January 26, 2012 By: liwen
Sprint has said that it will remove Carrier IQ on all of its devices, and is continuing to make good on that promise with the latest OTA update targeting the Samsung Epic 4G Touch, Sprint’s own version of the Galaxy S II. The new update has the version S:D710.0.5S.EL29 with the following changelog:
Of course, “security update” is corporate doublespeak for “Carrier IQ removed”. The update will roll out in the next 10 days, by which all eligible devices should have gotten it.
If you experience any issues or have something else to share, join the discussion in the forum thread.
January 21, 2012 By: liwen
Last week, owners of the HTC EVO 3D began to receive an OTA update that, most notably, removed Carrier IQ. As Sprint has later confirmed, it is indeed looking to remove the tracking software from all its handsets, and has now begun to push out further updates for the HTC EVO 4G, EVO Design 4G and Samsung Epic 4G.
Besides removing Carrier IQ, the HTC devices are also getting updated Peep clients for Twitter and improvements to the battery life. For the Epic 4G there’s a speaker feedback fix, and some apps are no longer preinstalled, instead pointing to the Android Market. As usual with such updates, they are rolling out gradually. The HTC devices will receive automatic notifications starting on the 24th, or you can manually check right now, while the Epic’s update is being pushed in stages till the 29th, at which time all devices will have received the update.
For detailed changelogs, see Sprint’s support forums (1, 2, 3). To share your experience with the updates, visit the thread for the EVO or the thread for the Epic. If you like it rooted or deodexed for the EVO 4G, visit this thread.
The Electronic Frontier Foundation is hard at work on the Carrier IQ issue. EFF volunteer Jered Wierzbicki reverse-engineered the Carrier IQ Profile file format from WBXML to human-readable XML. (A Profile is a set of instructions telling IQ Agent on your phone what information to collect, and when to send it back to Carrier IQ.)
He then created IQIQ–a clever title, providing a watching-the-Watchmen sort of commentary–to allow anyone to decode the Carrier IQ Profile active on their phone. The EFF hopes to create a Carrier IQ Profile database to force transparency when it comes to information collected from mobile devices.
In order to get the Profile from your phone, you need root, and you have to find it first. So open a terminal and type
adb busybox find / -iname “*.pro”
When you find a file named something like IQProfile.pro, CIQProfile.pro, or defaultprofile.pro, type
adb pull /full/path/to/profile.pro .
T-Mobile customers may have to use a second method to get their Profile, typing this in the terminal:
adb pull /data/data/com.carrieriq.tmobile/app_iq_archive/archive.img
Note the warning EFF gave us:
Please be warned that sensitive data could be in this archive.img file such as URLs, IMEI, SMS metadata, etc. EFF will always do its best to keep archive.img files confidential, but please DO NOT send them if there may be any private information on the handset you are working with.
Then, follow the instructions from EFF to submit it for the Profile database.
Please send us 1) a copy of the Profile, 2) which phone and network it was from, and 3) where on the phone’s file system you found it. You can send us this information in an email at email@example.com or in a git remote we can pull from.
December 14, the deadline Senator Al Franken gave to answer his questions about Carrier IQ, came and went. Now the responses are public. Franken also questioned FBI director Robert Mueller in the Senate Judiciary Committee about the FBI’s collection of information specifically obtained from Carrier IQ’s software. Thankfully, Franken was not satisfied by the answers he received in either inquiry. From Franken’s press release, which includes companies’ responses,
“I appreciate the responses I received, but I’m still very troubled by what’s going on,” said Sen. Franken. “People have a fundamental right to control their private information. After reading the companies’ responses, I’m still concerned that this right is not being respected. The average user of any device equipped with Carrier IQ software has no way of knowing that this software is running, what information it is getting, and who it is giving it to—and that’s a problem.”
