Reply to topic  [ 16 posts ]  Go to page 1, 2  Next
Is Carrier IQ on your phone? 
Author Message
Doesn't have much of a life
User avatar

Joined: Fri Apr 24, 2009 12:43 pm
Posts: 1798
Location: Manchester
Reply with quote
Apparently this has been rumbling on for a while, but this is the first I've heard about it.
Everything You Need To Know About The Carrier IQ Privacy Controversy (So Far)

Quote:
A few days ago Carrier IQ was discovered living on Android smartphones by developer Trevor Eckhart. Eckhart found that Carrier IQ has the ability to track everything you do on your smartphone, including web pages you visit, texts you send, even the keys you press, and send them off to a third party...

...Over the next few weeks Carrier IQ was reportedly discovered on Nokia, Samsung, HTC, BlackBerry, and even iPhone smartphones, drawing criticism from smartphone owners and privacy advocates.


Also,
What is Carrier IQ? Is My Phone Spying On Me?

Plus,
How to turn off Carrier IQ on your iPhone

If this was on your PC, wouldn't it be classed as malware or a keylogger? Seems like it's the networks, and not the manufacturers, that are insisting on it being on our smartphones.

So, comments? Harmless piece of software, or something to be concerned about?

_________________
* Steve *

* Witty statement goes here *


Fri Dec 02, 2011 11:03 am
Profile
I haven't seen my friends in so long
User avatar

Joined: Thu Apr 23, 2009 9:43 pm
Posts: 5048
Reply with quote
So, it can even track the codes you enter if you use your smartphone for banking?

Security has always been one area I've never really heard discussed in the open public domain as much as PC security.

If it was on a PC it would be flagged up and removed as malware.

_________________
Fogmeister I ventured into Solitude but didn't really do much.
jonbwfc I was behind her in a queue today - but I wouldn't describe it as 'bushy'.


Fri Dec 02, 2011 11:37 am
Profile
Doesn't have much of a life
User avatar

Joined: Fri Apr 24, 2009 12:43 pm
Posts: 1798
Location: Manchester
Reply with quote
The fact that manufacturers are saying they're not using information such as emails, key logging, websites visited etc isn't the real concern to me - it's the fact that the potential for this information being collected and transmitted to a third party (i.e not the manufacturer or the network) opens up far wider privacy and security concerns. For example, is that information transmitted securely and also encrypted when it's stored on this third party's servers? I bet it isn't!!

Here's Trevor Eckhart's video on YouTube...
http://www.youtube.com/user/TrevorEckhart
(it's a bit geeky and long winded, but it does show that keys are logged, URLs records, SMS messages recorded, etc)

As I understand it, Carrier IQ still remains in iOS 5.0.1, but unsupported - but Apple are planning on removing it in a later update, possibly 5.0.2?

Still, at least Apple provide a way to turn the "feature" off, seemingly unlike other manufacturers which could be transmitting all sorts of information to this third party. If the other manufacturers' statements are to be believed, then some of them weren't aware of this software being installed by the networks. I'm not sure I really believe that.

_________________
* Steve *

* Witty statement goes here *


Fri Dec 02, 2011 12:25 pm
Profile
I haven't seen my friends in so long
User avatar

Joined: Thu Apr 23, 2009 6:36 pm
Posts: 5161
Location: /dev/tty0
Reply with quote
steve74 wrote:
The fact that manufacturers are saying they're not using information such as emails, key logging, websites visited etc isn't the real concern to me - it's the fact that the potential for this information being collected and transmitted to a third party


Or more worryingly, a third party may get hold of the data. Look at the Sony and Steam cracks that have happened recently...


Fri Dec 02, 2011 12:35 pm
Profile WWW
I haven't seen my friends in so long
User avatar

Joined: Thu Apr 23, 2009 9:43 pm
Posts: 5048
Reply with quote
forquare1 wrote:
steve74 wrote:
The fact that manufacturers are saying they're not using information such as emails, key logging, websites visited etc isn't the real concern to me - it's the fact that the potential for this information being collected and transmitted to a third party


Or more worryingly, a third party may get hold of the data. Look at the Sony and Steam cracks that have happened recently...

Indeed.

Whether the data is used or not it is stored somewhere. No matter what any company says, all data is vulnerable.

_________________
Fogmeister I ventured into Solitude but didn't really do much.
jonbwfc I was behind her in a queue today - but I wouldn't describe it as 'bushy'.


