Related
We have all seen this CIQ information in SFR thread and repeated all over the internet on various forums and blog sites.
Code:
What Is Carrier IQ? Why Should We Care?
3/31/2011: Hello, Slashdotters!
Put simply - and bluntly - Carrier IQ is a software package buried deep within Android by Samsung at the behest of Sprint. It has been in active use since the time of the Moment, if not before. The company that develops it, also known as Carrier IQ, bills it as "Mobile Service Intelligence". In their own words,
[T]he combination of the MSIP and IQ Insight lets you move seamlessly from broad trend data across many users, through comparative groups down to diagnostic data from individual devices. Now, not only can you identify trends, you have the power to drill down to specific instances, giving you the insight your specialists need to make a difference.
On its own, that description can vary from harmless, to worrying, depending on how you look at it. It's not until one drills deep down into the system and ferrets out every piece of the software that one truly knows what it contains. As some of you might remember, ACS took the first steps toward disabling the Carrier IQ software with the release of SyndicateROM and Xtreme Kernel 1.0. That, however, didn't even scratch the surface.
Carrier IQ's native libraries are plainly visible - libiq_client.so and libiq_service.so in /system/lib. During every boot, this service is launched - you can see it in Settings > Applications > Running Services as "IQAgent Service". These native libraries are called by non-native (Android application) libraries located in ext.jar (the client) and framework.jar (the service). Removal of these (rather obviously-named) libraries alone, be it the .so files or the libraries in framework or ext, will, obviously, break boot. So I - k0nane - had to dig deeper. To make a long story short, reference to the IQ Service and IQ Client were littered across the deepest portions of the framework, and some of the most basic functions of the Android system as we know it.
Carrier IQ as a platform is designed to collect "metrics" at any scale. What I found it to hook into is far beyond the scope of anything a carrier needs - or should want - to be collecting. Carrier IQ sits in the middle of, and "checks" the data of, SMS and MMS messages. It listens for and receives every battery change notifications. It hooks into every web page you view, and every XML file your device reads. It receives every press of the touch screen. It 'sees' what you type on the physical keyboard. It reads every number you press in the dialer. It can track which applications you use, what 'type' they are, how often, and for how long. It hooks into data sent and received.
.................
What I am asking in this thread is for any specific information about CIQ that Dev's who have worked with it are willing to provide from their personal experience with investigating and removing it. I am also asking Dev's and Forum Members who have come across other articles, threads in other forums, etc, to please provide information with links.
Code:
Provided by chris41g
to be effectively removed you only need to remove it from 4 files. it is referenced elsewhere scattered throughout... but the four main files are
DialerTabActivity.apk
ext.jar
framework.jar
services.jar
then in the kernels initramfs, you have to disable the service in the init.rc
Provided by mkasick
Here's all the files that reference "CIQ", "carrieriq", or "libiq" with instances unrelated to Carrier IQ removed:
/ (initramfs):
- init: /dev/ttyCIQ0 UART, presumably to communicate with radio.
- init.rc: Start iqmsd service if property:service.iq.active=1.
- lib/modules/dpram.ko: Implements ttyCIQ UARTs.
/system:
- app/DialerTabActivity.odex
- app/FactoryTest.odex
- bin/iqmsd
- framework/ext.odex
- framework/framework.odex
- framework/sec_feature.odex
- framework/services.odex
- lib/libiq_client.so
- lib/libiq_service.so
Of these, bin/iqmsd is a purpose-unknown daemon, and libiq_client.so & libiq_service.so the client & service native code. The client & service managed code is implemented in framework/ext.odex & framework/framework.odex respectively.