There’s a big problem of specificity in how the media reported Trevor Eckhart’s (XDA Recognized Developer, TrevE’s) research. And now, anyone who wants the issue minimized is exploiting that lack of specification of what people mean when they say “Carrier IQ” to avoid saying anything damning. For example, look for the clarity in Mueller’s initial response, where the FBI “neither sought nor obtained any information from Carrier IQ”–the company–in this video:
When Franken pressed on, trying to clarify the question, it was abundantly obvious how unpracticed Mueller was at using “Carrier IQ“ to mean the software. Of course, the assertion that the FBI never sought information from Carrier IQ, the company, isn’t true. Andrew Coward, Carrier IQ’s VP of Marketing, told The Associated Press that the FBI is the only law enforcement agency to contact them for data. It’s a discrepancy that will probably be excused by the semantic ambiguities of “sought”.
The EFF posted an article about the lack of clarity in reporting about Carrier IQ, identifying four different meanings of “Carrier IQ”. It should be standard reading for anyone making inquiries into the Carrier IQ issue. I personally feel that Carrier IQ themselves are responsible for much of the confusion. Instead of giving words like “IQ Agent”, which is their software’s name, they gave words like “metrics” and “profile”, which require a working understanding of their software. Eyes glaze over as people read technical explanations, and they give up, deciding to just say, “Carrier IQ”.
Responsibility is perpetually deferred using this ambiguity. Carrier IQ says the data belongs to the carriers. The carriers have the software installed by the manufacturers. The manufacturers say they’re simply following instructions from the carriers. The carriers say the data is aggregated by Carrier IQ. Carrier IQ says they send the data to the carriers. Nobody shares the information with anyone else. And the FBI never sought or obtained information from Carrier IQ. Except they did. And they didn’t. Maybe.
Examine Sprint’s response to Franken’s seventh question, “Has your company disclosed this data to federal or state law enforcement?”
Sprint has not disclosed Carrier IQ data to federal or state law enforcement.
The ambiguity even here is dangerous. Does this response mean they don’t share data collected by the software on individual phones? Does it mean they don’t share the aggregated data from Carrier IQ, the company? Does it mean they don’t share the kind of data collected by IQ Agent? Does it mean they don’t tell law enforcement what they know about Carrier IQ, the company?
Franken has every reason to be dissatisfied with these answers. I implore members of the media and their readers to do their part in clarifying the issue in their articles, and by demanding clarifications in their interviews.
December 15, 2011 By: Will Verduzco
Assuming you haven’t been living in a cave the last few months, you’ve heard about Carrier IQ—a baked-in software package that Google CEO Eric Schmidt publicly labeled a key-logger. Thanks to the diligent work of XDA Recognized Developer TrevE, we’ve brought to light some of the issues surrounding the software package several times in the past.
Luckily for us, it now seems as if OEMs and carriers are starting to understand that WE DON’T LIKE IT! Enter the EL13 leaked firmware for the Samsung Epic 4G Touch on Sprint. Using XDA Recognized Developer supercurio‘s Voodoo detector app, fellow forum member Calkulin has verified that the leaked build is indeed Carrier IQ free!
Biggest difference I see so far doing a comparison, is no CIQ libs are included anymore, so either Samsung pulled CIQ from it or hide it even more. I’ll run the detector apps to see here shortly to verify
EDIT: Seems Samsung & Sprint listened, no CIQ in this ROM
Rather than just hiding the libraries, the update seems to do away with CIQ altogether. However, let’s not get our hopes up too high just yet. While you can install EL13 on your own device, the build is still technically leaked. Furthermore, we have not a clue as to when (or even if) it will be officially released. That said, it’s mere presence shows that someone, somewhere out there is actually listening to the customers. Bravo. Now just push it out to all CIQ-ridden devices ASAP!
If you’re interested in giving this a shot on your own device, be sure to head to the original thread.
Carrier IQ released a 19-page document explaining their software, how it’s used, and how it protects the data it collects. Much of it we already heard, but now with more thorough detail. Click here to listen to this article.
After describing the basics of Carrier IQ and how it’s implemented–a section which points a finger squarely at the manufacturers and carriers–the document addresses specific questions people asked since the issue blew up in the media. They begin by answering Trevor Eckhart’s (XDA Recognized Developer, TrevE) video that shows IQ Agent listening to keystrokes.
