Jump to content

The big Carrier IQ Trojan, does any of the Blade ROMs have it(and why does nobody talk about it?)?

Guest Poodha

By Guest Poodha
in ZTE Blade / Libra ROMs & ROM customisation

 Share

Recommended Posts

Guest Poodha

Guest Poodha

Posted
Posted

I believe wbaw removed this from his roms but he said it was everywhere! I havent seen anybody else mention it in the roms they have made but it would be nice to know!

Very interesting. Do you have a link where he comments it? Would like to know more about the details. Did he find out about it before it it spread in the news?

Just read this and it made me MAD!!!

I hope the devs here can remove this from all ROMs.

I'm really surprised at the lack of reaction on the net. Hardly any of the big tech blogs are mentioning it(despite being aware of it) and the ones that do use it as ammo to sling mud on Android as payback for Apple's scandal, when it's not even Android specific or has anything to do with Google.

This should concern ALL people and not disrupt into some silly platform war. The only reason Apple phones aren't hit is cause they don't allow any carrier software on their phones(correct me if I'm wrong).

Where is the outrage? Have people becomes desensitized by FB and other scandals that they don't care about privacy anymore and will let big brother do whatever they want?

Link to comment
Share on other sites
Guest jurrasstoil

Guest jurrasstoil

Posted
Posted (edited)

Checking the apps on my Blade (CM N218) i can't find any application that is running, can't be force stopped and has a ****load of permissions. So, unless it is really well hidden in some way that doesn't make it show up in the All Apps tab, i doubt it is in CM7 as far as i can tell.

Edited by jurrasstoil
Link to comment
Share on other sites
Guest KonstaT

Guest KonstaT

Posted
Posted (edited)

I believe wbaw removed this from his roms but he said it was everywhere! I havent seen anybody else mention it in the roms they have made but it would be nice to know!

I think wbaw meant these lines in init.rc:



# add CIQ agent ZTE_RIL_YYM_20110323 begin

service iqmsd /system/bin/iqmsd

on property:persist.sys.ciq.disable=1

   stop iqmsd

on property:ro.gcftest=1

   stop iqmsd

# add CIQ agent ZTE_RIL_YYM_20110323 end

[/code]

I think he removed those lines and added persist.sys.ciq.disable=1 to build.prop. The thing is that there is no /system/bin/iqmsd in ZTE ROMs to begin with, so there shouldn't be any problem(?).
Edited by KonstaT
Link to comment
Share on other sites
Guest targetbsp

Guest targetbsp

Posted
Posted

I read about it a few days back and to me it didn't sound much different from the google analytics stuff the apps use - just it's for the rom instead.

Link to comment
Share on other sites
Guest swukjay

Guest swukjay

Posted
Posted

I think wbaw meant these lines in init.rc:


# add CIQ agent ZTE_RIL_YYM_20110323 begin

service iqmsd /system/bin/iqmsd

on property:persist.sys.ciq.disable=1

   stop iqmsd

on property:ro.gcftest=1

   stop iqmsd

# add CIQ agent ZTE_RIL_YYM_20110323 end

I think he removed those lines and added persist.sys.ciq.disable=1 to build.prop. The thing is that there is no /system/bin/iqmsd in ZTE ROMs to begin with, so there shouldn't be any problem(?).

Yes you are correct but im sure the app wbaw mentioned had a different name but I cannot think for the life of me what it was but he did definately mention it on stir fry! he said it was everywhere ! I believe it was also mentioned in the other place.. xda :)

Link to comment
Share on other sites
Guest targetbsp

Guest targetbsp

Posted
Posted (edited)

As far as I can tell in Autostarts (with hidden events enabled) there's no comparable events to those listed here: http://androidsecuri...arrieriq-part2/ in CM7 at least. I spose that's not much of a surprise as it's based on Googles source! Can't speak for any other roms.

I see in that article that it records keypresses. I concede that is a bit scary!

Edited by targetbsp
Link to comment
Share on other sites
Guest Poodha

Guest Poodha

Posted
Posted

Well, shameless plug but hey :P

AOSP is pure so if you stick to pure build or CM, you'll have none of that .... :D

Just saying .... ;)

What do you mean with purebuild? ROMs based on what source code?

I'm still running Kallt Kaffes Swedish Spring, do you know if it would be considered pure(haven't had time to check if I got carrier id or not yet)?

Link to comment
Share on other sites
Guest t0mm13b

Guest t0mm13b

Posted
Posted (edited)

What do you mean with purebuild? ROMs based on what source code?

I'm still running Kallt Kaffes Swedish Spring, do you know if it would be considered pure(haven't had time to check if I got carrier id or not yet)?

am talking about ROM based on AOSP source from google I would think :)

Manufacturers load the roms with what I would classify as shovelware/bloatware and its those things that I do not trust on a new handset ... be better off to just root it, flash it, and wipe it, then compile a ROM from AOSP yourself....

Edited by t0mm13b
Link to comment
Share on other sites
Guest TheManicGibbon

Guest TheManicGibbon

Posted
Posted

The only reason Apple phones aren't hit is cause they don't allow any carrier software on their phones(correct me if I'm wrong).

It has just been announced that CarrierIQ has been included on iOS, and is still present in iOS5, but Apple are releasing a patch to remove it and compared to Android, it is easy to turn off.

I read about it a few days back and to me it didn't sound much different from the google analytics stuff the apps use - just it's for the rom instead.

This is not anything like Analytics. Analytics tracks what kind of handsets use your app, screen resolutions, app crash reports and such like. CarrierIQ captures and records EVERYTHING. SMS messages received by your phone are logged by CIQ before they are even shown to the user. Phone numbers are logged. Key presses are recorded (it is basically a key logger that tracks every button push, whether it's the on screen keyboard or one of the hardware buttons on a handset) and perhaps most disturbingly of all, it even captures and logs your inputs and traffic on HTTPS websites - pages that are supposed to be secured and encrypted.

In any other circumstances, CarrierIQ would be considered malware.

Link to comment
Share on other sites
Guest deksman2

Guest deksman2

Posted
Posted

The way I interpreted this entire fiasco around CIQ is that it's predominantly been found on devices that were originally tied to their respective mobile service providers.

As such, mobile networks that branded the phone were the ones responsible for putting ICQ there in the first place, and is probably not located in custom roms such as vanilla Froyo, Gingerbread, etc.

I downloaded the app from the market which supposedly detects this piece of software, and my Blade is clean (according to it).

I'm using Moldovan Mile High latest rom btw.

As I mentioned earlier, Rom builds compiled from non official and official source codes which hadn't been branded by any mobile network are likely clean.

The OS as such probably do NOT come with ICQ integrated.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept