US government mandates special "emergency alerts" chip in all cell phones by 2012
Yet another Big Brother measure destined to shove presidential messages to every cell phone user, eat battery juice, and add to the phone's cost:
A new national alert system is set to begin in New York City that will alert the public to emergencies via cell phones. [...] starting next year, all cell phones will be required to have the chip that receives alerts [...] The Droid X already has the chip. The system will use GPS technology to send geographically-targeted alerts: information about public safety threats, Amber Alerts for missing children, and presidential messages. Users can't opt out of the presidential messages. [The alerts] eventually might include audio and video content.
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Below is a summary I cobbled together from the scarce information provided by the FCC here and here, and from press coverage.
The service is called "Personal Localized Alerting Network" or "PLAN" (technically called the "Commercial Mobile Alert System") and is scheduled to be available in New York by the end of 2011 and throughout the United States by April 2012, as a consequence of the Warning, Alert and Response Network (WARN) Act passed by Congress in 2006, which allocated $106 million to fund the program[1].
All new phones will be required to have the special chip, and according to AT&T spokesman Robert Quinn, some iPhones and Android phones already have it. It is confirmed that the Droid X (released in June 2010) does support PLAN and has a special "Emergency Alerts" app. Although this means the chip has been out there for at least one year, there is no precise list of which phones have the chips.
Carriers that will participate ahead of schedule are AT&T, Sprint, T-Mobile and Verizon. The alerts will be text-like messages of 90 characters or less, and they'll be geographically targeted using GPS technology (does this mean that the chip will send your location continuously?). Alerts will be accompanied by a unique attention signal and vibration (helpful to people with hearing or vision disabilities). The PLAN alert will appear as a pop-up text, different from regular text messages. PC World reported that the alerts "eventually might include audio and video content".
Alerts will be pushed via wireless carrier cell towers, but are designed to not suffer from the congestion that can affect regular SMS text messages.
The CMAS Third Report and Order mentions that cost recovery is left as a decision for carriers: they may choose to absorb the costs themselves, or pass them on to customers.
Phones that already have the PLAN technology
* Motorola Droid X (sources)
* Sanyo Innuendo (source: Sprint spokesperson Crystal Davis, 571-288-6806, crystal.davisATsprint.com via Business Wire)
* Sanyo Vera (source: as above)
* Sprint "plans to launch more PLAN-capable mobile devices later this year, and include PLAN technology in all new Sprint phones by the end of 2011." (source: as above)
Has anyone heard of this? It's been 3 weeks since the news was out and I haven't seen any followup in the media. The technical information is also extremely scarce. A few questions can be raised.
Concerns with the PLAN chip
UPDATE: see a comment from reddit, which addresses most of these issues.
1. Why is there so little precise technical information on a measure that will affect every single phone manufactured since 2012?
2. The cited reason for having an extra chip embedded in each cell phone is that the current SMS infrastructure can get congested in times of emergency. However, PLAN still uses wireless carrier cell towers to push messages (as opposed to a different frequency, like the ones used for radio clock synchronization or GPS). The GSM standard already supports Cell Broadcast (CB) messaging. This FCC paper from 2007 states that "Cell broadcast is already resident in most network infrastructure and in most phones, so there is no need to build any towers, lay any cable, write any software, or replace terminals". What is the exact justification of the extra chip? If the existence of the chip is a misunderstanding of the media, then why don't existing phones work with the system already? Why do we need new phones that are "PLAN-capable"?
3. Why limit the system to 90 characters of text, instead of relying on the existing multimedia message infrastructure, which can be used to send, for example, such critical information as a photo of an evacuation map? Also, the system is not backward compatible with the over 300 million mobile phones already in place in the United States, while using SMS is (more on these issues). It will take a few years (5?) for all phones to support PLAN. How many lives will be lost in the meantime? SMS is available now. Also, old people, the ones most likely to be affected by certain kinds of emergencies, tend to use very simple phones and to be very late adopters of new technology. Their phones do support SMS though.
4. Does the technology use GPS, as BBC mentions? The battery drain and surveillance implications are major.
5. Users can't opt out of “Presidential” messages. What safeguards are in place that would prevent an oppressive government from abusing this technology?