We cannot comment on all handset manufacturer implementations of Android. Our investigation of Trevor Eckhart’s video indicates that location, key presses, SMS and other information appears in log files as a result of debug messages from pre-production handset manufacturer software. Specifically it appears that the handset manufacturer software’s debug capabilities remained “switched on” in devices sold to consumers… The IQ Agent does not use the Android log files to acquire or output metrics.
But they recognize the danger of that information sitting in Android logs, and recommend that manufacturers and carriers turn off debugging to keep those logs hidden. Then, they claim to have found a bug during their investigation that actually sends encrypted SMS texts, but they promise that they don’t unencrypt those messages.
Carrier IQ has discovered that, due to this bug, in some unique circumstances, such as a when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the layer 3 signaling traffic that is collected by the IQ Agent.
They then explain that web URLs are collected at the behest of the carrier, as they say, to diagnose Internet browsing issues. All of this information is stored on your device until it is uploaded, which “is typically [every] 24 hours.” They do not provide the complete range of intervals their software is capable of setting in a profile. However, the upload can be manually triggered, either by entering a keycode or by remote control, with commands sent in SMS texts. According to TrevE, these texts are hidden from the user.
Lastly, the report addresses its collection of location data. They explain the intended use of the information, but do not explain the criteria for location collection. That is, we don’t know the intervals at which your GPS location is recorded, and if the software on the phone determines whether to send only some of those locations. This is important because the FBI may have excessively pinged information collected by Carrier IQ’s software, without warrant, to track the locations of individuals.
In fact, MuckRock News, a website that helps people request information from the FBI, reported that their FOIA request for reports on Carrier IQ was denied. The reason given is that release of that information would compromise an ongoing investigation. Either they are still using that information, investigating Carrier IQ, or both. The denial itself is confirmation that the FBI has such documents.
Personally, I wouldn’t be surprised if they launch an investigation of Carrier IQ in order to buy some time before admitting their use of the data. As far as Carrier IQ is concerned, I appreciate the explanation of your software’s intended use, but what we want to know, all of our concerns, require the full disclosure its actual use.
Over the last week, Carrier IQ received quite a lot of attention. First, TrevE was served a Cease and Desist letter from Carrier IQ, including a prepared statement they insisted TrevE release on his website, denouncing his work. The Electronic Frontier Foundation responded on TrevE’s behalf, calling the C&D a violation of constitutional rights, and malicious. Carrier IQ apologized, calling the C&D, “misguided,” but made a statement denying many of the allegations.
Then TrevE released a video proving that every single allegation that Carrier IQ denied their software was capable of doing, their software actually does. And apparently not even the mighty iPhone is free of Carrier IQ data mining.
In the last few days, pieces of the story made their way to The New York Times, Wall Street Journal, Washington Post, Forbes, Huffington Post, CNN, MSNBC, Fox News, and more–not typically the venues to announce mobile tech news. There’s congressional interest in the matter, with Minnesota Senator Al Franken demanding answers about Carrier IQ by 14 December 2011.
A flood of statements poured in from companies of all sorts, proudly announcing that their products do not use Carrier IQ. Statements from companies that use Carrier IQ are now trickling in, too. Of the statements by companies who admit to using Carrier IQ, all of them include a list of data they do not collect. That may be confusing because they immediately contradict TrevE’s video.
For example, from T-Mobile’s statement, “T-Mobile does not use this diagnostic tool to obtain the content of text, email or voice messages, or the specific destinations of a customers’ internet activity, nor is the tool used for marketing purposes.”
From Sprint’s statement, “We do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.”
The contradiction between these statements and the reality of the Carrier IQ software comes from a failure of explanation on the part of the carriers and of Carrier IQ. It may be true that they do not receive that data, but the software most certainly collects it. If their software was unable to collect all this information, it’d be much more plausible that they never receive it. Why create diagnostic software capable of collecting more information than you collect? It makes no sense, and these responses are frankly unbelievable. They’re also astoundingly slimy semantic dodges, if not lies. And if not lies, the burden of proof is on the carriers, and yet to be fulfilled.
