By now anyone who has an Android phone has heard about CarrierIQ, CIQ or IQAgent. Business Wire in London announced on June 8th:
LONDON--(BUSINESS WIRE)--Carrier IQ, today announced availability of a new Application Analytics module that will enable mobile operators and device manufacturers to monitor application performance and usage across multiple mobile device platforms, including tablet devices. Carrier IQ’s technology provides mobile network operators and device manufacturers with invaluable insights into the performance of various devices and networks from the user’s perspective. Carrier IQ’s solution is deployed on over 150 million mobile devices including smartphones, feature phones, data cards, radio-equipped devices, downloadable agents and now tablet devices.
Click to expand...
Click to collapse
For the few who may be scratching their heads wondering what CarrierIQ is...
Steve Topletz, a member of an international group of hackers, human rights workers, lawyers and artists that fights internet censorship and promotes the right to privacy has described it as follows:
Carrier IQ as a platform is designed to collect "metrics" at any
scale. What I found it to hook into is far beyond the scope of
anything a carrier needs - or should want - to be collecting.
Carrier IQ sits in the middle of, and "checks" the data of, SMS and
MMS messages. It listens for and receives every battery change
notifications. It hooks into every web page you view, and every XML
file your device reads. It receives every press of the touch screen.
It 'sees' what you type on the physical keyboard. It reads every
number you press in the dialer. It can track which applications you
use, what 'type' they are, how often, and for how long. It hooks into
data sent and received.
Click to expand...
Click to collapse
Information on CarrierIQ can also be found in the ACS SFR Epic4G ROM discussion thread and a thread I started requesting information from Epic4G Dev's here.
References to CIQ have been found deeply embedded Epic4G
Code:
Provided by chris41g
to be effectively removed you only need to remove it from 4 files. it is referenced elsewhere scattered throughout... but the four main files are
DialerTabActivity.apk
ext.jar
framework.jar
services.jar
then in the kernels initramfs, you have to disable the service in the init.rc
Provided by mkasick
Here's all the files that reference "CIQ", "carrieriq", or "libiq" with instances unrelated to Carrier IQ removed:
/ (initramfs):
- init: /dev/ttyCIQ0 UART, presumably to communicate with radio.
- init.rc: Start iqmsd service if property:service.iq.active=1.
- lib/modules/dpram.ko: Implements ttyCIQ UARTs.
/system:
- app/DialerTabActivity.odex
- app/FactoryTest.odex
- bin/iqmsd
- framework/ext.odex
- framework/framework.odex
- framework/sec_feature.odex
- framework/services.odex
- lib/libiq_client.so
- lib/libiq_service.so
Of these, bin/iqmsd is a purpose-unknown daemon, and libiq_client.so & libiq_service.so the client & service native code. The client & service managed code is implemented in framework/ext.odex & framework/framework.odex respectively.
In addition, the following framework classes reference Carrier IQ in some fashion:
framework/ext.odex:
- org.apache.http.impl.client.DefaultRequestDirector
framework.framework.odex:
- android.inputmethodservice.InputMethodService
- android.net.http.Request
- android.webkit.{BrowserFrame,CallbackProxy,LoadLis tener,WebViewCore}
- com.android.internal.telephony.SMSDispatcher
framework.services.odex:
- com.android.server.BatteryService
- com.android.server.WindowManagerService
- com.android.server.am.UsageStatsService
Finally, libiq_service.so is used exclusively by framework/framework.odex (com.carrieriq.iqagent.client.NativeClient), and libiq_client.so is used by:
- bin/iqmsd
- framework/ext.odex (com.carrieriq.iqagent.service.IQService)
- lib/libopencore_player.so
Makes you wonder what might be in the closed source.
The Android platform, like Linux, is based on openness. I am calling on all Android developers, programmers, hackers and users to band together as a community and come forward with any information you may have on CarrierIQ.
I am asking all those with the knowledge and resources to delve deeper into this issue to please do so and help spread the truth.
For anyone who wishes to contribute confidentially and anonymously please email:
CIQINVESTIGATION @ VERIZON dot NET
Below are some of the most recent statements made by Sprint in response to questions concerning CarrierIQ:
“The software that is in the Android phones is supplied by Google themselves as well as the manufacturer. We (Sprint) has no control over the actual operating system supplied to us such as the Carrier IQ as it is indigenous to the Android platform.”
“Removing the Carrier IQ software from your Samsung Epic device can void your manufacturer warranty.”
“I appreciate you taking the time to speak with me today. I understand your concerns about the Carrier IQ software and how it can access personal information on the device. As discussed on our call, we are committed to protecting our customers personal information.”
Click to expand...
Click to collapse
My questions were directed towards Sprint about CarrieriIQ and the Samsung Galaxy S Epic4G because that is my service and phone. I would love to hear from others on their experiences when questioning their carriers about CarrierIQ on Android phones.
I have contacted CarrierIQ, Inc., Google and Samsung Mobile US requesting comment on the above statements and other direct questions.
I have a quote from a telephone conversation with Samsung technical support that I am hoping to be able to release soon. After receiving the statement in response to a question about CarrierIQ I sought legal advice and was advised to give Samsung Mobile US's PR company, Edelman PR, the opportunity to comment on it prior to making it public.
I received a response yesterday to my questions about the capabilities of CIQ from a group that has disassembled IQAgent & CarrierIQ.
We have actually disassembled IQAgent/carrierIQ and captured its behavior to find exactly what it is sending back to sprint on the samsung optimus phone. The information we found it to collect was basic, such as cell towers, signal strengths, device battery. Nothing alarming on that phone, but Sprint could send a remote update to enable the surveillance features without the owner being aware.
