Blog

What is Carrier IQ? Why is it a threat? And how to get rid of it?

December 4, 2011 at 10:12 pm

- Owaeis N. contributed to this story

If you’re one of the millions of Android users concerned about Carrier IQ, we have some tips for checking your device for its presence, and removing it.  But what is carrier IQ, and why should you be concerned?  Let’s take a look.

What is Carrier IQ:

If you’ve read the internet the last couple of days, you’ve no doubt heard of Carrier IQ.  Carrier IQ is a software designed to help service providers and device manufacturers identify and diagnose quality issues on your smartphone, such as battery life and dropped calls.  The software collects data to analyze service and device quality, and transmits that data back to carriers and device makers.

The controversy over carrier IQ began when a 25-year old security researcher named Trevor Eckhart published some details of his research, showing how Carrier IQ can be easily tweaked to track and log information on iPhones, Android phones, and Blackberry phones.  He described it as a keylogging rootkit that is hard to detect, hard to remove, and runs by default on many modern smartphones without the user’s knowledge. Aside from service-related issues, the software can also track a user’s location, app usage, web browsing, videos watched, read text messages, and even log keystrokes.  The software runs on startup, and can be triggered to send data to carriers and manufacturers when certain conditions are met.

Sprint and AT&T have both admitted that their devices use Carrier IQ software, but that it is used only within the boundaries of their privacy statements, and only record quality and service-related data.  They did not disclose which devices run the software, though.  HTC and Samsung have also admitted that some of their devices come with the software installed, but only at the request of the carrier. Verizon, RIM, and Nokia have denied that any of their devices use the software.  As we speak, Carrier IQ’s website claims to have their spying tool deployed on 141,361,600 handsets! Apple has also stated that some of their devices did use Carrier IQ, but iOS 5 stopped supporting it otherwise you could disable it easily from the settings app.

Why is Carrier IQ a threat to your privacy?

Each and every move of yours is being recorded and sent to the carrier and/or manufacturer of your phone without your knowledge which is not limited to crash reports, rather includes each and everything you type on your smartphone, your location, your browsing history – even if you delete it – and your text messages in plain text. If you’ve not jumped off your couch yet, let me make it clear that it is almost a fact that your carrier knows your gmail password, your credit card details, your wife’s email address and possibly the email addresses of your kids along with the relevant passwords (if they ever used your phone to check their email or have smartphones themselves), has access to your personal photos you took with your wife when you were on a trip to Hawaii, your facebook ID, your wife’s and possibly children’s facebook ID along with the passwords. On top of that they always know where you are and where you have been even when you don’t share your location on Google latitude, FourSquare, twitter or don’t even use maps!! Just blend it with all of your text messages and viola, anybody having access to this data – either it be govt, CIA, your carrier or a random guy at the carrier’s – knows about you more than your beloved parents, more than your kids, more than your wife, even more than your own self. To make the story a little more scary I recall Julian Assange’s statement in which he said a few months back:

“[Facebook is the] most appalling spying machine that has ever been invented”

“Facebook, Google, Yahoo, all these major U.S. organizations have built-in interfaces for US intelligence” (to track anybody without their knowledge!).

The story is more saucy than one would ever imagine as Sprint is known to have supplied your location information to cops 8 million times!

Checking for, and removing Carrier IQ on Android

If you simply want to check if your device is running Carrier IQ, there is a new app available to do that.  Head to your market and download Voodoo Carrier IQ Detector.  The app is still in beta, and thus is admittedly not completely accurate.  However, it should give you some idea as to whether you are exposed to Carrier IQ or not.  As for removing it, if it is present, read on.

Rootzwiki developer Krylon360 has been delving into the Carrier IQ problem for Android devices, and while doing some work on a new ROM for the Samsung Galaxy S 4G, he’s come across the location of Carrier IQ.

“While I was working on a new ROM, I found something that has been a heated discussion this past week. I was able to locate where CIQ is coded into the frameworks”.

Using the following method will require some work around, as well as editing of some files on your device.  Any troubleshooting or questions about this method should be directed to the original thread, where the developer can answer your questions.  gggadgets.com is not responsible for any damage you might cause to your device by choosing to undertake this method. We recommend you to read our publishing policy before proceeding.

What You’ll Need

Step-by-Step Guide

Pull the following files from your phone:
/system/framework/android.policy.jar
/system/framework/framework.jar
/system/framework/framework-res.apk
Once you have all the files and have downloaded installed the programs listed above, follow these steps:
  • Take framework-res.apk, and place it into the apkmanager/place-apks-here-for-modding/
  • Open up Script.bat
  • Choose Option 22 and then select the number for framework-res.apk
  • Choose option 9 to decompile.
Once decompiled navigate to /apkmanager/projects/framework-res.apk/ Open AndroidManifest.xml in either Notepad++ or BlueFish and scroll all the way to the bottom. You should see this:

Rootzwiki image

This is all of the CIQ references within the framework-res.apk file. Next we will move onto the Jar files.

Take the smali and backsmali files you downloaded (you might need to rename them to remove the version number. they should just be called “smali” and “baksmali”) and place them into your sdk/tools directory

  • Next, open the android.policy.jar file in 7zip or winzip, and move the classes.dex into your sdk/tools dir.
  • Open Terminal or the cmd prompt, and navigate to your sdk/tools dir.
  • Run the following command. To make it easier, you can change the directory name it is extracting to.

java -jar baksmali.jar -o AndroidPolicy/ classes.dex

This will extract the smali files.

You will then want to navigate to sdk\tools\AndroidPolicy\com\android\internal\policy\impl

What you are looking for are the following files:

  • IQHandlerThread.smali
  • IQHandlerThread$1.smali
  • IQHandlerThread$2.smali
  • IQHandlerThread$3.smali
They will look like this:

Rootzwiki Image

Next, we are going to extract framework.jar by doing the same thing we did for android.policy.jar, opening the jar in 7zip, moving it to sdk/tools folder, and running this command:

java -jar baksmali.jar -o Framework/ classes.dex

Then, you will want to navigate to this directory:

Framework\com\carrieriq\iqagent\service\receivers\

You will see this file:

Rootzwiki image

The developer notes:

Now, I haven’t fully tested yet, but it’s very possible you can remove all of the references I have just showed you. I will test that either tonight, or this weekend.

If you do decide to test by removing the refs, you will need to recompile everything after you have removed it.

This should remove any references to Carrier IQ on your device.  Again, if you have any questions on any of these steps, they should be posted on the original thread.  This way the people who actually created this method can help you directly.

To subscribe, like us on Facebook