6. The design of the system is not available. How can the users know that it won't be abused? The chip could be programmed to snap a picture from the phone's camera, or to covertly record audio, upon receiving a certain signal. Remote activation of a phone's microphone has already been done by the FBI using the so-called roving bug.
7. What is to prevent the government-required software from receiving a certain signal or message which would disable the cell phone or its Internet access (useful in times of civil unrest, as has been seen in the Arab Spring revolts)?
8. Will rooting phones or custom ROMs become illegal, especially if one modifies the function of how the PLAN network interacts with the smartphone?
Sources and media coverage
The only first-hand press coverage I've seen dates from May 10-11, and there's been nothing since.
* National Emergency Alert System Set To Launch In NYC, with audio from the announcement. 800+ users comments, mostly against the idea. "For now, the alerts are capable on certain high-end cell phones but starting next year, all cell phones will be required to have the chip that receives alerts."
* Engadget - text of the press release. "Participating carriers are including PLAN chips in their new phones, and many recently purchased phones already have the chip and only will require a software upgrade."
* Wired: Bloomberg, FEMA, FCC Detail NYC Emergency Notification System: "The assembled wireless-company executives, including AT&T CEO Randall L. Stephenson and Verizon CEO Ivan Seidenberg, pledged their support for the system and said new devices will be equipped with a PLAN chip. [...] a list of compatible phones would be posted soon on the FCC’s website [...] Officials didn’t go into detail about the technical specifications of the new network."
* PC World: FCC Calls for Mobile Alert System (2008): "The alerts initially would be text only, though with vibration and audio signals for people with disabilities. They eventually might include audio and video content." (confirmed at FCC's site)
* MacDailyNews: U.S. gov’t mandates special chip in all cellphones; users can’t opt out of presidential messages: "It will use GPS technology and will send some of the alerts based on the location of the phone user."
* Daily Mail UK: Don't write off a text message from the president as a prank: It's an emergency and he might just save your life...: "A special chip is required to allow the phone to receive the messages"
* NY Times: Emergency Alert System Expected for Cellphones: "special chip [...] is currently included in some higher-end smartphones like the latest iPhones"
* USA Today: Cellphones get emergency alerts: "Some current cellphones, including some iPhones and some Android phones, already have the circuitry required to receive PLAN alerts. The iPhones that have the capacity to get alerts, says AT&T's Robert Quinn, will require software modifications. New AT&T phones due out in October will be PLAN-ready."
* NY Post: "Officials said at least three models already have the chip: the Droid X, the iPhone 4 and the Innuendo." The emergency alert feature and app (which can't be uninstalled) are confirmed on the Droid X. Note that the Droid X was released in July 2010.
* BBC: Mobile phone emergency alert system to launch in US: "Mr Bloomberg unveiled the Personal Localized Alerting Network, or Plan, on Tuesday, explaining that the system will implemented through a special chip installed on new mobile phones. The system works through GPS technology and will send some of the alerts based on a user's location."
* AFP: US alert system targets mobile phones: "The alerts will be text-like messages of 90 characters or less."
* Associated Press: Cellphone alert system announced in NYC: "A special chip is required to allow the phone to receive the messages. Some smartphones already have the chip, and software updates will be available when the network goes online later this year."
* FEMA page - no technical details, and nothing beyond what the press said
* slashdot and reddit
Specs
CMAS/PLAN specs I dug up. They seem to indicate that Cell Broadcasts will be used, but all specs are paywalled from $125 and up.
Hadn't heard about this at all. I'm not for it, I don't see why I can't just opt-in to a service like this, no special chip required at all. When I was in college, after the VA Tech shootings the University started a service to alert everybody in case of an emergency. Hell, my job has an automated system that tells us when there's an unexpected closing. But apparently the government needs a chip for that purpose. Absurd.
How much you wanna bet there's going to be a lot more in that chip than just something allowing you to receive warning messages.
How about full on tracking and voice recording?
Patriot Act.
Call me naive, but I'm not as paranoid about this. Sure, the gubmint does all sorts of monitoring they shouldn't, but going so far as to install a special chip in every cell phone in the country? They can't hide that. It's out in the open, to be dissected and shown to the world for what it is. I can't imagine they'd do something so brash. They'd never live it down.