Fri Dec 02, 2011 1:23 pm
Profile
What's a life?
User avatar

Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
Reply with quote
Thankfully, as far as the reading of the topic I've managed so far, Carrier IQ don't operate in the EU; in fact the general consensus seems to be it would be illegal to install their 'agent' software on phones sold within the EU. Of course that may be an issue if you've imported an unlocked phone from some other part of the world or bought it off eBay for example.

As to the data being transmitted - it may not be stored unless/until it's required, but nobody outside carrier IQ actually knows. The thing that's driving this issue isn't the stuff they're known to have done, it's the stuff people don't know for certain they haven't done, if you follow. In the end though, this is about the phone service providers - they want to use the Carrier IQ's facilities and they ask for it to be installed on the phones they sell. It's notable a couple of US carriers have already come out and said 'don't look at us guv, we don't use it'. if/when not using Carrier IQ becomes a selling point in a very competitive market, you can bet they'll all stop soon enough.

Will it come to much in the end? Probably not. Even a class action suit requires some evidence of loss of some sort on the part of the phone owner and, as far as I know, no such evidence exists. It's a pretty low trick on the carrier's part, but was anyone under the delusion they anything but a bunch of bastards anyway?

Jon


Fri Dec 02, 2011 2:13 pm
Profile
I haven't seen my friends in so long
User avatar

Joined: Tue May 05, 2009 3:29 pm
Posts: 7173
Reply with quote
Google have stated that this software is not on any of their Nexus phones, including the Galaxy Nexus. I am safe. :ugeek:

_________________
timark_uk wrote:
That's your problem. You need Linux. That'll fix all your problems.
Mark


Fri Dec 02, 2011 4:05 pm
Profile
I haven't seen my friends in so long
User avatar

Joined: Fri Apr 24, 2009 1:03 pm
Posts: 5041
Location: London
Reply with quote
Nope (to the origonal Question) - but then I have a Nokia N70 :)

_________________
John_Vella wrote:
OK, so all we need to do is find a half African, half Chinese, half Asian, gay, one eyed, wheelchair bound dwarf with tourettes and a lisp, and a st st stutter and we could make the best panel show ever.


Fri Dec 02, 2011 5:02 pm
Profile
What's a life?
User avatar

Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
Reply with quote
Well, as I say in the EU you're fine but the denials from the manufacturers mean nothing. They aren't the ones that are putting the stuff on in the first place, the carriers are. All the manufacturers are declaring is the agent software is not part of the base OS install. That's rather like Smith & Wesson saying their guns are 100% safe because they don't ship them with any bullets in.

Jon


Fri Dec 02, 2011 5:14 pm
Profile
I haven't seen my friends in so long
User avatar

Joined: Tue May 05, 2009 3:29 pm
Posts: 7173
Reply with quote
Ho hum. Considering that my software build isn't network-modified anyway, but I digress...

There's also this to consider.

Carrier IQ 'not used by UK mobile networks'

_________________
timark_uk wrote:
That's your problem. You need Linux. That'll fix all your problems.
Mark


Fri Dec 02, 2011 5:25 pm
Profile
What's a life?
User avatar

Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
Reply with quote
Linux_User wrote:
Google have stated that this software is not on any of their Nexus phones, including the Galaxy Nexus. I am safe. :ugeek:

If you aren't using AT&T or Sprint sourced 'phones, or iPhone 3G/3GS or 4S with a version of iOS prior to 5 (iPhone 4 is still using it with 5 though), then you arenn't going to have it on your phone.

The big problem is, nearly every major blogging and news site has published this, without actually checking their facts. Heck, most of them just reported what the guy said on the video, without actually checking it! The guy talks of "packet sniffing", yet he has the phone in Flight mode (no network usage) and all the information that is shown is USB Debugging mode!

USB Debugging != Network packet sniffing!!!!!!! :evil:

What could have been a very interesting story has been rendered pretty mute by ineffective testing.

From the video, we know the following:
  • An htc Evo on the Sprint network had the software installed
  • In debug mode, the operating system traps give a lot of raw data to the CIQ software

What we don't know from the video:
  • What CIQ software does with the information it receives from the OS
  • What information it actually sends home
  • Whether said information is anonymised
  • Whether said information includes any excess information (URLs, text from text messages etc.)
  • What other model and makes of phone are affected

