Risk
12/7/2011
11:37 AM
50%
50%

Carrier IQ On Your Android? 3 Apps With Answers

In the wake of the Carrier IQ controversy, Android hackers and security companies offer tools to detect and remove the tracking software.

10 Worst Android Apps
10 Worst Android Apps
(click image for larger view and for slideshow)
For people who don't want their Android smartphones to be tracked by Carrier IQ's software--if it's present on their devices--is there an easy way to deactivate or remove the software?

Unfortunately, as deployed by carriers, Carrier IQ's software is typically hidden on smartphones, and can't be deactivated or removed, except by advanced users. But everyone from consumers and legislators to network administrators and privacy advocates have been demanding that carriers and manufacturers offer smartphone users the ability to opt out of such data collection.

"The reason this is becoming an issue is simply because there is no opt-out option," said Tim Schofield, a member of Android Creative Syndicate, via email. Furthermore, there's no easy way to remove the software. In fact, the only known techniques are "to flash a custom ROM (such as Syndicate ROM Frozen) or flash one of k0nane's noCIQ mods (which always get built into other ROMs)," he said. (Syndicate ROM Frozen works on Samsung Epic smartphones.)

"My noCIQ series of mods are designed to work for anyone with a rooted device, and a deodexed ROM (stock or otherwise)," said the security researcher with the handle "k0nane," in an interview. "Mods are available for Epic 4G, Epic Touch, and SGS2 Skyrocket, though a new version for Skyrocket is in the works, and a new version for the latest Epic Touch update will be released soon. I do not supply mods for non-Samsung devices, or for devices which do not require edits to the system framework (thus allowing a more simple removal)," said k0nane.

K0nane's mods require first installing Clockwork Mod, which is a free tool for flashing the Android ROM, among other tasks.

[ How much of a threat is CarrierIQ, really? See Carrier IQ: Just A Little Evil? ]

Of course, less advanced users may not want to flash their ROMs. Likewise, owners of smartphones for which custom ROMs haven't been developed don't have any Carrier-IQ-eradication options. In those cases, Android smartphone owners will only be able to detect the Carrier IQ software. Look to these three tools--all free--to help.

1. Voodoo Carrier IQ detector. Created by software developer Francois Simond (aka supercurio), this app from the Android Market had been installed 158,067 times as of Friday, was actively running on 93,266, and by Wednesday had racked up a rating of 4.8 out of 5, based on more than 2,500 reviews. The software works on Android 2.1 and newer, and continues to be developed to detect Carrier IQ on more types of handsets. Simond--the driving force behind Project Voodoo, which provides enhancements for Galaxy S smartphones--may create a reporting feature so that people can publicly report what they've found, based on their make and model of phone as well as carrier. As with all detectors, however, the software won't remove Carrier IQ's software. For that, said Simond in the release notes, "Call your carrier."

2. Carrier IQ Detector. Built by mobile security software vendor Lookout Labs, this app--also available on the Android Market, will detect some installations of Carrier IQ on Android 1.5 and later, and has received strong reviews. To date it's been installed on at least 100,000 handsets.

3. Bitdefender Carrier IQ Finder. Also available from the Android Market, this app runs on Android 2.1 and later, has been installed over 10,000 times, and likewise garnered strong reviews.

Which detector should you use? Security researcher k0nane, who originally publicized the fact that Carrier IQ's software was running on handsets and then developed tools to help remove the software, has recommended the Voodoo detector. "Lookout and Bitdefender's apps provide semi-accurate results, but do not give any details, do not include a 'not active' option"--meaning the Carrier IQ software is present, but not currently running--"and are not open source," he said.

In addition, he noted that the Voodoo Carrier IQ detector doesn't include any advertising or user tracking, unlike Lookout's software, which uses Google Analytics. Furthermore, the Voodoo software "will be compatible with various CIQ removal mods, including my own, going forward," he said.

"As far as I know, no members of either company have reached out to the community to handle cases of CIQ removal mods," he said, referring to the software from Lookout and Bitdefender.

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6228
Published: 2014-12-28
Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split ...

CVE-2014-6229
Published: 2014-12-28
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string,...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.