We called Sprint Customer Service yesterday to see about getting a contract and a new smartphone, and specifically asked about Carrier IQ. The customer service representative, Jason, assured me that Sprint did not use Carrier IQ.
Now, I believe this is a singular example of ignorance-nearing-idiocy. Sprint obviously, publicly admits they use Carrier IQ’s software. Nothing in itself to pursue. However, it goes far to show just how much of an option we have, here. If a random customer cannot be informed of their contractual obligations because a customer service representative isn’t even informed of those contractual obligations, the It’s-in-the-Terms-of-Service defense does not work.
On top of that, the next step in exposing the depth of evil to which Carrier IQ is used is proving that the only way “law enforcement offers could log into a special Sprint Web portal and, without ever having to demonstrate probable cause to a judge, gain access to geolocation logs detailing where they’ve been and where they are,” is using Carrier IQ. (Source: Sprint fed customer GPS data to cops over 8 million times.)
This article intends to extrapolate the implications of egzthunder1’s article on Carrier IQ, and to comment on the responses by Carrier IQ, HTC, and Sprint, given in Russell Holly’s article on Geek.com.
The point–short, sweet, and at the beginning of the article–is that we do not get to choose whether this information is collected. Or who sees it. Authorized employees only? Marketing and polling firms? Law enforcement? All rhetorical questions, because we don’t know.
To be clear, the “information” I’m talking about are the Android intents logged by Carrier IQ, discovered by TrevE, which include your location, when you open an app and what app you open, what media you play and when you play it, when you receive an SMS, when you receive a call, when your screen turns off or on, and what keys you press in your phone dialer.
Assuming the best, these companies want to know every detail about you so that they can update services to bring you the best products possible. Note, however, that there is no log to show that the best product possible is one in which data about me is not collected.
If this data collection means little to you, think about this: If Google’s vision of Android@Home comes true, these companies will know when you eat, when you sleep, when your house is empty. They will know when you buy food by your refrigerator temperature, when and how you cook that food, and when you wash the dishes. They will know how long you spend in each room of your house, based on when you flip the light switch. And so on. That’s only the uses Google presented at Google I/O 2011.
Nevermind the very real possibility of exploits that would give criminals all this information. And still assuming the best, it’s not that we think Sprint employees would rob us based on all that information. The question is, who needs information like that, anyway? And who needs all the information currently gathered? Nobody with good intentions. While each of these companies may have good intentions, that’s still the impression. It’s also not that I think I, personally, would be incriminated by that data. It’s simply my life. Mine. No company has any excuse for stealing that. No matter the reason.
So I find it interesting that each company’s response blames someone else as an excuse for our data being collected. Carrier IQ says they provide a service that collects data, and what is done with that data is up to the manufacturers and carriers. HTC says they put it on their phones because the carriers tell them to. Sprint says it’s on their phones because we, their customers, obligate them to do so. And if there’s one certainty in any blame game, it’s that blame is used to minimize your own guilt.
Carrier IQ, you sound like J. Robert Oppenheimer on the day Hiroshima was bombed. HTC, if you refused to let it on your phones, you may get less money from carriers, but at least you won’t betray the people who want so desperately to fall in love with your work. (Though, based on your implementation of HTCLogger and TellHTC, I doubt you have the heartstrings to pull.) And Sprint, do not blame us. Not when you don’t give us the option to opt out. We gave you no obligation, because we gave you no permission.
Here is a list of options you have to begin regaining our trust, in order from most to least acceptable:
1) Discontinue automatic data collection and publicly apologize for abusing your customers.
2) Give us full–and I mean full–development access to our devices, including proprietary source codes, so we may offer people the best alternatives to your invasion of privacy.
3) Publicly disclose every single customer you sold our information to, what you sold them, and give us the names and business addresses of every person with access, current or past, to your Carrier IQ Portal.
4) Publicly disclose all the information gathered, in detail, and explain the exact methods used to keep our data anonymous. Oh, and make it anonymous, whether we opt in or not.*
5) Adopt a policy that allows anyone who cites privacy concerns to terminate their contract, no matter how far they are into the contract term, without any fees or payments outside what is owed up to that point.