Through testing and looking at knowledgeable sources, we can safely say:
  • htc, Samsung and other Android manufacturers have only put the software on certain models of phone, which were destined for certain US carriers (AT&T and Sprint at the moment, Verizon haven't used it and T-Mobile USA hadn't made a statement before I went to be last night)
  • Apple did use it, up until version 5 of iOS, but since then, it has been removed from most models, although the iPhone 4 still has traces of the software, but it will be removed in coming updates
  • RIM have never installed it on any of their devices and they have never authorised any carrier to install the software
  • There is no version for Nokia Symbian phones (which could explain their unpopularity with the US networks)
  • There is no version for Windows Phone 7 (which, again, might explain why carriers in the US have not been promoting WP7)
  • O2, Vodafone & Orange all said that they have never used it (an O2 anonymous source said CIQ had approached O2, but they weren't interested in the software)
  • T-Mobile, Vodafone, O2 and E-Plus in Germany have all said they have never used it
  • The Portugal carriers had also said they never used it
  • heise.de (German tech news site) checked all phones in their office and found no traces of CIQ on any of them
  • All independent reports from readers on the European news forums are showing negatives, none have so far found CIQ
  • My Sensation, the Desire HD and the Samsung GSII of colleagues at work are clean (unbranded, Vodafone and T-Mobile respectively)

For those outside of America and those in America, who don't use Sprint or AT&T, this seems to be very much a non-story.

The quality of the journalism from the major tech sites (and the amount of knowledge they have exhibited) is of a shockingly low standard. :(

CIQ spoke out yesterday as well, claiming that they collect the date/time a call was made, which cell tower was used, and if an SMS fails to be sent, they record the date/time and cell,, so that the carrier can improve their network security.

They also said, that the information is transmitted in encrypted form and does not include URL, SMS text or any other information that is not relevant to dropped calls or failed SMS sending.

And that the data is not sent in real time, the data is collected on the phone and transmitted in blocks back to CIQ - which, if it is recording dropped calls and failed SMSs, isn't surprising, because they probably wouldn't be able to get a connection at the time anyway.

That said, nobody has yet actually packet sniffed an affected handset, to see exactly what IS sent, but as the information is encrypted, it will take a bit of work to crack the data packets and be able to inspect them.

_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari

Executive Producer No Agenda Show 246


Sat Dec 03, 2011 8:26 am
Profile ICQ
What's a life?
User avatar

Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
Reply with quote
big_D wrote:
[*]Apple did use it, up until version 5 of iOS, but since then, it has been removed from most models, although the iPhone 4 still has traces of the software, but it will be removed in coming updates

And, tbf, the OS install does ask you if you wanted to send 'diagnostic information' back to Apple (although I can't remember if it's opt-in or opt-out) and you can disable it from the GUI. I think people are getting wound up by Carrier IQ as much by the surreptitious nature of it as what it's actually logging. If something is having to hide itself, your immediate assumption is you wouldn't like what it's doing.

As to the standard of web journalism, or lack of it, I thoroughly agree. Sadly, it's not at all a new phenomenon.

Jon


Sat Dec 03, 2011 8:49 am
Profile
What's a life?
User avatar

Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
Reply with quote
I believe that the other models also had an opt-in/out when setting the device up.

For Apple, I can understand them finding the dropped calls information useful, after the problems they've had with pretty much every version dropping calls on a regular basis (especially on AT&T in America).

_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari

Executive Producer No Agenda Show 246


Sat Dec 03, 2011 9:46 am
Profile ICQ
What's a life?
User avatar

Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
Reply with quote
big_D wrote:
I believe that the other models also had an opt-in/out when setting the device up.

I haven't heard that mentioned before tbh. I can't really say first hand given their lack of presence in the EU.

big_D wrote:
For Apple, I can understand them finding the dropped calls information useful, after the problems they've had with pretty much every version dropping calls on a regular basis (especially on AT&T in America).

You know Dave, I've got a little challenge for. Try and go at least a week without turning every gadget related thread into complaining about Apple, eh?


Sat Dec 03, 2011 10:50 am
Profile
I haven't seen my friends in so long
User avatar

Joined: Tue May 05, 2009 3:29 pm
Posts: 7173
Reply with quote
jonbwfc wrote:
big_D wrote:
For Apple, I can understand them finding the dropped calls information useful, after the problems they've had with pretty much every version dropping calls on a regular basis (especially on AT&T in America).

You know Dave, I've got a little challenge for. Try and go at least a week without turning every gadget related thread into complaining about Apple, eh?

Image

_________________
timark_uk wrote:
That's your problem. You need Linux. That'll fix all your problems.
Mark


Sat Dec 03, 2011 11:33 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 16 posts ]  Go to page 1, 2  Next

Who is online

Users browsing this forum: No registered users and 17 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group
Designed by ST Software.