Privacy Concerns - Google Firmware - Android Software/Hacking General [Developers Only]

I am concerned that Google has their tentacles all throughout the OS, and I want to take all measures to stop that. I particularly don't like their search query tracking (I use ixquick) and their nav app, as their privacy policies are atrocious.
Before someone accuses me of being a hacker or criminal, I am simply not willing to hand over my 220 year old Constitutional rights for a transient fear campaign manufactured by The Machine. And I do not want my information used for profit without permission. I used to be a cracker, and know what is possible. I'll not respond to those who call me 'paranoid'; they are oblivious.
Of course I'll not be using the apps of that-search-engine-everybody-uses. Removing them forthwith, in favor of whatever GPL open-source apps there are available for various functions. Using self-contained nav software like CoPilot or TomTom.
So, have any devs investigated whether Android phones home at any interval? Have measures been taken to privacy-enable the Android firmware?
I hear that HTC has some sort of 'phone home' function. How to neuter that?
What good is Wifi? Is it that you can use that when available, not using up 3G bytes? I am asking what use it is on a mobile in consideration of mobility and the security problems -- what uses can this be put to, and how to secure the phone?
Where is the best place to find open-source apps?

I'm curious about this as well, not so much from a privacy standpoint, but how the hell can I stop the mysterious data that is flowing out of my phone when everything like background syncing and all data connections are turned off.

http://source.android.com/
This is all you need - you could remove/modify anything you want, so... what's your problem? And actually Google apps aren't in the Android sources, so you won't have them after compiling. Yeah, two birds with one stone.
Also you could disable WiFi if you don't like it.
Tachikoma_kun said:
how the hell can I stop the mysterious data that is flowing out of my phone when everything like background syncing and all data connections are turned off.
Click to expand...
Click to collapse
Errr... what ROM and how many apps do you have installed? There is no "mysterious data" on clean system, but 25% of apps use data connection for various reasons.

I'm on the stock 2.1 ROM for the Samsung Galaxy S. I turn all the background syncing, email, and stuff like that off, and overnight it can use about 1MB of data.
I don't have any "free" apps running that might download new banners or anything like that.

The background syncing does not turn anything off as far as I know.
To my knowledge it allows 3rd party apps the ability to check if the user has flagged this, but they do not have to respect this flag.

Tachikoma_kun said:
I'm on the stock 2.1 ROM for the Samsung Galaxy S. I turn all the background syncing, email, and stuff like that off, and overnight it can use about 1MB of data.
I don't have any "free" apps running that might download new banners or anything like that.
Click to expand...
Click to collapse
Syncing is just... syncing. But there are many other things, that apps do. Spare Parts -> Battery history -> Network usage.

Brut.all said:
http://source.android.com/
This is all you need - you could remove/modify anything you want, so... what's your problem?
Click to expand...
Click to collapse
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.

Quantumstate said:
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Click to expand...
Click to collapse
i think he meant either put up or shut up, which is a pretty reasonable statement.
IMO it's anonymous user data.... let them build cybernet
otherwise say no to the T.O.S that is your constitutional right if you have "privacy" concerns

Brut.all said:
Syncing is just... syncing. But there are many other things, that apps do. Spare Parts -> Battery history -> Network usage.
Click to expand...
Click to collapse
Thanks, will give that a try.

themapleboy said:
i think he meant either put up or shut up, which is a pretty reasonable statement.
Click to expand...
Click to collapse
I meant we all have access to the sources, so we don't have to "investigate" what Android exactly does - we just know, that it doesn't do any "mysterious" things. There are many people working with these sources for many months, I doubt there are some undiscovered things.

Brut.all said:
I meant we all have access to the sources, so we don't have to "investigate" what Android exactly does - we just know, that it doesn't do any "mysterious" things. There are many people working with these sources for many months, I doubt there are some undiscovered things.
Click to expand...
Click to collapse
u know what they say about assuming...... it always makes you look like a jackass

Yeah, I mean we're not playing with iOS4 or anything.
In all seriousness, Android's been out for quite a while now and has been looked at by a LOT of people. Not saying that it's *impossible* but it's highly unlikely that anything nefarious is going on.
If you're still concerned, I suppose you could always opt not to install the Google Apps, but you'd be a bit limited, functionality-wise.
Sent from my Droid using XDA App

themapleboy said:
let them build cybernet
Click to expand...
Click to collapse
O' little do you know... many years ago I did work in Eastern Europe. You have no idea the paranoia a society can endure. For an idea, watch the old TV series Danger Man. Or the movie 1984.
If most young people share your view, it is a dark future. I'm glad I'll be dead.
herald83 said:
In all seriousness, Android's been out for quite a while now and has been looked at by a LOT of people. Not saying that it's *impossible* but it's highly unlikely that anything nefarious is going on.
Click to expand...
Click to collapse
Understand. I just can not believe though that Google is not harvesting some sort of information, as that's their business model. They never discard any info they receive, and you can build a shockingly accurate portrait of someone from their searches over time. Google's CEO recently said, "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It", echoing the Bush Doctrine of a Police State.
Maybe Android is innocuous for now, and I'm sure it's been examined. But I'm wondering what the results were? Why are ppl seeing data outflows?