*This won’t really score any brownie points with us. It’s simply the bare minimum of what you should be doing already, and are not. Don’t bother pointing at the fine print on the service and purchase agreements. I found my grandfather’s magnifying glass to read it. You didn’t list all the information you gather, let alone in detail. Nor did you explain your methods for keeping the information anonymous. And based on the training manuals downloaded from the Carrier IQ site, “anonymous” simply isn’t the word for it. Not even you should know whose data it is.
I was thinking about the HTC Rezound today. I do that sometimes–sit down and let my thoughts wander. I thought about its three-way fight within Verizon against the Samsung Galaxy Nexus and Motorola Droid RAZR, and how it will fare this Christmas season. I also thought about TrevE’s work on HTC’s astounding Carrier IQ screw-up. And I came up with a target market based on privacy and security to whom no manufacturer has managed to sell phones yet: the hopeless-paranoid.
See, on one extreme, there’s the non-paranoid. These people either think they have everything under control or don’t care if they have control. They’re the ones who buy crappy phones on contract. They have no interest in phones, it’s just something they use and could easily afford at the moment.
At the opposite extreme, there’s the empowered-paranoid. These are developers and other early adopters who use independent development. They constantly seek the best phones either because it shouldn’t have the flaws of crappier phones, or because, if it does have problems, they can do something about it and not feel like they’re wasting time developing for sub-par hardware.
If we imagine a square to give a two-dimensional range to my envisioned market, in another corner are the paranoid-curious. These people don’t worry too much, but their brains pump out thoughts often enough that they can at least spare a few to consider the advice of developers and early adopters. That means worrying about privacy and security to some degree. They buy higher-end phones because the empowered-paranoid–who are, again, developers and early adopters–encourage it.
Then there’s the hopeless-paranoid. These people have all the security and privacy concerns of developers, yet feel they have no way to correct it. Which phones do they buy? They don’t. The only thing they know to do when they’re worried about their privacy is to avoid the thing that makes them worry. They aren’t worried about specific security issues–they don’t actually know enough to worry like that. They’re worried about everything. They say things like, “I don’t want people to be able to call me no matter where I am.” We’ve all heard lines like that, and we all know it’s silly. If you don’t want to talk to people at a certain time, turn off your phone. No, they’re worried about more than being so accessible.
Now, you may be asking, is there actually any reason to be paranoid? I guess that depends. I reread some of the articles egzthunder1 wrote covering all TrevE’s amazing work exposing the dirty little secrets of HTC and the carriers. And while he focuses on HTC phones, make no mistake that other manufacturers are doing the same.
So yes, I think paranoia is justified. And thank goodness for all the developers that work so hard to strip Carrier IQ and their ilk from ROMs. To a certain extent, thank goodness for the manufacturers and carriers that openly support development by not locking down devices. To the carriers and manufacturers who try to keep us from developing their devices, let me introduce you to the above four target markets. I suggest you change your minds. To HTC specifically, we see how developer-friendly you’re trying to be, but we see your devotion to carriers like Verizon more. You need to decide that Peter Chou lied and bootloaders will not be unlocked, or you need to stand up for yourselves.
There is a point to all this. As I said, I was thinking about the HTC Rezound, announced last week. And since it’s on Verizon, its bootloaders will probably be locked. That’s a clear move to prevent development. So do something for me: pretend the bootloader can’t be unlocked through exploits. We can’t get S-Off, we can’t get root, no custom bootloader, no custom kernels or custom ROMs. To put it simply, developers can’t develop. All that paranoia and nothing can be done about it.
Which of those four groups of people does that sound like? That’s right. The hopeless-paranoid. The people who don’t buy phones. Except, in this case, they don’t buy your phones. The only difference is, developers influence the buying habits of that large group of paranoid-curious people. The HTC Rezound? Great specs. Too bad the bootloader won’t be unlocked. And doubly too-bad, HTC, that you made the Rezound exclusively for Verizon, the US carrier certain to get the Samsung Galaxy Nexus.
Merry Christmas, HTC. Perhaps you’ll remember us in your New Years resolutions.