1. Download our Official Android App: Forums for Android!

Droidwall and kernel level spyware (like Carrier IQ)

Discussion in 'Android Devices' started by RiMConvert512, Dec 2, 2011.

  1. RiMConvert512

    RiMConvert512 Lurker
    Thread Starter
    Rank:
    None
    Points:
    5
    Posts:
    4
    Joined:
    Oct 24, 2011

    Oct 24, 2011
    4
    0
    5
    I don't seem to have Carrier IQ on my phone, but I would not be surprised to learn of an equivalent spyware being in place.

    Question: Are IPTable based firewalls such as droidwall able to stop spyware such as Carrier IQ from accessing the world outside your phone? Assuming that the spyware is not removable without messing with the ROM, can we neutralize the logged data from ever being sent outside our phones?

    My log doesn't work on my droidwall anyway, so I would not be able to see spyware being denied(allowed) outside access.
     

    Advertisement

  2. VoidedSaint

    VoidedSaint Resident Ninja
    Rank:
    None
    Points:
    423
    Posts:
    8,201
    Joined:
    Feb 10, 2010

    Feb 10, 2010
    8,201
    2,090
    423
    Male
    Virginia
    moved to motorola droid atrix
     
  3. Bugly

    Bugly Android Expert
    Rank:
    None
    Points:
    143
    Posts:
    1,057
    Joined:
    Jan 30, 2011

    Jan 30, 2011
    1,057
    104
    143
    Male
    VW mechanic
    Tacoma, Washington
    VS, you moved it into the DX forum, either way, the carrier IQ does not seem to be part of Moto's gig, nor is it apparently part of the scheme for Big Red. Seems HTC and Sammy are the big offenders in this game. My DX does not have Carrier IQ. You can d/l an app to detect it from XDA forums if you're worried, the lite version will tell you if you have Carrier IQ and if you're infected, you can buy the pro key from them to remove it.
    Hope this helps.
    (edit) my bad, just noticed the forum was correct, just linked to DX forum...
     
  4. RiMConvert512

    RiMConvert512 Lurker
    Thread Starter
    Rank:
    None
    Points:
    5
    Posts:
    4
    Joined:
    Oct 24, 2011

    Oct 24, 2011
    4
    0
    5
    Basically, I'm just curious if the IPTables can block all i/o traffic on a smartphone? Or can there be lower level spying at play that can still circumvent the IPTables. If the former case is true, then seems like droidwall's whitelist mode could neutralize ALL spyware by not allowing it to call home.
     
  5. carr

    carr Member
    Rank:
    None
    Points:
    16
    Posts:
    38
    Joined:
    Oct 24, 2011

    Oct 24, 2011
    38
    2
    16
    Interesting. With IP tables you can pretty much control anything that most devices do as far as outside access goes. I never have used IP table rules per se on my 4 G but I have used Smoothwall and other firewall software on Linux machines. However this has limits because of common spawned child processes in any OS. Whitelisting might be better but I am not sure about that.

    I do use Droidwall to block outbound applications. It seems to work well but there is no easy way to tell whether it is or not since its pretty difficult to use port scanning software reliably on a portable device or use a packet sniffer to see what it actually puts on the network.

    All of this having been said. I did watch the video on Wired.com that showed the CIQ presence and during the video noticed the CIQ logo on the apps on that phone. I checked and have half a dozen apps with the same logo running on my Atrix 4G. I am running a rooted phone and using taskmanager it is impossible to force stop many of these apps. It is also very difficult without a detailed process tree to know which of these apps are doing what. While I see on another thread here that some are pretty sure that the Atrix 4G does NOT have Carrier IQ even using an app available from the Android Store to detect it, I would be very careful with that assumption. Go to Wired, watch the video and notice he points out the apps, each with the letters CI in a yellow disk. Thats the logo. On the Atrix 4G running 2.3.4, I have the following apps with the logo--they are Contacts Data, Motorola Services, Suggestions Poll Scheduler Services, Contacts Sync (which can be force stopped with root access), Fake Blur xmpp (which can be stopped). HST Cmd which can be stopped, Motorola Indexing Service (stoppable), Motorola Storage Monitor (stoppable), Social Messaging Service (stoppable), and Suggestions CoreRuleChecker Services (stoppable). These can be found using Taskmanager and stopped there with root access. Bear in mind that some of these apps may wake up independent of whether you force stop them, call home if in fact that is what they are supposed to do, and then go back to sleep.

    Observation--- maybe this company only wrote these apps for the 4G and they are not really CarrierIQ apps per se. Thats a possibility. Again, look at the video on Wired.com (and I am sure on Youtube) and you see the same company logo on the apps. So in spite of the new app that supposedly checks for CIQ, how is it possible to know. In my opinion other than unlocking the bootloader and installing another ROM or managing to packet sniff (the way the guy did on the video) its not possible. Additionally even using Droidwall, without a detailed process tree and understanding of what goes on, your attempt at blocking an app may not be successful-because in Linux and Android--a form of Linux-- many apps spawn child processes to do tasks--and the same type of child process may be used by other legitimate apps to have access to the outside world.

    I do not use social networking services (whole other problem considering what data some of them record on their users). I also am security conscious from having been an online trader for many years, building my own computers and doing some coding--and having to protect my trading account and software. I am no expert-- certainly not on Android nor am I an IT pro. Additionally I have nothing to hide in my life- I only think that the modicum of privacy many of us take for granted is slowly being encroached upon by our reliance on things digital and I personally do not like it.

    The only way to get rid of this type of garbage without limiting the functionality on your phone might be to install a third party ROM (which I will do when support for the Lapdock and Webtop is more common). But even with a third party ROM you only control your digital world until the signal leaves the phone and after that anything can happen. Otherwise blocking outside access to a process that uses it with a firewall,while better than nothing, results in huge error logs, and a bloated and possibly somewhat slower phone. There arent any simple answers to this in my opinion...and this is only my opinion. I never would do anything sensitive like online banking or any type of financial process on my Android appliance nor would I ever visit any type of site which public knowledge of could reflect badly on me. Security starts with usage habits and trying to understand the limitations and vulnerabilities of the appliance. Just my 2 cents worth.
     

Share This Page

Loading...