I smell a rat...
Quantumstate said:
...Before someone accuses me of being a hacker or criminal, I am simply not willing to hand over my 220 year old Constitutional rights for a transient fear campaign manufactured by The Machine. And I do not want my information used for profit without permission. I used to be a cracker, and know what is possible. I'll not respond to those who call me 'paranoid'; they are oblivious...
Click to expand...
Click to collapse
Quantumstate said:
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Click to expand...
Click to collapse
A 52yo real estate developer, whose not a coder, but used to be a "cracker" and knows what is possible? Anyone else here think this doesn't make a bit of sense?
It's funny, but it sounds like someone is trying to stir up some FUD by making claims that Android is somehow doing an "All your data are belong to us...". I hope Apple aren't paying your cheques!

@perpetualmotionuk: Be advised that there is a difference between mathematics and decryption, and coding. Yes I can do some coding, but not at a level necessary to analyze and modify an operating system.
If Apple were paying my 'cheques', wouldn't I come in with some sort of proof that monitoring is taking place? Rather than asking what others have found?
Now, rather than trying to tear people down, why don't you use that considerable nose to investigate this yourself?

No one's seen anything about info leakage?

Quantumstate said:
Understand. I just can not believe though that Google is not harvesting some sort of information, as that's their business model. They never discard any info they receive, and you can build a shockingly accurate portrait of someone from their searches over time. Google's CEO recently said, "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It", echoing the Bush Doctrine of a Police State.
Maybe Android is innocuous for now, and I'm sure it's been examined. But I'm wondering what the results were? Why are ppl seeing data outflows?
Click to expand...
Click to collapse
Most of that data is pulled from search history, I suspect. Which you can disable, if I recall. Don't have my phone on me at the moment to confirm.

I just did a very simple test on an emulator: after ~15 minutes of running system there was 0 (zero, null) of network packets. Now I want to do the same on a device with clean system, but I think results will be the same or similar (SDK system is just normal Android - very similar to these from devices).
I have a feeling that even if I will catch zero packets as well, you will be asking whether Google send something mysterious through... errr... bluetooth? Some hidden antenna?

If you're worried about Google tracking your info...root the phone and don't install the Google apps. What do ya know...problem solved.
If you're still worried that people are tracking what you are doing see steps below.
1) Flush phone or give to a homeless guy to throw them off.
2) Destroy Computers.
3) Liquidate everything you own.
4) Walk into the woods and live off the land.
5) Kill self shortly after because they already have a file on you.
You say you're a 52 year old real estate developer...guess what...they're already tracking you. You're already helping to build "cybernet" just by living and breathing.
And if you are really worried about your "220 year old Constitutional Rights" then go read the Patriot Act and discover that you don't have ****.
I'm normally not one to flame...but you are an absolute idiot.

I'm not an English person, excuse for the syntax/grammar/... mistakes I'd could make.
hedjemunkee said:
I'm normally not one to flame...but you are an absolute idiot.
Click to expand...
Click to collapse
I don't understand WHY this person could be considered as "an absolute idiot" by ASKING if some 'data' are sent over the network through the phone.
Facebook, with it's ad system is sending information for each ad displayed (not alot, but still some !)....
ADS.GOOGLE do you have any idea about what's behind !?
I don't have the number (nobody have it) of webpages using it but it's huge. with this you can track navigation of people, establish profiles, link to a physical person. Without your consent.
I understand the concern of the "OP" here. I don't think the data sent are easy to "catch", or are systematically sent... maybe there is no, and you are paranoid. But it "COULD". So easily. I'm from the young tech generation.
And to quote
Quantumstate said:
If most young people share your view, it is a dark future. I'm glad I'll be dead.
Click to expand...
Click to collapse
People who don't ask themselve the question, or wich refuse to be open minded enough to consider the right to ask this question ... could be surprised very soon. I'm not directly affraid of "google". I'm affraid of those 'blind' people.
You'll be dead in less than 10years !? I hope we can share some of the darkness you're talking about. your parent's generation started it, you continued it.
Anyway, back to the topic.
Why in my pocess list i've : (app id number) com.ap.SnapPhoto:remote
even when I do not use the camera !?
...when I notice my battery is being used more than usual I check the process list and I find this...
What's this "remote" !?
Maybe "remote" refers to "another app wich launch this app"... ? Otherwise... wow.

Related

[Q] The iPhone Has Been Tracking Where You Go

I can't post links yet. Just Google: iPhone tracking your location
This has already been posted once, but because it is a big deal I wanted to draw more attention to it. As most of the people on XDA run rooted phones and custom ROMs, I would like to know if our favorite ROM developers have happened upon anything "interesting" regarding location data baked into stock ROMs/AOSP ROMs/Cyanogen (God forbid), or any other suspicious behavior.
I don't want to see people freaking out, or pointless jokes about tin foil hats, I'm interested in a discussion regarding our Android devices and location data and the storage of that data.
We all know that Google tracks our searches and some location data in order to provide targeted advertising. This is fine, because I would much rather see an advertisement for a 2012 concept car or screenshots from TES:Skyrim instead of something Macy's or Vagisil related. I'm more concerned about unauthorized people gaining access to this data. If I need to get rid of my Droid X with Fission 2.5.7 to protect my younger siblings or my fiancée or my future child, I want to make that decision with HARD DATA to back it up.
~NDK
[EDIT: Mods may move this if necessary, but my question is really directed towards developers and their (much deeper) understanding of Android and how it operates.]
Lookout keeps me safe.
Androidboy35961 said:
Lookout keeps me safe.
Click to expand...
Click to collapse
It may keep your phone safe, yes. Allowing Lookout to track my phone was convenient for a while, but I realized that in 4 years of smartphone ownership I had never lost my phone do to my invention of the ASSPAT. That's right, the Automated Self Search for Phone And Things. I do it every time I leave the house! Anyway, Lookout ended up being just another useless app that added nothing to my Android experience and subtracted battery life. (Although I saw minimal battery life change and actually liked that app.)
On topic, please ask your dev if they have ever happened upon anything suspicious in digging through the Android file structure.
Androidboy35961 said:
Lookout keeps me safe.
Click to expand...
Click to collapse
really? how sure can you be abt that? you know that any app that has root rights can do practically anyth to your phone don't you?