I Am Marino said:
How much you wanna bet there's going to be a lot more in that chip than just something allowing you to receive warning messages.
How about full on tracking and voice recording?
Patriot Act.
Click to expand...
Click to collapse
I seen sum videos on yutube dat most new cellphones r bein tapped to hear your voice conversations bcuz of terorist acts
I see the Tin-Foil hat brigade have come out in force..
How is this not a good thing?
The Police cannot be everywhere at once, but the public is! If a child goes missing and a member of the public sees them, how is that not WIN for the child?
If you haven't done something wrong, then you don't have to worry..
But wait, that's not the discussion is it? It's healthy to be a little bit skeptic, but paranoid? Not so much.
The "nothing to hide" argument again
BazookaAce said:
If you haven't done something wrong, then you don't have to worry..
Click to expand...
Click to collapse
This is the common "nothing to hide" argument. It suffers from four problems:
* aggregation: if you bought a book on cancer, that won't raise any flags, but if you bought a wig as well, that suggests you're undergoing chemotherapy, something you might not want to be known
* exclusion - people are most of the time unaware of what information is being kept or tracked about them. When they accidentally find out to what extent they are being monitored, the reaction is one of shock.
* guilt by associaton - since you have no idea how your information is used and aggregated, what if some of the purchases you make or places you visit happen to match a pattern observed in actions of government enemies (not terrorists, but "hostile or critical journalists, campaigning lobbyists, businessmen who are likely to sponsor rival parties, people who oppose the party leader's favourite idea of the year")? Once you get on a watch list, even due to an error, it's extremely hard to get out of it. Read Hasan Elahi's story of how he was inadvertently detained by FBI agents in 2002, and since then, he publishes everything he does online, so that he can be monitored properly ("The government monitors your movements, but it gets things wrong. You can monitor yourself much more accurately").
* distortion - if you buy books on cellphone hacking, the government might think you want to thwart surveillance or avoid a roving wiretap; while you might simply be doing security research or writing a novel
More at http://tinyurl.com/debunk-nothing-to-hide .
Why can't they just send a text message out to everyone like they do in a lot of universities? Sounds like a waste of money.
Send text messages instead
panchopunk said:
Why can't they just send a text message out to everyone like they do in a lot of universities? Sounds like a waste of money.
Click to expand...
Click to collapse
Exactly. We have all the infrastructure we need for text message; they are fast, cheap, and don't require forcing manufacturers to add yet another chip into the phone.
Did someone say the sekrit word?
dandv said:
Exactly. We have all the infrastructure we need for text message; they are fast, cheap, and don't require forcing manufacturers to add yet another chip into the phone.
Click to expand...
Click to collapse
There is money to be made. If each chip costs $10 to install. Think of all the denirro they are going to make. Plus some sort of upkeep tax to pay the director head(read: ol'bud) with.
what better way to keep track of ppl than a chip in a cell phone? Come on ppl...EVERYBODY has cell phones. Next its gonna be RFID tags under ur skin...
666...
... wow this is the biggest bull ever... text are easier require less effort and are less invasive... talk about wasting taxpayer dollars
New World Order
The Extreme invasive Big Brother gov show continues...
Personally, I like the idea of getting alerts like this, and I think their execution does make some sense. Let me explain: In order for them to use the text message infrastructure to do a mass broadcast, they would first have to get the message to the service providers who would then have to transmit the message to their customers - adding in potential points of failure. Or, they would have to get the providers to hand over a list of all current cell phone #'s to send the alerts directly (which would cause even more uproar) and would cost manpower on both sides in order to keep that list up to date. With the new chip/firmware, it takes all of that out of the equation - no "middle man" needed and the government doesn't have to maintain a list of phone numbers. I'm also guessing that the way you would opt-out would be to essentially turn off the chip through a software switch.
That being said, as much as I understand the thought process and them wanting to be able to broadcast messages to all cell phone users, I too would much rather it be an opt-in type of service - which would negate my entire argument above
Hmm... a government required chip in every cell phone? I'm not usually a conspiracy kind of person, but why do I get the feeling that no good can come of this?
STOP WASTING MY PRECIOUS HARDWARE SPACE!!
