Discuss Carrier IQ and privacy?

[DPiddy]

there are a bunch of Apps on my Droid 3 called "Data Collection" that have permissions to everything on phone...

DX is in that same boat. Does this mean Verizon and Motorola have the passwords to my online banking accounts? If so no way that is legal.

 

[ChadJ]

Tested the app on my HTC Desire running Cyanogen rom, and nothing found according to the app.

All the files it was searching for wasn't there

Hopefully I am safe

Some would say what we got to hide

Well the reply to that is we have our privacy to hide

 

[Crashdamage]

There's already a thread about this:
Android Discussion > Android Lounge - Discuss Carrier IQ and privacy?

Not everyone is screwed, just some.

 

[Rovers]

[snip]

 

[Rovers]

I'm pretty sure that replacing the operating system ought to do it...

"I'm pretty sure" means you're guessing.
And FYI, it's not "going to do it", my friend, because it has already done it:
they've already got your data and passwords!
You can't get the toothpaste back into the tube.

 

[Rovers]

Ugh! How in the H E double hockey sticks is CIQ continuing to get away with this bs?

Because we let them.

 

[Rovers]

I checked for both Carrier IQ services on my Atrix and found neither. I installed AnyCut from the Market and tried to create a shortcut for them under "Activities", but neither were present in the list. As far as I can tell, the Atrix is clean.

Yes, as far as you can tell...

 

[Rovers]

I think it's only a matter of time before CarrierIQ is sued into oblivion and carriers face some heavy duty fines.

EDIT: AND BAM!

Phone 'Rootkit' Maker Carrier IQ May Have Violated Wiretap Law In Millions Of Cases - Forbes

That doesn't solve the problem. They have already done it. Your data and your passwords have already been leeched and are sitting on their servers! And who knows where else!

The damage has already been done. No way to undo that.

 

[eyebeam]

And now the U.S. Senate gets involved...

Sen. Al Franken (chairman of the Subcommittee on Privacy, Technology, and the Law) demands answers from Carrier IQ ↓

Sen. Franken demands answers from Carrier IQ, suggests phone snooping violates federal law

 

[sisu]

Been thinking about rooting, but thought no need atm. But now, I think I wanna root my phone just to get rid of the spyware. I mean, it's spyware (software spying on you without your knowledge). Would have been different if they would have at least told upfront!

 

[aysiu]

I mean, it's spyware (software spying on you without your knowledge). Would have been different if they would have at least told upfront!

I think this is the major issue here. Of course you don't get total privacy, but if they are tracking stuff, they should be up front about what they're tracking and how often, and how they store that stuff and for how long.

It's just like how, when you install Android apps from the Market, you get warned about what permissions the app has. You can still go ahead and install it anyway, but it's your informed choice.

 

[jerofld]

So you are saying it's in or running on your phone? According to everything I read and watched, there's no way to get rid of it that anyone knows yet.

Yes, the second thing TrevE (Trevor Eckhart) did after posting his findings was posting a way to remove it. The third thing he did was make an app that can detect it and remove it (if you donate $1 to him for the removing feature, I donated the $1 just for him finding the damn thing). Most, if not all, Evo 3D ROMs (TrevE is a Evo 3D dev) have CIQ disabled or outright removed, thanks to TrevE. I tried his detection / removal app on my Acer Iconia A500. While CIQ was not installed (not surprised, as the A500 is not something I bought through a carrier), it did detect and disable Google's appusage logs. So I imagine it'd work for anything with CIQ installed, not just the Evo 3D.

"I'm pretty sure" means you're guessing.
And FYI, it's not "going to do it", my friend, because it has already done it:
they've already got your data and passwords!
You can't get the toothpaste back into the tube.

No, but you can disable the loggers and change your passwords. So throw the toothpaste out and get a new tube.

 

[jerofld]

I agree someone should start a sticky list of verified safe/unsafe phones and providers. But I'm kinda new here and not sure how to or if I even could. I just started this thread because I thought it deserved some attention and discussion.

If you want to start a thread that lists CIQ enabled devices, you can do so and request that it be made a sticky. The site staff will discuss if it warrants a sticky and will sticky it if it does. If it does not, it just stays in normal area. You can always link to the thread in your own signature, too.

 

[Zorkie]

This is not really a Google issue. The software is added to the phone by the carrier, not Google.

You're right. And Sprint's Privacy Policy seems wide-open for data mining.

 

[A.Nonymous]

If you want to start a thread that lists CIQ enabled devices, you can do so and request that it be made a sticky. The site staff will discuss if it warrants a sticky and will sticky it if it does. If it does not, it just stays in normal area. You can always link to the thread in your own signature, too.

It seems the only two carriers that have it are Sprint and ATT.

 

[sisu]

It seems the only two carriers that have it are Sprint and ATT.

I assume that includes Virgin Mobile, Boost Mobile and other Sprint-owned carriers too

 

[Crashdamage]

T-Mobile has confessed that at least some of their phones have it or will in future models. And it has been found on several Verizon models. We should assume at least the 4 national US carriers are all guilty.

Probably the only ways to be safe are to:
1. Buy unlocked generic phones (NOT purchased from a provider) such as a world model unlocked Nexus or
2. Root and install a custom ROM.

One thing is sure...if you have a phone, computer or most any electronic device that connects to anything, Big Brother is watching. Or a security camera is. Or someone is video recording with a phone.

Makes me wonder if it's so pervasive that it's futile to fight it. Maybe better to quit worrying and just be careful what you do and how you do it.

 

[sisu]

When some carriers so eagerly say they don't use Carrier IQ, it doesn't mean they aren't using some other logging method. I am sure Carrier IQ isn't the only application out there.

 

[mikedt]

Look under Menu > Settings > Applications > Running services. On my phone it is listed as IQ Agent Service.

Not present on my Galaxy S, but then it has CM7.

 

[mikedt]

...because of a secret app, a spykit of software, a socalled rootkit, that is installed on all Android and Blackberry phones, that monitors and logs whatever you do, and every keystroke – including passwords – and then 'phones home' to upload all your data to the mothership.

Not all Android phones, things like CyanogenMod and other custom ROMs are completely open source code. That means that there are NO secret keyloggers, spykits, secret apps, backdoors etc. Because they would be obvious from looking at the source code of the ROM. If the user installs proprietary third-party apps though, they could very easily have spying and tracking processes.

If one has a device with proprietary closed source manufacturer's and/or carrier's software and customisations on it, well there can be anything going on here, including keyloggers, secret spykits, etc.

 

[momentoid]

Under Menu > Settings > Applications > Running services there is an app named IQ Agent Service which has the longest running time and cannot be stopped.

Also, I've noticed that under Menu > Settings > Applications > Manage applications > Menu > Filter > All, there is an app named Keytracer which has all kinds of Permissions. Wondering if this is part of the IQ Agent service, part of Swype, or part of Android.

Could users who do not have Swype installed please confirm this either way. Thanks.

 

[thedosbox]

Just buy your phones from Canada: Rogers, Telus, Bell, Virgin, Fido and Videotron confirm that Carrier IQ is not present on their devices | MobileSyrup.com

 

[mikedt]

Under Menu > Settings > Applications > Running services there is an app named IQ Agent Service which has the longest running time and cannot be stopped.

Also, I've noticed that under Menu > Settings > Applications > Manage applications > Menu > Filter > All, there is an app named Keytracer which has all kinds of Permissions. Wondering if this is part of the IQ Agent service, part of Swype, or part of Android.

Could users who do not have Swype installed please confirm this either way. Thanks.

Like IQ Agent, Keytracer is NOT present on my phone. I don't have Swype installed because I didn't like it. The processes running on my phone are, ADW Launcher, Settings, Maps, Skype, DSP Manager, Google Services, Voice Notify and Android Keyboard, there is nothing that I wouldn't expect to be present. My phone in addition to having having CM7, also has the official Google software installed, like Gmail, Market, Gtalk, Maps, Goggles, Calendar. But there are no unexpected or suspicious things present AFAICT.

Seems to me, the way to get rid of this IQ Agent tracking and spying thing, is to have an open source ROM like CM7. There are NO secret and/or clandestine things going on in the background, because they're open source.

Just be careful about what apps and games one installs. Like does one trust that Justin Bieber wallpaper app not to be spying on you, look at those permissions carefully.

 

[james515]

When some carriers so eagerly say they don't use Carrier IQ, it doesn't mean they aren't using some other logging method. I am sure Carrier IQ isn't the only application out there.

Before smart phones and fancy "apps", ALL wireless carriers collected (and they still do) just about anything you do with your phone.
Phone calls - you get detailed billing that shows EVERY number you call, or that calls you, it can determine which calls were answered on call waiting, and 3r party calls.
Txt and SMS, yep all that stuff to, who what when and where.
Data, yes, they track that also so they know how to bill you.

other things you may not know about. they can tell if you pulled the battery out of your phone to end a call or if the battery actually died. This method was brought about by the high number of users trying to beat the system and saying their call dropped, when all they did was pull the battery. they would call the carrier and complain that their call dropped, then they were given credit for the call that dropped, this is FRAUD and people were caught and it eventually stopped the problem. ut that was back when removing a battery was easy

they can find out the signal strength you had at the time of a dropped call (of course this has to be manually setup for troubleshooting by the RF engineering group to collect the info on a case by case basis at the request of a customer).

when you call your bank or credit card company and enter your account # and pin code, that info is available also and its NOT encrypted through ANY phone system

 

[jefboyardee]

I think it's only a matter of time before CarrierIQ is sued into oblivion and carriers face some heavy duty fines.

I’d rather that gets turned around, that is, CarrierIQ face fines and the carriers are sued into oblivion -- after all, the carriers sought and bought the services offered by CIQ. CIQ is merely the gun here, but the carriers are the trigger-pullers.