In addition, the following framework classes reference Carrier IQ in some fashion:
framework/ext.odex:
- org.apache.http.impl.client.DefaultRequestDirector
framework.framework.odex:
- android.inputmethodservice.InputMethodService
- android.net.http.Request
- android.webkit.{BrowserFrame,CallbackProxy,LoadLis tener,WebViewCore}
- com.android.internal.telephony.SMSDispatcher
framework.services.odex:
- com.android.server.BatteryService
- com.android.server.WindowManagerService
- com.android.server.am.UsageStatsService
Finally, libiq_service.so is used exclusively by framework/framework.odex (com.carrieriq.iqagent.client.NativeClient), and libiq_client.so is used by:
- bin/iqmsd
- framework/ext.odex (com.carrieriq.iqagent.service.IQService)
- lib/libopencore_player.so
I am seeking facts, file names, files, information on CIQ in the framework, specifically what files CIQ hooks into, etc. Thank you for taking the time to read this.
I received a response yesterday (June 15, 2011) from a group that has disassembled IQAgent & CarrierIQ.
in response to questions about CIQ's capabilities.
We have actually disassembled IQAgent/carrierIQ and captured its behavior to find exactly what it is sending back to sprint on the samsung optimus phone. The information we found it to collect was basic, such as cell towers, signal strengths, device battery. Nothing alarming on that phone, but Sprint could send a remote update to enable the surveillance features without the owner being aware.
Click to expand...
Click to collapse
Now while the above statement is about the Optimus, I was able to confirm through another source that IQAgent & CarrierIQ collection and transmission capabilities are set the same across all Sprint Android offerings.
During a telephone call with Sprint and in a follow up email Sprint responded to requests for information on Carrier IQ, who was responsible for the installation on Sprint's hardware and asked to directly address concerns over its potentially invasive nature.
the software that is in the Android phones is supplied by Google themselves as well as the manufacturer. We
(Sprint) has no control over the actual operating system supplied to us such as the Carrier IQ as it is indigenous to the Android platform.
Click to expand...
Click to collapse
Off the record, Google has denied this referencing that the Nexus S did not have CIQ installed on it because they would not let carriers install such software on their native Android devices.
In the same conversation and follow up email Sprint stated;
removing the Carrier IQ software from your Samsung Epic device can void your manufacturer warranty.
Click to expand...
Click to collapse
The representative was questioned on Sprint's use of the word "can" but could not elaborate on under what circumstances removal of CIQ would not void the warranty.
Update July 5, 2011
Sprint still refuses to address the concerns over Carrier IQ's potentially invasive nature. When directly questioned on if CIQ as it is installed on Sprint hardware is capable of the level of invasive data collection as previously reported by Steve Toplez, Sprint responds with complete silence.
I have since requested contact and an official response from both Sprint's compliance department and General Counsel. Once again, the silence is deafening.
Good thinking
Sweet ... but this might just start another debate ..
Lets hope it doesn't. I would really like to see this community come together and allow this information to be provided with little or no flaming, thread hijacking or warring.
Description of CarrierIQs Service
Mobile Service Intelligence
Mobile Service Intelligence is the process of analyzing data from phones to give you a uniquely powerful insight into mobile service quality and user behavior. Carrier IQ's Mobile Service Intelligence Platform (MSIP) is the smart database at the heart of our solution. It receives raw data (known as Metrics) from phones and converts them into reliable, repeatable Measures which feed into analytic applications. The MSIP delivers true enterprise grade performance, with its proven ability to process data submitted by millions of phones with outstanding integrity and security.
Get the Insight
We know you don't just want data, you want to solve business problems and identify new business opportunities. The IQ Insight application suite uses data from the MSIP to deliver true Actionable Intelligence, tailored to specific business areas. From the performance information to support the launch of a new phone or service to historical information to understand in detail customer behavior and usage patterns, the IQ Insight suite cuts through the complexity to allow you to focus on critical business issues, create and track Key Performance Indicators (KPIs) and all in the knowledge that the data is measured at the point the customer experienced it – in the phone.
What's more, the combination of the MSIP and IQ Insight lets you move seamlessly from broad trend data across many users, through comparative groups down to diagnostic data from individual devices. Now, not only can you identify trends, you have the power to drill down to specific instances, giving you the insight your specialists need to make a difference. That is the power of Mobile Service Intelligence.