Carrier IQ

http://www.carrieriq.com/index.htm
I just heard about this and can't believe how little we know we are being spied on. Is this installed on the sensation? If so are there any ROMS which remove it? Am I just digging up old news or what does everybody else know about this?
smockpuv said:
http://www.carrieriq.com/index.htm
I just heard about this and can't believe how little we know we are being spied on. Is this installed on the sensation? If so are there any ROMS which remove it? Am I just digging up old news or what does everybody else know about this?
Click to expand...
Click to collapse
Old news.
No this is not old news at all. This subject is still being looked into and things are coming to light about it more and more. Yes this is very much on the Sensation. Me personally I am glad someone started a thread on it as it is something I feel everyone should be concerned with.
If you want to learn more about it just go to the XDA Portal and type in a search for Carrier IQ, CIQ, or just IQ and you will see there has been several stories in the portal about it and the dev that is trying to bring all of this CIQ BS into the view of the masses.
Also I have not looked to see but I imagen that there is some custom ROMs for the Sensation that has the CIQ removed from it. I beleive any of the CM7 based ROMs do not have it and it may be more you will just have to read the first posts in the thread by the chef that cooked the ROM.
T-Macgnolia said:
No this is not old news at all. This subnet t is still being looked into and things are coming to light about it more and more. Yes this is very much on the Sensation. Me personally I am glad someone started a thread on it as it is something I feel everyone should be concerned with.
If you want to learn more about it just go to the XDA Portal and type in a search for Carrier IQ, CIQ, or just IQ and you will see there has been several stories in the portal about it and the dev that is Beloit.g to bring all of this CIQ BS into the view of the masses.
Also I have not looked to see but I imagen that there is some custom ROMs for the Sensation that has the CIQ removed from it. I beleive any of the CM7 based ROMs do not have it and it may be more you will just have to read the first posts in the thread by the chef that cooked the ROM.
Click to expand...
Click to collapse
Hi,
I found that ROM CLEANER does the business of removing all the offending crap.
Worth looking into.
malybru said:
Hi,
I found that ROM CLEANER does the business of removing all the offending crap.
Worth looking into.
Click to expand...
Click to collapse
The ROM just cleans bloatware and other things in HTC Sense to help the ROM run smoother. All devices have this CIQ on them, it is not an app but several things that are hidden deep in the ROM and has to be cooked out of the ROM. ASOP ROMs do not have it. Go read this article by azrienoch on it. Make sure to click on the links in the article too then you will have a better understanding of what I mean. You will also see why it is such a big deal.
Update to the current Carrier IQ fiasco with video proof
http://m.wired.com/threatlevel/2011/11/secret-software-logging-video/
Separate link for the youtube video for easier access.
http://www.youtube.com/watch?v=T17XQI_AYNo&feature=youtube_gdata_player
In the T-Mobile galaxy s 2 forums the carrier IQ the is in the kernel is that where it is in sensation? I can't find any of the know names in my wife's phone.
Sent from my SGH-T959 using xda premium
i just had the word with the guy who made the video and he told me that this only affect u.s.a people and this doesn't affect anyone living in eurpoe so if you live in uk, ireland and other part of eurpoe than you are fine.
I'm in the US and i read this over and over, and to be honest i can give to giggles of a squirting crap bout this, everyone takes this out of proportion and think its end of the world cause something in there is loggin your keys,
ITS IN EVERYTHING!! get over it already, its in your game consoles, in your laptops, in your PCS, just deal with it nothing you can do or say will change this
and lot of you will say no its not, BUT IT IS! think bout all the times your send a report of a crash on a pc or anything, deeping read ToS on consoles all have tracker/logger
ilostchild said:
I'm in the US and i read this over and over, and to be honest i can give to giggles of a squirting crap bout this, everyone takes this out of proportion and think its end of the world cause something in there is loggin your keys,
ITS IN EVERYTHING!! get over it already, its in your game consoles, in your laptops, in your PCS, just deal with it nothing you can do or say will change this
and lot of you will say no its not, BUT IT IS! think bout all the times your send a report of a crash on a pc or anything, deeping read ToS on consoles all have tracker/logger
Click to expand...
Click to collapse
So, because tracking software is being put on many devices we use every day, we should not worry about it?
Perhaps if consumers were made more aware of things like this, they could stem the tide of invasive technology.
Sent from my Sensation using xda premium
ilostchild said:
I'm in the US and i read this over and over, and to be honest i can give to giggles of a squirting crap bout this, everyone takes this out of proportion and think its end of the world cause something in there is loggin your keys,
ITS IN EVERYTHING!! get over it already, its in your game consoles, in your laptops, in your PCS, just deal with it nothing you can do or say will change this
and lot of you will say no its not, BUT IT IS! think bout all the times your send a report of a crash on a pc or anything, deeping read ToS on consoles all have tracker/logger
Click to expand...
Click to collapse
CIQ is definitely a whole new species of logging software, put onto your device by your friendly network operator.
I dare to say that there is absolutely no comparable spying software case so far. If you´d have fully studied about the software this thread is mentioning, you most probably would not have written your statement.
A key logger which records *everything* you type without encryption? A key logger which reads your SMS/test message even before you read it? Come on. This kind of stuff is *definitely" not "in everything". It may be in all network operator subsidized mobile phones (not only Android, but also Nokia and Blackberry affected) in the USA - but definitely not here in Europe.
Here, we actually have laws against such software - especially if it´s distributed by large organizations like network operators, this could result in multi-billion dollar fines. People here in Europe are not wiser, but they tend to fight a bit more against "big brother" who might be "watching you".
tictac0566 said:
CIQ is definitely a whole new species of logging software, put onto your device by your friendly network operator.
I dare to say that there is absolutely no comparable spying software case so far. If you´d have fully studied about the software this thread is mentioning, you most probably would not have written your statement.