Now while the above statement is about the Optimus, I was able to confirm through another source that IQAgent & CarrierIQ data collection and transmission capabilities are basically set the same across all Sprint Android offerings. (exception Nexus S)
Click to expand...
Click to collapse
Lets recap
IQAgent & CarrierIQ run as a backgroud service on boot.
CarrierIQ logging is set to OFF
CarrierIQ is collecting data and transmitting it on the fly without logging it.
The data CarrierIQ is collecting is basic metrics.
The surveillance capabilities of CarrierIQ can be activated through remote update running in the background at any time by Sprint.
hmmmmmm very interesting.
I am actually quite surprised by the apathy of Android users and consumers in general when it comes to privacy and protecting their personal information.
In just a few months this software has gone from 90 Million installations to over 150 Million across multiple smartphones, feature phones, tablets, etc...
Your next phone will most likely have CarrierIQ or a similarly capable software installed on it unless we make our voices heard now.
Hey Guys,
Though this may be my first post, i will was i am no pro nor noob. With that out of the way, I've been on android since gb stock and custom (usually custom 2-3hr after i get a new phone XD ). Android has improved leaps and bounds. However, simple things are either complex ( such as managing nandroids or even obtaining for some users), convoluted ( media management, migration to a new rom while retaining data etc.), or costly( the new airdroid, helium backup etc..). I feel that a lot of the paid services while awesome, simply cost too much.
So that said would anyone be interested in:
A cross platform Android manager
A set of core android utilities (on your phone)
Incorporating premium functionality and a nice gui (probably material based).
If so what functionality would you like ?
Some links to some existing works ?
some cool ideas ? ~~
**NOTE **
i do know there are quite a few initiative towards this goal.
The idea is to have a unified toolset to form an unofficial official Environment & utilities.
I want all feedback good or bad to keep this a realistic as possible.
And yes i can program quite well, as can my colleagues.
IF this comes into fruition it will be a community project and the idea is to have a very very low cost product with all the features you need/want.
SO Shoot !!
[RESERVED] - Further details.
*Mods: if this is posted in the wrong place I apologize, couldn't find a more suitable forum.
Hello XDA,
My client, which is a company based in NYC is looking for a serious developer to help create their own "closed OS" (think Amazon.. etc).
Knowing how many insanely amazing devs are on XDA I figured i'll give it a shot
Please see the ad below:
We are looking to design a company only closed system tablet.
The tablet will be used by our employees and should be restricted to company specific apps.
Users will have no access to the full options / settings of the system, will not be able to install anything.. etc.
The system we are looking for:
• Closed OS system that will only run specific apps. Users should have no access to well.. anything but the apps we need on it. (think Amazon tablets).
• Ability to push updates and notifications.
• Ability to remote manage the device.
• Multiple interfaces (2 to start with) – based on the login.
• We are open to device suggestions, whatever will make development easier. 8-10”.
The person we are looking for:
• Local - We are based in NYC (Manhattan) and would like someone that we can work face to face with.
• Professional and knowledgeable – You need to know the Android system inside out, or at least well enough to strip / adjust features as needed.
• Have time – We need someone who can dedicate the time needed, when needed (within reason of course). Would like to have an alpha version ready within 2-3 months (again, if possible).
• Must be allowed to work in the U.S.
You will be required to sign an NDA and non-compete during the first meeting.
Interested ?
Shoot me a PM with a little info about yourself and an email you can be reached.
And please, serious inquires only, this is a paid project which will be on going for a long time if it works out.
Thanks everyone!
Hello everyone,
We're trying to create a new open-source app distribution platform named Spheris, using blockchain technology. We are really interested in your thoughts – both devs and users. We're also open for possible collabs for those who are interested.
We’re utilizing Ethereum’s blockchain technology to build Spheris as a decentralized platform. This makes a lot of cool things possible:
No registration and transaction fees, as opposed to traditional app marketplaces who charge up to $100 for registration and 30% per each transaction. No technical restrictions or censorship. Optional anonymity. Forget about the need for credit card companies or banks – you will be able to buy and sell apps using our digital currency (Spheris tokens), with the option to exchange for other digital currencies (such as Ethereum or Bitcoin).
Customers will be able to purchase apps without going through registration and without credit cards. We’re also trying to accommodate devs whose apps have been removed from Google Play for questionable reasons.
Your Feedback = Extremely Important
We are in the early process of gathering valuable feedback from devs, and see if this is a platform that devs would like to be on. For users – do you guys see this as a platform you would buy apps from? Would love to start a discussion! For devs - have you had bad experiences with app stores (de-listing, ranking issues, not being accepted etc)? Does the concept of decentralization sound like something you might want to be a part of?
If you need more info, have a look at spheris.io or just ask me here.
Your questions and feedback are much appreciated,
Thanks
PS - apologies if this isn't the right forum for this topic!
Hi everyone,
Here is a little history first. In 2014 I helped develop a traffic counting app for an engineering buddy. I designed the UI's, the flow charts and wrote the 275-page illustrated, developers manual. The developer had it working in less than 6 weeks, thanks to, as he said, "to the awesome documentation provided". The app has been in use since then and has worked flawlessly on the original 24 tablets I originally purchased for him.
Recently, we have been asked to bring the app to a wider audience so, my question is, "Is there a way to prepare an image of the Android OS containing only the setup we need, and then clone it to the new tablets?" The app is designed as engineering tool and is not listed through Google Play and as such, it does not require most of the bloatware found on the new tablets. The app does require the use of photos, some file management along with network connectivity to send and receive the various data files required and produced by the app.
I have limited experience in rooting, but I have been successful when I done it on my Samsung phones.
As a certified Graphics Designer/Windows and Mac tech/COVID-19 survivor (nearly killed me, literally...LOL), I am aware of the amount of work that goes into aiding people with their "little" projects. Any help or direction in this matter would be deeply appreciated.