Click to expand...
Click to collapse
http://www.freshnews.com/news/383257/carrier-iq-powers-android-platform-mobile-service-intelligence
twolostminds said:
Lets hope it doesn't. I would really like to see this community come together and allow this information to be provided with little or no flaming, thread hijacking or warring.
Click to expand...
Click to collapse
as info is provided, you should compile it (in an easy to read format) in the first post so others don't have to read through (potentially) pages and pages of stuff.. (you can use 'code' HTML tags to 'condense' longer text into smaller boxes I think)
Just my .02
and hopefully the community can come together and compile good/relevant info without all the drama.
http://www.carrieriq.com/overview/IQInsightServiceAnalyzer/ServiceAnalyzer.datasheet.pdf
by the way, as far as framework.. to be effectively removed you only need to remove it from 4 files. it is referenced elsewhere scattered throughout... but the four main files are
DialerTabActivity.apk
ext.jar
framework.jar
services.jar
then in the kernels initramfs, you have to disable the service in the init.rc
http://www.carrieriq.com/overview/IQInsightDeviceAnalyzer/DeviceAnalyzer.datasheet.pdf
this datasheet, makes it sound like its installed for testing the phone, then turned off and can be turned on if needed for support..
daddymikey1975 said:
as info is provided, you should compile it (in an easy to read format) in the first post so others don't have to read through (potentially) pages and pages of stuff.. (you can use 'code' HTML tags to 'condense' longer text into smaller boxes I think)
Just my .02
and hopefully the community can come together and compile good/relevant info without all the drama.
Click to expand...
Click to collapse
I will be updating the OP on a regular basis and once enough verifiable information is gathered I will be creating a Wiki-like posting.
i would think that if we are rooting and also using custom roms or taking features Sprint has built into the phone (Carrieriq) then would we not be violating the terms and conditions of service. And lets not forget that google can tell if we are rooted as we can not get movie rentals from the market. Also google and sprint are able to see what apps we have installed and if they see super user app then its a safebet we are rooted. If google wants to get rid of rooted apps they can by simply removing them from the market upon carrier request like vzw and att did for wifi tether.
chris41g said:
...
then in the kernels initramfs, you have to disable the service in the init.rc
Click to expand...
Click to collapse
sorry noob here, I'm running stock EC05, how do I remove it from init.rc?
chris41g said:
http://www.carrieriq.com/overview/IQInsightDeviceAnalyzer/DeviceAnalyzer.datasheet.pdf
this datasheet, makes it sound like its installed for testing the phone, then turned off and can be turned on if needed for support..
Click to expand...
Click to collapse
I don't know much about it but I do know it runs in the background at boot. To me, that's not "turned off."
dchawk81 said:
I don't know much about it but I do know it runs in the background at boot. To me, that's not "turned off."
Click to expand...
Click to collapse
The service is running, with logging and reporting turned off, and can (presumably) be remotely activated..
Sent from my SPH-D700 using XDA App
chris41g said:
The service is running, with logging and reporting turned off, and can (presumably) be remotely activated..
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
Right. So it's not truly off. Standby isn't off.
Since it's not off, I prefer it gone.
From what I've been able to gather from it it doesn't do much of anything. It has the potential to track stuff, but i'd bet stuff for marketing purposes and possibly troubleshooting remotely.
Everyone is all up in arms over removing it, but there or not it doesn't have any effect on your phone, or battery life.
As far as security purposes, you may as well stop using your phone all together, because thats similar to the kind of stuff google can collect from your phone at any point. Its not a big deal, its not important, and the performance gain for removing any of it is nil.
Well if it doesn't do anything at all, it doesn't need to be there.
chris41g said:
http://www.carrieriq.com/overview/IQInsightServiceAnalyzer/ServiceAnalyzer.datasheet.pdf
by the way, as far as framework.. to be effectively removed you only need to remove it from 4 files. it is referenced elsewhere scattered throughout... but the four main files are
DialerTabActivity.apk
ext.jar
framework.jar
services.jar
then in the kernels initramfs, you have to disable the service in the init.rc
Click to expand...
