunately, not much. The hidden spyware is always running, and there's no option in any of the menus to deactivate it. Unless you're a grade-A blackbelt hacker, you're out of luck. Even Eckhart, who is a developer, finds it difficult to remove:

Why is this not opt-in and why is it so hard to fully remove?

It's an excellent question. One that urgently needs an answer, from Carrier IQ but especially from every handset manufacturer and carrier involved in this situation.

The solution to this problem is not installing a custom ROM. That's something that shouldn't be required from consumers, something that normal people will not be willing to do. Products must respect privacy rights out of the box. Consumers must be informed about this the moment they turn on their phones in a clear way. They should have the possibility to opt-in and opt-out whenever they want, with a single click. This matter should be solved now by Carrier IQ, the handset manufacturer and the carriers.

If it isn't solved as soon as possible, authorities in the US and Europe should nail them with everything they have. [Twitter, Android Security Test, EFF and Carrier IQ via Threat Level]

Update from Nokia's PR firm Next15, Gretchen Bender: I know you've followed today's news that software from CarrierIQ has been found on Nokia devices. I wanted to quickly reach out following your story to let you know that in fact, CarrierIQ does not ship products for any Nokia devices. Therefore, these reports are inaccurate.
 

whiskeyguy

PR representative for Drunk Whiskeyguy.
Donator
Jan 12, 2010
36,412
22,047
398
Northern California
#2
Worse: it's the handset manufacturers and the carriers who—in the name of "making your user experience better"—install this software without any way for you to opt-out
Um, not buying these phones seems like a pretty damn good way to "opt-out" if you're that worried about it.
 
Mar 2, 2005
6,781
126
578
chicago
#4
shits been plastered all over G+ all week. all i can say is why would anyone use a phone in out of box stock condition anyway.

plus its been found on b;ackberry, winmo and supposedly nokia. of course apple has a proprietary spyware app.
 

Motor Head

HIGHWAY TRASH REMOVAL
Jan 23, 2006
10,385
419
243
Land of hicks and rubes.
#5

That's it, I'm fucking out. Give me back my beloved brick phone. I never left it in my pocket and had it go through the washing machine.
 

Josh_R

Registered User
Jan 29, 2005
5,847
458
578
Akron, Ohio
#7
shits been plastered all over G+ all week. all i can say is why would anyone use a phone in out of box stock condition anyway.

plus its been found on b;ackberry, winmo and supposedly nokia. of course apple has a proprietary spyware app.
Because not everyone likes voiding their warranty on their $600 phone the day that they get it, and because not everyone is a tech expert who feels comfortable hacking a phone.
 

blazin

Registered User
Dec 9, 2004
3,893
421
578
#8
Two words: Cyanogen Mod.
I tried it, lacked alot of features i was used to on the stock EVO ROM.

Got some of those features back via 3rd party apps, but still was buggy so I ditched it and went back to stock ROM.

Might check out a stripped stock ROM.
 

ruckstande

Posts mostly from the shitter.
Apr 2, 2005
14,993
4,504
678
South Jersey
#9
I tried it, lacked alot of features i was used to on the stock EVO ROM.

Got some of those features back via 3rd party apps, but still was buggy so I ditched it and went back to stock ROM.

Might check out a stripped stock ROM.
Stock Nocturnal.
 

Hate & Discontent

Yo, homie. Is that my briefcase?
Aug 22, 2005
15,777
1,343
628
#11
I tried it, lacked alot of features i was used to on the stock EVO ROM.

Got some of those features back via 3rd party apps, but still was buggy so I ditched it and went back to stock ROM.

Might check out a stripped stock ROM.
I have had a few glitches with my OG Droid and CM, but nowhere near as many as the stock ROM. It had everything out the gate that I needed, though, and a few improvements.
 

Don the Radio Guy

G-Bb-A-D
Donator
Mar 30, 2006
69,628
5,081
568
Wyoming
#12
Some of us also have Android phones that no one has bothered making a custom ROM for yet.
 