They could've used that spot to place some other chip to improve the phone and just make an app or something
Sent from my SAMSUNG-SGH-I897 using XDA App
abrigham said:
With the new chip/firmware, it takes all of that out of the equation - no "middle man" needed and the government doesn't have to maintain a list of phone numbers.
Click to expand...
Click to collapse
Those are good points. Also, in times of emergency, the phone network might become congested, while broadcasting to the chip is essentially a multicast message, which can't suffer from congestion.
As long as the chips are not identifiable and don't transmit information back, I'm okay with them (minus concerns about extra cost and battery drain). They'd be like a GPS receiver, or an atomic clock receiver.
But how can we verify that? Who will manufacture them? Will their hardware and software designs be public? Probably not, so as not to increase the risk of abuse by those who'd love to spam millions of people.
abrigham said:
That being said, as much as I understand the thought process and them wanting to be able to broadcast messages to all cell phone users, I too would much rather it be an opt-in type of service - which would negate my entire argument above
Click to expand...
Click to collapse
Unfortunately, that wouldn't work, due to human psychology: people are way less likely to opt into a service that has dubious benefits, and opting in takes effort.
For example, consider organ donation in case of a fatal traffic accident: in Germany, which uses an opt-in system, only 12 percent give their consent; in Austria, which uses opt-out, nearly everyone (99 percent) does. The only difference is in the organ donor registration form:
Germany: Check this box if you would like to be an organ donor.
Austria: Check this box if you would not like to be an organ donor.
abrigham said:
I'm also guessing that the way you would opt-out would be to essentially turn off the chip through a software switch.
Click to expand...
Click to collapse
But you can't opt out of presidential messages. And one can imagine those messages being used for more than emergency alerts. The US lives in climate of terror that makes Americans believe that TSA pat-downs improve security (they don't, they kill people because more take the freeways instead of planes, and about 500 extra people die each year in traffic casualties; plus $4B in lost business).
Presidential messages you can't opt out of are an easy way to escalate the fear-mongering with "terror threat alert" messages. They can later serve as a political platform capable of previously unbelievable reach, pushing the presidential propaganda down the throat of hundreds of millions of cell phone users.
But if we think like psychologists again, what will be the government's response to the comment above? Probably something like "People who hate the presidential messages will just ignore them, so calm down".
And that is exactly the problem: potential mass indoctrination of those who are mildly in favor of the regime, or who are neutral, or not pissed off enough with it. And this is how you get the most converts; not by targeting those vehemently against your opinion. And converts equals votes.
This is total MOD EDIT: LANGUAGE I don't want "them" sending me crap! If they want ppl to hear them then the U.S. gov. Can make a MOD EDIT: LANGUAGE app!
Sent from the Drivers Seat of my Suby txting and Driving doing 100MPH+ in a school zone! Ha.
By now anyone who has an Android phone has heard about CarrierIQ, CIQ or IQAgent. Business Wire in London announced on June 8th:
LONDON--(BUSINESS WIRE)--Carrier IQ, today announced availability of a new Application Analytics module that will enable mobile operators and device manufacturers to monitor application performance and usage across multiple mobile device platforms, including tablet devices. Carrier IQ’s technology provides mobile network operators and device manufacturers with invaluable insights into the performance of various devices and networks from the user’s perspective. Carrier IQ’s solution is deployed on over 150 million mobile devices including smartphones, feature phones, data cards, radio-equipped devices, downloadable agents and now tablet devices.
Click to expand...
Click to collapse
For the few who may be scratching their heads wondering what CarrierIQ is...
Steve Topletz, a member of an international group of hackers, human rights workers, lawyers and artists that fights internet censorship and promotes the right to privacy has described it as follows:
Carrier IQ as a platform is designed to collect "metrics" at any
scale. What I found it to hook into is far beyond the scope of
anything a carrier needs - or should want - to be collecting.
Carrier IQ sits in the middle of, and "checks" the data of, SMS and
MMS messages. It listens for and receives every battery change
notifications. It hooks into every web page you view, and every XML
file your device reads. It receives every press of the touch screen.
It 'sees' what you type on the physical keyboard. It reads every
number you press in the dialer. It can track which applications you
use, what 'type' they are, how often, and for how long. It hooks into
data sent and received.
Click to expand...