A key logger which records *everything* you type without encryption? A key logger which reads your SMS/test message even before you read it? Come on. This kind of stuff is *definitely" not "in everything". It may be in all network operator subsidized mobile phones (not only Android, but also Nokia and Blackberry affected) in the USA - but definitely not here in Europe.
Here, we actually have laws against such software - especially if it´s distributed by large organizations like network operators, this could result in multi-billion dollar fines. People here in Europe are not wiser, but they tend to fight a bit more against "big brother" who might be "watching you".
Click to expand...
Click to collapse
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
ilostchild said:
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
Click to expand...
Click to collapse
I wonder how this affects the speed and responsiveness of the phone's OS?
ilostchild said:
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
Click to expand...
Click to collapse
Yes that is true what you said but most people already know that cops can get your records from a phone company with a search warrant depending on how long that company keeps those records.
This is deferent, a third party collecting all information of what you do on your phone without your consent or knowledge is wrong. This company is also not the government so what right do they have without your consent.
Yes on a console, a PC, and1st and 2nd party apps on your phone you give consent for them to use various monitoring techniques but you have a choice, here with carrier IQ you are not giving that choice it is there and you have to use a crowbar to get it out of your phone.
I'm no fanatic but I do believe in the constitution. It is your right to give away your privacy but it is not for someone else to take it away from you.
Sent from my SGH-T959 using xda premium
ilostchild said:
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
Click to expand...
Click to collapse
You keep saying it is nothing you can do about it, well you could not be more wrong. You can take and S-off your device, unlock your device, root, or what ever the proper method is for your particular device to be able to flash a custom recovery. Then simple download and flash any AOSP ROM. This will give you a device without CIQ.
Now you must not have read the official withdraw of the S&D letter to TrevE that IQ posted a link to on their website. Go yo the XDA Portal and have a look a the latest article by orb3000. Obviously the message has gotten to IQ and I would say more than likely the Carriers. Yeah some say that the power users are a small group but it is a group with great power. When the people that a large force in building enthusiasm for devices and OS's speak out against something that they do not like, people tend to listen. Therefore it has a large chance of affecting sales, new contract signings, and contract renewals.
This whole attitude of people not being able to do anything about something people consider wrong, is such a epic fail. I mean if no one never tries to bring change to something then yeah sure nothing will happen. And the powers that be gains that much more control. But luckily people are starting to get tired of never having change and are starting to do something about this messed up world of ours.
Last thing, if you think this is a simple logging system. Again you could be more wrong. This CIQ has full access to your device, as well as full rights. It can not be killed, forced close, or uninstall. I will not go into any further details, but this is far from what IQ and the carriers want you to think it is.
Shery4life said:
i just had the word with the guy who made the video and he told me that this only affect u.s.a people and this doesn't affect anyone living in eurpoe so if you live in uk, ireland and other part of eurpoe than you are fine.
Click to expand...
Click to collapse
Carrier is a global company. The company does have offices in London...
http://www.carrieriq.com/company/index.htm
And under the heading "About Carrier IQ"
http://www.sys-con.com/node/1865183
So European phones may have CIQ installed depending on what the mobile provider. Something that our friends over the pond
should research.
Sent from my SGH-T959 using xda premium
T-Macgnolia said:
You keep saying it is nothing you can do about it, well you could not be more wrong. You can take and S-off your device, unlock your device, root, or what ever the proper method is for your particular device to be able to flash a custom recovery. Then simple download and flash any AOSP ROM. This will give you a device without CIQ.
Now you must not have read the official withdraw of the S&D letter to TrevE that IQ posted a link to on their website. Go yo the XDA Portal and have a look a the latest article by orb3000. Obviously the message has gotten to IQ and I would say more than likely the Carriers. Yeah some say that the power users are a small group but it is a group with great power. When the people that a large force in building enthusiasm for devices and OS's speak out against something that they do not like, people tend to listen. Therefore it has a large chance of affecting sales, new contract signings, and contract renewals.
This whole attitude of people not being able to do anything about something people consider wrong, is such a epic fail. I mean if no one never tries to bring change to something then yeah sure nothing will happen. And the powers that be gains that much more control. But luckily people are starting to get tired of never having change and are starting to do something about this messed up world of ours.
Last thing, if you think this is a simple logging system. Again you could be more wrong. This CIQ has full access to your device, as well as full rights. It can not be killed, forced close, or uninstall. I will not go into any further details, but this is far from what IQ and the carriers want you to think it is.
Click to expand...
Click to collapse
Hi,
That is very well put.
If you sit back and do nothing, then nothing will get done.
The more people complain about this, the more something is likely to be done.
As far as the carriers are concerned, they probably think that no one knows that this stuff is even installed!
Its important to show our awareness of this situation, and complain about it.
How about Logging TestApp? I heard that this app helps you erase all the logging apps in the phone, including this one.
This issue just Made ABC news this morning
gtrplr71 said:
This issue just Made ABC news this morning
Click to expand...
Click to collapse
This issue made international news.
http://www.forbes.com/sites/andygre...ve-violated-wiretap-law-in-millions-of-cases/
Wow, at first i was reading this thread and had the same, "well whatever" attitude. But after just a couple of minutes googling and reading, this is really messed up. CarrierIQ has issued a cease and dismiss order against the guy in the video, along with threats to sue if he does not publicly apologize.