CousinDave

Registered User
Dec 11, 2007
25,297
198
393
Ohio
#13
They don't need to do this, they already track us through the Fluoride that;s in the water supply
 

CousinDave

Registered User
Dec 11, 2007
25,297
198
393
Ohio
#14
They don't need to do this, they already track us through the Fluoride that;s in the water supply
 
Mar 2, 2005
6,781
126
578
chicago
#15
Some of us also have Android phones that no one has bothered making a custom ROM for yet.
Because not everyone likes voiding their warranty on their $600 phone the day that they get it, and because not everyone is a tech expert who feels comfortable hacking a phone.
Um, not buying these phones seems like a pretty damn good way to "opt-out" if you're that worried about it.
whiskey has the answer

Sucks. Buggy as all hell.
no better rom then pure android, aosp is the way to go
 

blazin

Registered User
Dec 9, 2004
3,893
421
578
#16
Is there a ROM that has HTC Sense included for the EVO?
 

Yesterdays Hero

She's better than you, Smirkalicious.
Jan 25, 2007
16,435
3,943
571
Canada. Land of the Fat.
#20
This is bad. Really really bad.
No, no it's not. Not only do I have zero use for an Android Phone, I have zero use for a cell phone. The amount of people I keep in contact with on a daily basis is under 6, and the total people I give 2 shits about beyond myself at any given time is 5. That's including myself. If I'm not at home, then I'm out. And if I'm out, I'm doing shit with someone and don't want to listen to your cunting phonecall.

I adore not having a cell phone. Even when I'm done school and working again, I'll still have no use for it, as I'll either be by a landline or at home.

People look at me like I'm batshit insane when I say I've never sent a text. I couldn't imagine sending one. What the fuck am I going to say? 'Wut do u want to eet for fud 2dy?' Uuuch. Die.

It's most likely that I'm crotchety and old. Thank god for it. Inane babble of the stupid things is annoying. Especially when two gooks are texting each other, when they're standing beside each other. Because talking is lame.

Hope it all gets recorded, and more people bitch about it.
 

Party Rooster

Unleash The Beast
Apr 27, 2005
40,304
7,454
438
The Inland Empire State
#22
Um, not buying these phones seems like a pretty damn good way to "opt-out" if you're that worried about it.
WTF? It's not exactly like the manufacturers/carriers are upfront about what all this is.

Because not everyone likes voiding their warranty on their $600 phone the day that they get it, and because not everyone is a tech expert who feels comfortable hacking a phone.
That's the biggest misconception. Technically yes, but I've never heard of it enforced. But if you brick your device there's no way they can really tell at the store. The carriers simply just hand you a new phone because it's good customer service. My daughter took hers in for a headphone jack issue and they fixed it no problem. And they knew it was rooted because the guy at the store had a conversation with her about the pros and cons of her rom since he had the same phone.

Some of us also have Android phones that no one has bothered making a custom ROM for yet.
If you're rooted, you can at least take care of the CIQ problem with this:
FOR HTC PHONES ONLY!!!

There's also an app to check for it and remove it for people that aren't as tech-savvy. Not sure if it's only for my specific HTC phone, but it will probably brick a Samsung or Motorola phone. Have a current nandroid backup if you're trying it for anything other than an Evo 3D.
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110

I wasn't really worried so much about the data collection, I just don't like having background apps chewing up battery power and resources. Luckily, most rom builders for my phone have already included the CIQ removal in their builds now anyway.

Edit:
That's the same app I posted. Again, don't use it if you've got anything other than an HTC phone.
 
Mar 2, 2005
6,781
126
578
chicago
#23
i ran it on a rooted samsung intrepid and it worked fine, i also ran it on my NS4G just for the fuck of it and ....of course....not an issue to be had
 
Mar 2, 2005
6,781
126
578
chicago
#25
sorry meant intercept. theres an intrepid parked in front of my house tho