Click to collapse
Information on CarrierIQ can also be found in the ACS SFR Epic4G ROM discussion thread and a thread I started requesting information from Epic4G Dev's here.
References to CIQ have been found deeply embedded Epic4G
Code:
Provided by chris41g
to be effectively removed you only need to remove it from 4 files. it is referenced elsewhere scattered throughout... but the four main files are
DialerTabActivity.apk
ext.jar
framework.jar
services.jar
then in the kernels initramfs, you have to disable the service in the init.rc
Provided by mkasick
Here's all the files that reference "CIQ", "carrieriq", or "libiq" with instances unrelated to Carrier IQ removed:
/ (initramfs):
- init: /dev/ttyCIQ0 UART, presumably to communicate with radio.
- init.rc: Start iqmsd service if property:service.iq.active=1.
- lib/modules/dpram.ko: Implements ttyCIQ UARTs.
/system:
- app/DialerTabActivity.odex
- app/FactoryTest.odex
- bin/iqmsd
- framework/ext.odex
- framework/framework.odex
- framework/sec_feature.odex
- framework/services.odex
- lib/libiq_client.so
- lib/libiq_service.so
Of these, bin/iqmsd is a purpose-unknown daemon, and libiq_client.so & libiq_service.so the client & service native code. The client & service managed code is implemented in framework/ext.odex & framework/framework.odex respectively.
In addition, the following framework classes reference Carrier IQ in some fashion:
framework/ext.odex:
- org.apache.http.impl.client.DefaultRequestDirector
framework.framework.odex:
- android.inputmethodservice.InputMethodService
- android.net.http.Request
- android.webkit.{BrowserFrame,CallbackProxy,LoadLis tener,WebViewCore}
- com.android.internal.telephony.SMSDispatcher
framework.services.odex:
- com.android.server.BatteryService
- com.android.server.WindowManagerService
- com.android.server.am.UsageStatsService
Finally, libiq_service.so is used exclusively by framework/framework.odex (com.carrieriq.iqagent.client.NativeClient), and libiq_client.so is used by:
- bin/iqmsd
- framework/ext.odex (com.carrieriq.iqagent.service.IQService)
- lib/libopencore_player.so
Makes you wonder what might be in the closed source.
The Android platform, like Linux, is based on openness. I am calling on all Android developers, programmers, hackers and users to band together as a community and come forward with any information you may have on CarrierIQ.
I am asking all those with the knowledge and resources to delve deeper into this issue to please do so and help spread the truth.
For anyone who wishes to contribute confidentially and anonymously please email:
CIQINVESTIGATION @ VERIZON dot NET
Below are some of the most recent statements made by Sprint in response to questions concerning CarrierIQ:
“The software that is in the Android phones is supplied by Google themselves as well as the manufacturer. We (Sprint) has no control over the actual operating system supplied to us such as the Carrier IQ as it is indigenous to the Android platform.”
“Removing the Carrier IQ software from your Samsung Epic device can void your manufacturer warranty.”
“I appreciate you taking the time to speak with me today. I understand your concerns about the Carrier IQ software and how it can access personal information on the device. As discussed on our call, we are committed to protecting our customers personal information.”
Click to expand...
Click to collapse
My questions were directed towards Sprint about CarrieriIQ and the Samsung Galaxy S Epic4G because that is my service and phone. I would love to hear from others on their experiences when questioning their carriers about CarrierIQ on Android phones.
I have contacted CarrierIQ, Inc., Google and Samsung Mobile US requesting comment on the above statements and other direct questions.
I have a quote from a telephone conversation with Samsung technical support that I am hoping to be able to release soon. After receiving the statement in response to a question about CarrierIQ I sought legal advice and was advised to give Samsung Mobile US's PR company, Edelman PR, the opportunity to comment on it prior to making it public.
I received a response yesterday to my questions about the capabilities of CIQ from a group that has disassembled IQAgent & CarrierIQ.
We have actually disassembled IQAgent/carrierIQ and captured its behavior to find exactly what it is sending back to sprint on the samsung optimus phone. The information we found it to collect was basic, such as cell towers, signal strengths, device battery. Nothing alarming on that phone, but Sprint could send a remote update to enable the surveillance features without the owner being aware.