In ["TrevE!"] we trust!! OPT out!*CIQ's!* YAHOO, MSN, MSNBC, FORBES Magzn!!! "TrevE!!

In ["TrevE!"] we trust!! OPT out!*CIQ's!* YAHOO, MSN, MSNBC, FORBES Magzn!!! "TrevE!!
Just seen this on **YAHOO** front page, Thank's TrevE!
Forbes Magazine on "TrevE"
MSN MSNBC!
"Eckhart says Carrier IQ's software, designed to monitor the performance of a cell phone on a network, is a "rootkit," spying on unsuspecting users. Carrier IQ says it is not."
"While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools," the company said in a recent statement. We've contacted Carrier IQ for more information.
I even made a video to let my subscribers know what he had done for the Android and XDA community, great find thanks to him.
heplful video helped me remove that crap from my htc. Treve rules
BaT420 said:
heplful video helped me remove that crap from my htc. Treve rules
Click to expand...
Click to collapse
They(CIQ) wanted a media storm, surfed the web and there it was.
Hmm, seems they didn't get it, a rootkit is something that hides from the user by running in a low level beyound the operating system, this does not imply any malicious intentions yet, so it definitely is. Thing is, they already stated that it does in fact log all phone connections and SMS (not the actual content they say), what apps are running on the phone and how much they utilize the cpu and even more, which i consider malitious personally, and send the informations to your carrier who should have those informations anyway except the app stuff. They say they collect this information to see if a disconnect happens due to a faulty cell tower to improve their network, but they should be able to get all this information's from their cell towers as well. Also they claim that they collect that app info to know what is causing battery drain on your device, but i think this should be handled in a different, more privacy respecting way.
--------------------------
tapatalked from vizio vtab1008
Jeeze I'm glad I run a custom rom and a custom kernel the day I got my phone. Gives my the shivers knowing that my carrier has that info. This would totally suck for federal agencies that use these CIQ infected devices.
Why is anyone the slightest little bit surprised?
This is an OS created by Google, a company that exists to collect data on you. By definition the more it invades your privacy, the better it is accomplishing its job description.
Chrome is growing in installations every day. This is a browser that exists to collect your data. Everything you type or click on while in that browser gets processed through Google's servers.
What do you think is going to happen when google comes out with a "free", stable, OS for pc's? How much of your activity do you think they'll be monitoring?
Google and Facebook are waging a war right now to see who becomes "big brother" through controlling your access to the internet. Wake up and smell the "long game" running.
Yes, I know CIQ is not a Google product.
Someone just turned derp up to 11
mid_life_crisis said:
Why is anyone the slightest little bit surprised?
This is an OS created by Google, a company that exists to collect data on you. By definition the more it invades your privacy, the better it is accomplishing its job description.
Chrome is growing in installations every day. This is a browser that exists to collect your data. Everything you type or click on while in that browser gets processed through Google's servers.
What do you think is going to happen when google comes out with a "free", stable, OS for pc's? How much of your activity do you think they'll be monitoring?
Google and Facebook are waging a war right now to see who becomes "big brother" through controlling your access to the internet. Wake up and smell the "long game" running.
Yes, I know CIQ is not a Google product.
Click to expand...
Click to collapse
Its the carriers that put this software on not Google. My nexus s has no sign of it. I'm custom rom since day one but have a nandroid of my stock image and nothing there.
Also your last statement is a bit tin foil hat isn't it?
Sent from my Nexus S using xda premium
slimdizzy said:
Its the carriers that put this software on not Google. My nexus s has no sign of it. I'm custom rom since day one but have a nandroid of my stock image and nothing there.
Also your last statement is a bit tin foil hat isn't it?
Sent from my Nexus S using xda premium
Click to expand...
Click to collapse
Not on the stock or custom roms for the Inspire either.
As for the foil hat. You think the new chip being installed on all US phones after tyebnew year so the government can force texts to your phone is only so they can send you a text? Yeah....I am not so sure about that lol

[conspiracy theory] the government can tap phones even when on stand by....

