Risk
12/7/2011
11:37 AM
Connect Directly
RSS
E-Mail
50%
50%

Carrier IQ On Your Android? 3 Apps With Answers

In the wake of the Carrier IQ controversy, Android hackers and security companies offer tools to detect and remove the tracking software.

10 Worst Android Apps
10 Worst Android Apps
(click image for larger view and for slideshow)
For people who don't want their Android smartphones to be tracked by Carrier IQ's software--if it's present on their devices--is there an easy way to deactivate or remove the software?

Unfortunately, as deployed by carriers, Carrier IQ's software is typically hidden on smartphones, and can't be deactivated or removed, except by advanced users. But everyone from consumers and legislators to network administrators and privacy advocates have been demanding that carriers and manufacturers offer smartphone users the ability to opt out of such data collection.

"The reason this is becoming an issue is simply because there is no opt-out option," said Tim Schofield, a member of Android Creative Syndicate, via email. Furthermore, there's no easy way to remove the software. In fact, the only known techniques are "to flash a custom ROM (such as Syndicate ROM Frozen) or flash one of k0nane's noCIQ mods (which always get built into other ROMs)," he said. (Syndicate ROM Frozen works on Samsung Epic smartphones.)

"My noCIQ series of mods are designed to work for anyone with a rooted device, and a deodexed ROM (stock or otherwise)," said the security researcher with the handle "k0nane," in an interview. "Mods are available for Epic 4G, Epic Touch, and SGS2 Skyrocket, though a new version for Skyrocket is in the works, and a new version for the latest Epic Touch update will be released soon. I do not supply mods for non-Samsung devices, or for devices which do not require edits to the system framework (thus allowing a more simple removal)," said k0nane.

K0nane's mods require first installing Clockwork Mod, which is a free tool for flashing the Android ROM, among other tasks.

[ How much of a threat is CarrierIQ, really? See Carrier IQ: Just A Little Evil? ]

Of course, less advanced users may not want to flash their ROMs. Likewise, owners of smartphones for which custom ROMs haven't been developed don't have any Carrier-IQ-eradication options. In those cases, Android smartphone owners will only be able to detect the Carrier IQ software. Look to these three tools--all free--to help.

1. Voodoo Carrier IQ detector. Created by software developer Francois Simond (aka supercurio), this app from the Android Market had been installed 158,067 times as of Friday, was actively running on 93,266, and by Wednesday had racked up a rating of 4.8 out of 5, based on more than 2,500 reviews. The software works on Android 2.1 and newer, and continues to be developed to detect Carrier IQ on more types of handsets. Simond--the driving force behind Project Voodoo, which provides enhancements for Galaxy S smartphones--may create a reporting feature so that people can publicly report what they've found, based on their make and model of phone as well as carrier. As with all detectors, however, the software won't remove Carrier IQ's software. For that, said Simond in the release notes, "Call your carrier."

2. Carrier IQ Detector. Built by mobile security software vendor Lookout Labs, this app--also available on the Android Market, will detect some installations of Carrier IQ on Android 1.5 and later, and has received strong reviews. To date it's been installed on at least 100,000 handsets.

3. Bitdefender Carrier IQ Finder. Also available from the Android Market, this app runs on Android 2.1 and later, has been installed over 10,000 times, and likewise garnered strong reviews.

Which detector should you use? Security researcher k0nane, who originally publicized the fact that Carrier IQ's software was running on handsets and then developed tools to help remove the software, has recommended the Voodoo detector. "Lookout and Bitdefender's apps provide semi-accurate results, but do not give any details, do not include a 'not active' option"--meaning the Carrier IQ software is present, but not currently running--"and are not open source," he said.

In addition, he noted that the Voodoo Carrier IQ detector doesn't include any advertising or user tracking, unlike Lookout's software, which uses Google Analytics. Furthermore, the Voodoo software "will be compatible with various CIQ removal mods, including my own, going forward," he said.

"As far as I know, no members of either company have reached out to the community to handle cases of CIQ removal mods," he said, referring to the software from Lookout and Bitdefender.

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0985
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

CVE-2014-0986
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

CVE-2014-0987
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

CVE-2014-0988
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

CVE-2014-0989
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

Best of the Web
Dark Reading Radio