Click to collapse
Does anyone have a list of every file that references CIQ?
twolostminds said:
Does anyone have a list of every file that references CIQ?
Click to expand...
Click to collapse
That would be an almost impossible task, without going through the source... and even then there are likely to be closed source files too....
The list I gave you is what is edited in a nociq rom though..
Sent from my SPH-D700 using XDA App
chris41g said:
That would be an almost impossible task, without going through the source... and even then there are likely to be closed source files too....
The list I gave you is what is edited in a nociq rom though..
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
You are probably right, it would be impossible without access to both open and closed source. My goal is to put together the most complete and comprehensive information source on CIQ's implementation and capabilities as installed in Android. So any other references that have been found would be greatly appreciated.
The Vulnerability
In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, corporate evilness - it doesn't matter. If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in.
That is not the case. What Trevor found is only the tip of the iceberg - we are all still digging deeper - but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:
the list of user accounts, including email addresses and sync status for each
last known network and GPS locations and a limited previous history of locations
phone numbers from the phone log
SMS data, including phone numbers and encoded text (not sure yet if it's possible to decode it, but very likely)
system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails.
But that's not all. After looking at the huge amount of data (the log file was 3.5MB on my EVO 3D) that is vulnerable to apps exploiting this vulnerability all day, I found the following is also exposed (granted, some of which may be already available to any app via the Android APIs):
active notifications in the notification bar, including notification text
build number, bootloader version, radio version, kernel version
network info, including IP addresses
full memory info
CPU info
file system info and free space on each partition
running processes
current snapshot/stacktrace of not only every running process but every running thread
list of installed apps, including permissions used, user ids, versions, and more
system properties/variables
currently active broadcast listeners and history of past broadcasts received
currently active content providers
battery info and status, including charging/wake lock history
and more
Let me put it another way. By using only the INTERNET permission, any app can also gain at least the following:
ACCESS_COARSE_LOCATION Allows an application to access coarse (e.g., Cell-ID, WiFi) location
ACCESS_FINE_LOCATION Allows an application to access fine (e.g., GPS) location
ACCESS_LOCATION_EXTRA_COMMANDS Allows an application to access extra location provider commands
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
BATTERY_STATS Allows an application to collect battery statistics
DUMP Allows an application to retrieve state dump information from system services.
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
GET_PACKAGE_SIZE Allows an application to find out the space used by any package.
GET_TASKS Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.
READ_LOGS Allows an application to read the low-level system log files.
READ_SYNC_SETTINGS Allows applications to read the sync settings
READ_SYNC_STATS Allows applications to read the sync stats
Theoretically, it may be possible to clone a device using only a small subset of the information leaked here.
I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door. For a more technical explanation, see the section below.
Additionally, and the implications of this could end up being insignificant, yet still very suspicious, HTC also decided to add an app called androidvncserver.apk to their Android OS installations. If you're not familiar with the definition of VNC, it is basically a remote access server. On the EVO 3D, it was present from the start and updated in the latest OTA. The app doesn't get started by default, but who knows what and who can trigger it and potentially get access to your phone remotely? I'm sure we'll know soon enough - HTC, care to tell us what it's doing here?
Technical Details
In addition to Carrier IQ (CIQ) that was planted by HTC/Sprint and prompted all kinds of questions a while ago, HTC also included another app called HtcLoggers.apk. This app is capable of collecting all kinds of data, as I mentioned above, and then... provide it to anyone who asks for it by opening a local port. Yup, not just HTC, but anyone who connects to it, which happens to be any app with the INTERNET permission. Ironically, because a given app has the INTERNET permission, it can also send all the data off to a remote server, killing 2 birds with one stone permission.