Few days ago I was involved in a conversation where couple of people were sure that the government can tap our phones even when not in conversation but when they are actually in stand by on the table.
I tried to argue that when in stand by, android for example has very minimal processes going on, just enough to keep the time and realize when the power button is pressed or send notification.
The counter-argument was that there might be backdoors in the ROM for example which enables the authorities to get sound from the mic directly without the need of the OS as an interface.
I don't see how this can be done, but you as developers might want to provide some solid, technical arguments which would set the discussion once at for all
I guess if you're really that worried about it, there's always airplane mode.
Sent from my HTC PH39100 using xda premium
Worried about monitoring using a google/facebook/twitter device?
Pull some foil off your hat, and wrap it around the phone. Problem solved.
Just do what Eric says "Do no Evil" and who cares if the gummint is watching you!
I'm not worried at all as should be obvious if you actually read my post :>
Fking1 said:
I don't see how this can be done, but you as developers might want to provide some solid, technical arguments which would set the discussion once at for all
Click to expand...
Click to collapse
Well, I'm no developer but if you are going to lurk deeper on backdoors, you'll soon find out that bigger corporations than Gooogle have implemented backdoors in their systems.
Still, this doesn't tell you how it's done, but proofs that has been done and afaics is no problem to do it again.
If I remember correctly some time ago Indian government tried to force BlackBerry to backdoor their devices for Indian market.
So judge it for yourself, but don't think that this is some Atlantis conspiracy but is actually happening all over the place..
B33zal said:
Well, I'm no developer but if you are going to lurk deeper on backdoors, you'll soon find out that bigger corporations than Gooogle have implemented backdoors in their systems.
Click to expand...
Click to collapse
Care to elaborate?
Also it will be enough if someone says why it's impossible to pull audio from the mic when the phone is on standby
In all actuality if the gumment wanted to monitor you they already are....
Fking1 said:
Care to elaborate?
Also it will be enough if someone says why it's impossible to pull audio from the mic when the phone is on standby
Click to expand...
Click to collapse
It's not impossible. Don't brick your head with such things. And why is that question anyway? Do you affraid that you can get caught?
If you are not doin anything against the law, after a while they would not even listen to you
chaki- said:
It's not impossible. Don't brick your head with such things. And why is that question anyway? Do you affraid that you can get caught?
If you are not doin anything against the law, after a while they would not even listen to you
Click to expand...
Click to collapse
well to be honest, i'm big time criminal in my country, so the answer to that question is critical to me :>
Fking1 said:
I tried to argue that when in stand by, android for example has very minimal processes going on, just enough to keep the time and realize when the power button is pressed or send notification.
Click to expand...
Click to collapse
Just because a listening device is not always on doesn't mean it doesn't exist. A single push notification can activate a hidden app or feature, should a government have installed it.
Indeed, there are "lost phone" apps on the market that let you do similar things (though I'm not sure about listening in per se, more like gps, alarm sound, take photos).
so, it's technically possible?
Fking1 said:
so, it's technically possible?
Click to expand...
Click to collapse
It is possible and google patented an ad technique that involved using the microphone to listen for background noises and words to produce better more personalised ad results but haven't implemented it yet.
Also you can remotely activate phone features as well as push data to a phone so yes it could be done but they would need at least an app installed on your phone to do so.
So unless you allow someone to install hidden apps on your phone there's no chance of it.
Dave
( http://www.google.com/producer/editions/CAownKXmAQ/bigfatuniverse )
Sent from my LG P920 using Tapatalk 2
Interesting.
What if the government forces Google, Apple and Rim to leave such backdoors accessible by them?
Android is open source but the kernel is not as far as i know?
Fking1 said:
Interesting.
What if the government forces Google, Apple and Rim to leave such backdoors accessible by them?
Android is open source but the kernel is not as far as i know?
Click to expand...
Click to collapse
even if thats the case: just flash an own kernel like we all do.
i don't think there's something in android, because it's open source. someone would see that..
and the kernel problem is solved when you flash another one i guess
but those normal ppl out there.. the weird ones who doesn't flash their devices, they are ****ed then. xP
but are the kernels we flash open source? I guess even with custom ROM you use the default google kernel, since if it haven't been open source in the first place, i don't think anyone has written it from scratch.
The more important question is, can something like this be hidden in the kernel, or it needs to run in the OS as normal, but hidden app?
Fking1 said:
Care to elaborate?
Click to expand...
Click to collapse
NSAKEY. I'd post links but I can't.
B33zal said:
NSAKEY. I'd post links but I can't.
Click to expand...
Click to collapse
NSAKEY?
post them sripped or PM me
Is it possible? Yes is it likely? No. At least in the US they would need to prove you were a threat to national security to get a judge to sign off on it.
The android kernel is open source completely.
As an example there is a root binary that grants root access without user prompt or notification of any kind. So while it can be done I would not worry about it much.
FEMA chip anyone?
Sent for a corner cell in Arkham
dmhdogpro said:
In all actuality if the gumment wanted to monitor you they already are....
Click to expand...
Click to collapse
Bingo
I do not worry about my Government, if they want me they
will come and get me (and I won't be able to stop them)
It is my fellow citizens whom scare me the most.
B33zal said:
Well, I'm no developer but if you are going to lurk deeper on backdoors, you'll soon find out that bigger corporations than Gooogle have implemented backdoors in their systems.
Click to expand...
Click to collapse
That is true and some EULAs even suggest that there is no privacy on the data commited to the systems. Simple software we use daily (specially in the MS Windows world) is gathering info about what data you search, what you download, what kinda documents you type, etc. Even cloud storage services have a EULA that guarantee you no privacy (Box, Dropbox, Google drive, etc)
As for Android, I highly doubt the problem lies in the operating system, since it is open source and anyone can take a look at it.
Now if you want a conspiracy theory, then read on...
Have you guys noticed how many of the browsers in Play Store are from chinese developers? Specially Dolphin, which many of you adore. Who can tell it isn't secretly sending your browsing habits to the Chinese government? How many people have been sniffing traffic to/from Dolphin (using tcpdump, for instance) to make sure it isn't doing other things?
Chrome (and Chromium) is another example: most people simply have to access their google accounts from these browsers. These browsers effectively send private user data to google. The question here is: how is google making use of such data and who is it sharing it with (for a profit or not)???
It's almost a paradox that in the information age we are more and more willing to have privacy but we have never shared so much of their personal lives with so many as we do now. Take, for instance, Facebook, Google+, Twitter,
I could go on and on... but I gotta some wifi sniffing to do right now and some wardriving later.