Now while the above statement is about the Optimus, I was able to confirm through another source that IQAgent & CarrierIQ data collection and transmission capabilities are basically set the same across all Sprint Android offerings. (exception Nexus S)
Click to expand...
Click to collapse
Lets recap
IQAgent & CarrierIQ run as a backgroud service on boot.
CarrierIQ logging is set to OFF
CarrierIQ is collecting data and transmitting it on the fly without logging it.
The data CarrierIQ is collecting is basic metrics.
The surveillance capabilities of CarrierIQ can be activated through remote update running in the background at any time by Sprint.
hmmmmmm very interesting.
I am actually quite surprised by the apathy of Android users and consumers in general when it comes to privacy and protecting their personal information.
In just a few months this software has gone from 90 Million installations to over 150 Million across multiple smartphones, feature phones, tablets, etc...
Your next phone will most likely have CarrierIQ or a similarly capable software installed on it unless we make our voices heard now.
Okay, so, I summed up some 5 articles on this subject - in the hope of starting a discussion about device security. I hope you will find this interesting and meaningful and perhaps you will find out about some of the risks of using Android.
2 months ago Juniper Networks, one of the two biggest network equipment manufactures, published a blog post (1) about an intensive research their mobile threat department had on the Android market place.
In essence they analyzed over 1.7 million apps in Google Play, revealing frightening results and prompting a hard reality check for all of us.
One of the worrying findings is that a significant number of applications contain capabilities that could expose sensitive information to 3rd parties. For example, neither Apple nor Google requires apps to ask permission to access some forms of the device ID, or to send it to outsiders. A Wall Street Journal examination (2) of 101 popular Android (and iPhone) apps found that showed that 56 — that's half — of the apps tested transmitted the phone's unique device ID to other companies without users' awareness or consent. 47 apps — again, almost a half — transmitted the phone's location to other companies.
That means that the apps installed in your phone are 50% likely to clandestinely collect and sell information about you without your knowledge nor your consent. For example when you give permission to an app to see your location, most apps don't disclose if they will pass the location to ad companies.
Moving on to more severe Android vulnerabilities. Many applications perform functions not needed for the apps to work — and they do it under the radar! The lack of transparency about who is collecting information and how it is used is a big problem for us.
Juniper warns, that some apps request permission to clandestinely initiate outgoing calls, send SMS messages and use a device camera. An application that can clandestinely initiate a phone call could be used to silently listen to ambient conversations within hearing distance of a mobile device. I am of course talking about the famous and infamous US Navy PlaceRaider (3).
Thankfully the Navy hasn't released this code but who knows if someone hadn't already jumped on the wagon and started making their own pocket sp?. CIO magazine (4) somewhat reassures us though, that the "highly curated nature of [smartphone] application stores makes it far less likely that such an app would "sneak through" and be available for download."
A summary by The Register (5) of the Juniper Networks audit reads that Juniper discovered that free applications are five times more likely to track user location and a whopping 314 percent more likely to access user address books than paid counterparts. 314%!!!
1 in 40 (2.64%) of free apps request permission to send text messages without notifying users, 5.53 per cent of free apps have permission to access the device camera and 6.4 per cent of free apps have permission to clandestinely initiate background calls. Who knows, someone might just be recording you right now, or submitting your photo to some covert database in Czech Republic — without you even knowing that your personal identity is being compromised.
Google, by the way, is the biggest data recipient — so says The Wall Street Journal. Its AdMob, AdSense, Analytics and DoubleClick units collected data from 40% of the apps they audited. Google's main mobile-ad network is AdMob, which lets advertisers target phone users by location, type of device and "demographic data," including gender or age group.
To quote the The Register on the subjec, the issue of mobile app privacy is not new. However Juniper's research is one of the most comprehensive looks at the state of privacy across the entire Google Android application ecosystem. Don't get me wrong. I love using Google's services and I appreciate the positive effect this company has had over how I live my life. However, with a shady reputation like Google's and with it's troubling attitude towards privacy (Google Maps/Earth, Picasa's nonexistent privacy and the list goes on) I sincerely hope that after reading this you will at least think twice before installing any app.
