11:37 AM

Carrier IQ On Your Android? 3 Apps With Answers

In the wake of the Carrier IQ controversy, Android hackers and security companies offer tools to detect and remove the tracking software.

10 Worst Android Apps
10 Worst Android Apps
(click image for larger view and for slideshow)
For people who don't want their Android smartphones to be tracked by Carrier IQ's software--if it's present on their devices--is there an easy way to deactivate or remove the software?

Unfortunately, as deployed by carriers, Carrier IQ's software is typically hidden on smartphones, and can't be deactivated or removed, except by advanced users. But everyone from consumers and legislators to network administrators and privacy advocates have been demanding that carriers and manufacturers offer smartphone users the ability to opt out of such data collection.

"The reason this is becoming an issue is simply because there is no opt-out option," said Tim Schofield, a member of Android Creative Syndicate, via email. Furthermore, there's no easy way to remove the software. In fact, the only known techniques are "to flash a custom ROM (such as Syndicate ROM Frozen) or flash one of k0nane's noCIQ mods (which always get built into other ROMs)," he said. (Syndicate ROM Frozen works on Samsung Epic smartphones.)

"My noCIQ series of mods are designed to work for anyone with a rooted device, and a deodexed ROM (stock or otherwise)," said the security researcher with the handle "k0nane," in an interview. "Mods are available for Epic 4G, Epic Touch, and SGS2 Skyrocket, though a new version for Skyrocket is in the works, and a new version for the latest Epic Touch update will be released soon. I do not supply mods for non-Samsung devices, or for devices which do not require edits to the system framework (thus allowing a more simple removal)," said k0nane.

K0nane's mods require first installing Clockwork Mod, which is a free tool for flashing the Android ROM, among other tasks.

[ How much of a threat is CarrierIQ, really? See Carrier IQ: Just A Little Evil? ]

Of course, less advanced users may not want to flash their ROMs. Likewise, owners of smartphones for which custom ROMs haven't been developed don't have any Carrier-IQ-eradication options. In those cases, Android smartphone owners will only be able to detect the Carrier IQ software. Look to these three tools--all free--to help.

1. Voodoo Carrier IQ detector. Created by software developer Francois Simond (aka supercurio), this app from the Android Market had been installed 158,067 times as of Friday, was actively running on 93,266, and by Wednesday had racked up a rating of 4.8 out of 5, based on more than 2,500 reviews. The software works on Android 2.1 and newer, and continues to be developed to detect Carrier IQ on more types of handsets. Simond--the driving force behind Project Voodoo, which provides enhancements for Galaxy S smartphones--may create a reporting feature so that people can publicly report what they've found, based on their make and model of phone as well as carrier. As with all detectors, however, the software won't remove Carrier IQ's software. For that, said Simond in the release notes, "Call your carrier."

2. Carrier IQ Detector. Built by mobile security software vendor Lookout Labs, this app--also available on the Android Market, will detect some installations of Carrier IQ on Android 1.5 and later, and has received strong reviews. To date it's been installed on at least 100,000 handsets.

3. Bitdefender Carrier IQ Finder. Also available from the Android Market, this app runs on Android 2.1 and later, has been installed over 10,000 times, and likewise garnered strong reviews.

Which detector should you use? Security researcher k0nane, who originally publicized the fact that Carrier IQ's software was running on handsets and then developed tools to help remove the software, has recommended the Voodoo detector. "Lookout and Bitdefender's apps provide semi-accurate results, but do not give any details, do not include a 'not active' option"--meaning the Carrier IQ software is present, but not currently running--"and are not open source," he said.

In addition, he noted that the Voodoo Carrier IQ detector doesn't include any advertising or user tracking, unlike Lookout's software, which uses Google Analytics. Furthermore, the Voodoo software "will be compatible with various CIQ removal mods, including my own, going forward," he said.

"As far as I know, no members of either company have reached out to the community to handle cases of CIQ removal mods," he said, referring to the software from Lookout and Bitdefender.

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-02-27
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

Published: 2015-02-27
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

Published: 2015-02-27
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Published: 2015-02-27
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.