The samsung Knox app screams "NSA BACK DOOR"

So loving my note 3. I haven't rooted it yet or anything. As I want to see how the stock rom is for a month or so.
Something has been bugging me ever since I have started caring about my privacy and security. as every App I want to install wants to read my call log, control SMS's record conversations ect. when the app doesn't need to. for instance my favorite radio station. Thinks it needs the permission to know who I've called! What the hell for?
It's the reason I've begin to fall in love with Paranoid android ROM. I had it on my note 2. granted I couldn't use the S-pen at all as it didn't use touchwiz. but I found the ability to edit each apps security settings. worth the sacrifice!. (if anyone reads this. is there a way to put that into any ROM? the permissions editor?) I'd love to install it. but onto the pressing issue.
Samsung includes this magical service with the note 3 called Knox. now it's supposed to give you enterprise security.
When all it does. is constantly give me notifications that it's stopped certain programs from running.
when this morning I clicked the right button which too me to the permissions that Knox gets here they are
read phone status and identity
read, edit SMS's
full network access, ability to change network conns
retrieve running apps
prevent phone from sleeping
directly call phone numbers
Take pictures and video
Record audio
approximate location. Pinpoint location
Modify call contacts. read call log
add read or modify calendar events
read all web history, bookmarks ect
Modify or delete usb storage
Disable screen security
complete account control
Read dictionary terms
pair with any bluetooth
there is also lots of other non essential stuff. This is Freaking Alarming at the minimum. if no one is worried about this then its very sad! This screams NSA back door!
jjbk said:
This is Freaking Alarming at the minimum. if no one is worried about this then its very sad! This screams NSA back door!
Click to expand...
Click to collapse
I know a couple of CIO's that are wetting themselves over KNOX and they (and the DOD, CIA, and NSA for internal use) are the primary audiences. I'd like to assume that people in charge of protecting corporate data are smart enough to investigate the tools they are using to do that pretty thoroughly. My assumption is that the boatload of permissions KNOX requires are all tied to administering, monitoring, protecting, archiving, and deleting data off of devices being policed with MDM. Based on Huawei and Lenovo being cut out of acquisition opportunities and lucrative Western networking contracts because of their ties to the Chinese and "spying" I'd say the quickest way for Samsung to put themselves out of business and take Korea with them is to do what you're suggesting.
The KNOX is truly crap!
I had disable all KNOX after ROOT.
Samsung doing this KNOX thingy is full to crap! extremely useless!
jjbk said:
It's the reason I've begin to fall in love with Paranoid android ROM. I had it on my note 2. granted I couldn't use the S-pen at all as it didn't use touchwiz. but I found the ability to edit each apps security settings. worth the sacrifice!. (if anyone reads this. is there a way to put that into any ROM? the permissions editor?) I'd love to install it. but onto the pressing issue.
Click to expand...
Click to collapse
You can do this now with an unrooted Note 3. It's a sort of hidden feature of Android 4.3, but you just need access to an 'activity' called App Ops. There is a handy app in the Play store that creates this link for you:
https://play.google.com/store/apps/details?id=com.appaholics.applauncher
Knox is also a device administrator and to work correctly it needs pretty much all permissions.
That's normal.
Sent from my SM-N9005 using XDA Premium 4 mobile app
jeromepearce said:
You can do this now with an unrooted Note 3. It's a sort of hidden feature of Android 4.3, but you just need access to an 'activity' called App Ops. There is a handy app in the Play store that creates this link for you:
https://play.google.com/store/apps/details?id=com.appaholics.applauncher
Click to expand...
Click to collapse
Thanks. I got it. and started using it can't wait till paranoid brings out a good ROM. or something with full S pen funtionality. and then just install this on Thanks Once again
All this knox talk is funny. What are you really scared of?
NSA? No problem unless you're trying to hide something you should not be doing. If they want to see my search history or see my pics and read my emails, then go for it.
I just simply rooted and removed Knox, lots written about it - the secret agenda is nonsense.
jjbk said:
here is also lots of other non essential stuff. This is Freaking Alarming at the minimum. if no one is worried about this then its very sad! This screams NSA back door!
Click to expand...
Click to collapse
Of course Knox needs all these permissions - it is, essentially, a virtualised phone OS within a real phone OS.
Without those permissions, it simply wouldn't work!
Regards,
Dave
There is always this conspiracy theory :laugh:
Ppl need to cool down and chill.
foxmeister said:
Of course Knox needs all these permissions - it is, essentially, a virtualised phone OS within a real phone OS.
Without those permissions, it simply wouldn't work!
Regards,
Dave
Click to expand...
Click to collapse
There's no question KNOX is a nightmare for enthusiasts. But enthusiasts make up 5% of the market. XDA being the biggest enthusiast site on the web has 5M members; Samsung will sell 250M smart devices this year. The corporate market is probably 25-30% of annual smartphone sales. That's who KNOX is for and so far it's been extremely well received. I know of one company that's issued a mandate that all employees must use Samsung phones equipped with KNOX whether supplied by the company or via BYOD. If that happens enough Samsung's hit a home run with KNOX even if all 5M XDA members buy other phones. KNOX has been so successful LG's doing something similar.
