11:37 AM

Carrier IQ On Your Android? 3 Apps With Answers

In the wake of the Carrier IQ controversy, Android hackers and security companies offer tools to detect and remove the tracking software.

10 Worst Android Apps
10 Worst Android Apps
(click image for larger view and for slideshow)
For people who don't want their Android smartphones to be tracked by Carrier IQ's software--if it's present on their devices--is there an easy way to deactivate or remove the software?

Unfortunately, as deployed by carriers, Carrier IQ's software is typically hidden on smartphones, and can't be deactivated or removed, except by advanced users. But everyone from consumers and legislators to network administrators and privacy advocates have been demanding that carriers and manufacturers offer smartphone users the ability to opt out of such data collection.

"The reason this is becoming an issue is simply because there is no opt-out option," said Tim Schofield, a member of Android Creative Syndicate, via email. Furthermore, there's no easy way to remove the software. In fact, the only known techniques are "to flash a custom ROM (such as Syndicate ROM Frozen) or flash one of k0nane's noCIQ mods (which always get built into other ROMs)," he said. (Syndicate ROM Frozen works on Samsung Epic smartphones.)

"My noCIQ series of mods are designed to work for anyone with a rooted device, and a deodexed ROM (stock or otherwise)," said the security researcher with the handle "k0nane," in an interview. "Mods are available for Epic 4G, Epic Touch, and SGS2 Skyrocket, though a new version for Skyrocket is in the works, and a new version for the latest Epic Touch update will be released soon. I do not supply mods for non-Samsung devices, or for devices which do not require edits to the system framework (thus allowing a more simple removal)," said k0nane.

K0nane's mods require first installing Clockwork Mod, which is a free tool for flashing the Android ROM, among other tasks.

[ How much of a threat is CarrierIQ, really? See Carrier IQ: Just A Little Evil? ]

Of course, less advanced users may not want to flash their ROMs. Likewise, owners of smartphones for which custom ROMs haven't been developed don't have any Carrier-IQ-eradication options. In those cases, Android smartphone owners will only be able to detect the Carrier IQ software. Look to these three tools--all free--to help.

1. Voodoo Carrier IQ detector. Created by software developer Francois Simond (aka supercurio), this app from the Android Market had been installed 158,067 times as of Friday, was actively running on 93,266, and by Wednesday had racked up a rating of 4.8 out of 5, based on more than 2,500 reviews. The software works on Android 2.1 and newer, and continues to be developed to detect Carrier IQ on more types of handsets. Simond--the driving force behind Project Voodoo, which provides enhancements for Galaxy S smartphones--may create a reporting feature so that people can publicly report what they've found, based on their make and model of phone as well as carrier. As with all detectors, however, the software won't remove Carrier IQ's software. For that, said Simond in the release notes, "Call your carrier."

2. Carrier IQ Detector. Built by mobile security software vendor Lookout Labs, this app--also available on the Android Market, will detect some installations of Carrier IQ on Android 1.5 and later, and has received strong reviews. To date it's been installed on at least 100,000 handsets.

3. Bitdefender Carrier IQ Finder. Also available from the Android Market, this app runs on Android 2.1 and later, has been installed over 10,000 times, and likewise garnered strong reviews.

Which detector should you use? Security researcher k0nane, who originally publicized the fact that Carrier IQ's software was running on handsets and then developed tools to help remove the software, has recommended the Voodoo detector. "Lookout and Bitdefender's apps provide semi-accurate results, but do not give any details, do not include a 'not active' option"--meaning the Carrier IQ software is present, but not currently running--"and are not open source," he said.

In addition, he noted that the Voodoo Carrier IQ detector doesn't include any advertising or user tracking, unlike Lookout's software, which uses Google Analytics. Furthermore, the Voodoo software "will be compatible with various CIQ removal mods, including my own, going forward," he said.

"As far as I know, no members of either company have reached out to the community to handle cases of CIQ removal mods," he said, referring to the software from Lookout and Bitdefender.

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio