Carrier IQ, Your Android Might Record Your Activities

If you have never heard about Carrier IQ before you can rest assured that you are not the only one. Security researcher Trevor Eckhart published a research paper on Carrier IQ, a software that he discovered running on his HTC Android device, in mid November. Lets start at the beginning, and with a simple question: What is Carrier IQ.

Carrier IQ is a software that runs on more than 140 million mobile phones (according to information on the Carrier IQ website). It is a monitoring software that can track user activities and data, including their personal information, locations, network communications, phone calls, messages and a lot more.

A few aspects make the software especially suspicious from a consumer perspective. Carrier IQ is not listed as a running application on the phone. The software furthermore cannot be stopped or deactivated on standard phones.

The Carrier IQ company stated that the Carrier IQ software “delivers Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers”.

How can you find out if Carrier IQ is running on your phone?

It’s almost impossible for users to find off switches, user interfaces, policies, or references to IQRD anywhere on the phone. Using standard functionality, the only place you can see that the application is installed on the phone is in Menu -> Settings -> Manage Applications -> All, then scroll down to IQRD. This application has a non-descript icon and offers no information about itself. Even on old devices, IQRD runs continuously because it’s set to start automatically at boot. The only option you have to stop the application is to select “force stop”—which does nothing. The application continues to run.

The only option to remove Carrier IQ is to root the phone:

The only choice we have to “opt out” of this data collection is to root our devices because every part of the multi-headed CIQ application is embedded into low-level, locked regions of the phones. Even if you unlock your device and remove the base application with a sophisticated removal method, neutered, leftover code called from other applications will likely throw an error each time an old action is triggered.

It’s almost impossible to fully remove Carrier IQ. The browser is modified to send to Carrier IQ daemon, as is almost everything else. The application is so deeply embedded in our devices that a user must rebuild the whole device (system.img and boot.img) directly from source code to remove every part of CIQ.

Eckhart only looked at Android devices, but it is likely that other phone manufacturers are also making use of Carrier IQ.

I suggest you take a look at the YouTube video that is a live demonstration of the Carrier IQ software by the security researcher himself.

I suggest you read the two detailed articles (What is Carrier IQ? and CarrierIQ Part 2 for a deeper understanding of the situation. (via)

No comments