http://www.engadget.com/2013/10/01/lg-gate-enterprise-security/
So ladies and gentlemen, KNOX and its ilk are here to stay.
weedahoe said:
All this knox talk is funny. What are you really scared of?
NSA? No problem unless you're trying to hide something you should not be doing. If they want to see my search history or see my pics and read my emails, then go for it.
Click to expand...
Click to collapse
Your mentality sucks. Surely i can expect some kind of privacy on a personal device. Wether im doing something i shouldnt be or not.
BarryH_GEG - is completely right its aimed at Corp users and its very useful. - those that slag it off has no idea what it is and what its used for.
KNOX - is Samsung's version SELinux, since its now standard in Linux Kernel, all variations of Linux will have this feature and Andriod is an variation of Linux.
So if you dont like SELinux you better switch from Andriod smartphones as this will be standard soon no matter which OEM you choose.
weedahoe said:
All this knox talk is funny. What are you really scared of?
NSA? No problem unless you're trying to hide something you should not be doing. If they want to see my search history or see my pics and read my emails, then go for it.
Click to expand...
Click to collapse
Putting KNOX aside, I want to understand your perspective on privacy.
Here's my perspective:
I have nothing to hide nor am I working in politics.
But with this backdoor technology, it IS a serious concern for journalists and honest politicians running against the current corrupted elite establishment.
Who (in the sex obsessed American public eye) will take their cause seriously after the establishment (with the help of NSA DB) releases a phone-sex tape or pictures of drunken high school pics?
In 2008, NSA workers told ABC News that they routinely eavesdropped on phone sex between troops serving overseas and their loved ones in America.
Click to expand...
Click to collapse
Who's to be the honest watchdog of the establishment if all journalists can be blackmailed with their personal info before they release their reports of establishment corruption?
This is not about something to HIDE.
It's about freedom and democracy.
Do you want your children to inherent a world where they can MAKE A DIFFERENCE or one where THEY CAN NOT??
You do know that Samsung is a Korean company - and a strongly nationalist one to the extent of a General Electric or. General Motors - right?
perosredo said:
You do know that Samsung is a Korean company - and a strongly nationalist one to the extent of a General Electric or. General Motors - right?
Click to expand...
Click to collapse
What does that have to do with whether it will comply with the laws in the country it wants to do business in?
Google a US COMPANY had to comply and censor results in many countries at the request of the foreign gov.
Twitter had to censor the posts of Arab Spring supporters at the request of their govs
BlackBerry a CANADIAN COMPANY had been pressured into releasing encryption keys to the Indian gov to spy on comms.
Samsung wants to do business in your country, does it not?
weedahoe said:
All this knox talk is funny. What are you really scared of?
NSA? No problem unless you're trying to hide something you should not be doing. If they want to see my search history or see my pics and read my emails, then go for it.
Click to expand...
Click to collapse
Agreed........... I deliberately take regular photos of my untrimmed white bits just for them.... :laugh:
jonlewi5 said:
Your mentality sucks. Surely i can expect some kind of privacy on a personal device. Wether im doing something i shouldnt be or not.
Click to expand...
Click to collapse
You better get off the internet now and any social site you might have ever been on. Lots of engines index everything you put out there so even though you think you delete it, its still there......somewhere
klau1 said:
I want to understand your perspective on privacy.
Click to expand...
Click to collapse
Anyone here's perspective on privacy really doesn't belong on XDA. It's one thing to talk about the impact of KNOX on device development, how to use (or not use) its functionality, and what its impact is to privacy and another to have general privacy discussions that belong on Reddit.
OP's question was asked and answered. KNOX's sweeping permissions are required for it to function. If people feel that KNOX could impact their privacy disable it or send Samsung a message by not buying their products. Just like Samsung's reaction to the negative coverage of Region Lock was to ignore it you can pretty much assume that'll be their position on KNOX too. I use KNOX so if there's some sort of nefarious activity it performs or my data gets compromised I'll report back. That's assuming I'm not captured by the CIA and renditioned to a foreign country and water boarded.
klau1 said:
But with this backdoor technology, it IS a serious concern for journalists and honest politicians running against the current corrupted elite establishment.
Click to expand...
Click to collapse
What backdoor technology? KNOX?
Unless you are running your own version of a mobile OS, compiled from source and having reviewed all the code to remove any backdoors, you are potentially vulnerable to all sorts of backdoors that Google, Samsung, HTC, Microsoft, Apple, or any other company may have inserted the ROM build you are running. KNOX changes none of this.
Privacy is an illusion, and always has been!
Regards,
Dave

Categories

Resources