Links: (please excuse my links I'm a new user and cannot post links)
(1) forums.juniper net/t5/Security-Mobility-Now/Exposing-Your-Personal-Information-There-s-An-App-for-That/ba-p/166058
(2) online.wsj com/article/SB10001424052748704694004576020083703574602.html
(3) technologyreview com/view/509116/best-of-2012-placeraider-the-military-smartphone-malware-designed-to-steal-your-life/
(4) cio com/article/718580/PlaceRaider_Shows_Why_Android_Phones_Are_a_Major_Security_Risk?page=2&taxonomyId=3067
(5) theregister co.uk/2012/11/01/android_app_privacy_audit/
____________________________________________________________________________________________
Now I am proposing a discussion. Starting with - do we have the possibility to monitor device activity on the phone? By monitoring device activity, such as outgoing SMSs and phone calls in the background, the camera functions and so on we can tell if our phone is being abused under the radar and against our consent. What do you think?
.
I am finding it sad and troubling but even more so ironic that nobody here cares about this stuff.
Pdroid allows you to tailor your apps and what permissions your device actually allows on a per app basis. Requires some setup, and the GUI is nothing fancy.. but for those worried about permissions, it is quite ideal.
Edit : http://forum.xda-developers.com/showthread.php?t=1357056
Great project, be sure to thank the dev
Sent from my ADR6425LVW using Tapatalk 2
DontPushButtons said:
Pdroid allows you to tailor your apps and what permissions your device actually allows on a per app basis
Click to expand...
Click to collapse
Sounds good for a start, I'll look it up
pilau said:
Sounds good for a start, I'll look it up
Click to expand...
Click to collapse
Okay, so I looked it up, and Pdroid does look like a fantastic solution to control what apps have access to what information on your droid.
However, it doesn't cover monitoring hardware functions such as texts being sent, calls being placed etc. as described in the OP. Besides, it only works in Gingerbread as far as I could gather.
EDIT: looking at PDroid 2.0, it does exactly what I originally asked
pilau said:
Okay, so I looked it up, and Pdroid does look like a fantastic solution a control what apps have access to what information on you droid.
However, it doesn't cover monitoring hardware functions such as texts being sent, calls being placed etc. as described in the OP. Besides, it only works in Gingerbread as far as I could gather.
Click to expand...
Click to collapse
I actually first found out about it on an ics rom, so it's definitely not just gb. As for monitoring, no clue. Any sort of extra process logging would likely bog down resources or space eventually.
Sent from my ADR6425LVW using Tapatalk 2
DontPushButtons said:
Any sort of extra process logging would likely bog down resources or space eventually.
Click to expand...
Click to collapse
I definitely wouldn't know. This solution looks very complicated in first impression but on the Google play page it says 100% no performance effects.
Anyway, I looked up PDroid 2.0 here on XDA, which is the rightful successor of the original app. It does everything the original app does and also monitors many device activities! Here is the full list of features. I would add a working link but I'm still a n00b and I am restricted from doing so. Sigh....
forum.xda-developers com/showthread.php?t=1923576
PDroid 2.0 allows blocking access for any installed application to the following data separately:
Device ID (IMEI/MEID/ESN)
Subscriber ID (IMSI)
SIM serial (ICCID)
Phone and mailbox number
Incoming call number
Outgoing call number
GPS location
Network location
List of accounts (including your google e-mail address)
Account auth tokens
Contacts
Call logs
Calendar
SMS
MMS
Browser bookmarks and history
System logs
SIM info (operator, country)
Network info (operator, country)
IP Tables(until now only for Java process)
Android ID
Call Phone
Send SMS
Send MMS
Record Audio
Access Camera
Force online state (fake online state to permanent online)
Wifi Info
ICC Access (integrated circuit-card access, for reading/writing sms on ICC)
Switch network state (e.g. mobile network)
Switch Wifi State
Start on Boot (prevents that application gets the INTENT_BOOT_COMPLETE Broadcast)
I've always had the luxury of someone else integrating it into the Rom, then I just had to set it up through the app. It is time-consuming, but not very difficult at all. I say give it a shot and see if that's what you had in mind. Maybe the logging is less detrimental than I had previously thought.
I'm sure you could get your post count up by asking for some tips in that thread. Every forum on xda has at least one person that's EXCESSIVELY helpful, frequently more. So have a ball
Sent from my ADR6425LVW using Tapatalk 2