In fact, HtcLogger has a whole interface which accepts a variety of commands (such as the handy :help: that shows all available commands). Oh yeah - and no login/password are required to access said interface.
Furthermore, it's worth noting that HtcLogger tries to use root to dump even more data, such as WiMax state, and may attempt to run something called htcserviced - at least this code is present in the source:
/system/xbin/su 0 /data/data/com.htc.loggers/bin/htcserviced
HtcLoggers is only one of the services that is collecting data, and we haven't even gotten to the bottom of what else it can do, let alone what the other services are capable of doing. But hey - I think you'll agree that this is already more than enough.
Patching The Vulnerability
... is not possible without either root or an update from HTC. If you do root, we recommend immediate removal of Htcloggers (you can find it at /system/app/HtcLoggers.apk).
Stay safe and don't download suspicious apps. Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower.
Affected Phones
Note: Only stock Sense firmware is affected - if you're running an AOSP-based ROM like CyanogenMod, you are safe.
EVO 4G
EVO 3D
Thunderbolt
EVO Shift 4G? (thanks, pm)
MyTouch 4G Slide? (thanks, Michael)
the upcoming Vigor? (thanks, bjn714)
some Sensations? (thanks, Nick)
View 4G? (thanks, Pat)
the upcoming Kingdom? (thanks, Pat)
most likely others - we haven't verified them yet, but you can help us by downloading the proof of concept above and running the APK
HTC's Response
After finding the vulnerability, Trevor contacted HTC on September 24th and received no real response for five business days, after which he released this information to the public (as per RF full disclosure Policy). In my experience, lighting fire under someone's ass in public makes things move a whole lot faster, which is why responsible disclosure is a norm in the security industry. (This is where we come in.)
As far as we know, HTC is now looking into the issue, but no statement has been issued yet.
HTC, you got yourself into this mess, and it's now up to you to climb out of the hole as fast as possible, in your own interest.
The ball is in your court.
Credit
ANDROID POLICE
Huge thank you to Trevor Eckhart who found the vulnerability and Justin Case for working with us today digging deeper.
Hi there, I need help, someone is consistently hacking into my phone, htc evo 4g, they are penetration testers and pc savvy, currently I cant login to the phn for trying to do a factory reset. They kept intercepting me and now my password does not work. Who knows maybe they changed it on their side. I wrote down everything I saw. I was seeing all these process running for the same app. in my applications. My phone was getting hot, freezes but its people that live in my apt complex and at work. can you help?
zzm5 said:
Hi there, I need help, someone is consistently hacking into my phone, htc evo 4g, they are penetration testers and pc savvy, currently I cant login to the phn for trying to do a factory reset. They kept intercepting me and now my password does not work. Who knows maybe they changed it on their side. I wrote down everything I saw. I was seeing all these process running for the same app. in my applications. My phone was getting hot, freezes but its people that live in my apt complex and at work. can you help?
Click to expand...
Click to collapse
Is your device rooted?
I used root explorer and removed the HtcLoggers.apk and other than the forced close loop that removing it caused (requiring me to remove the battery), after rebooting all seems to be working fine.
EDIT: Actually I didn't just delete HtcLoggers.apk but moved it to a safe location on the SD Card in case there was a problem and it needed to be restored. I highly suggest you do this instead of just deleting it, or better yet, a nandroid backup.
there are a few good ROMS out there that have the ICQ loggers removed already.
Do we really need three threads on the front page about the same thing?
While it has been rumored and feared practically since the operating system's creation, one of the nightmare scenarios for some unlucky Android users has finally become very real. Japan's second largest mobile carrier, KDDI, has gone where no carrier has dared before and has begun disguising advertisements as system notifications on their Android devices.
It seems that an app bundled with KDDI devices is the cause of the controversial ad system. The "au one market" is a secondary market application that comes with most of the smartphones on the carrier's service. This newest evil addition came in the form of an update which prompted the user with two warnings.
Quote
1. au one Market app stays resident even when you are not using the app, 2. notification space will be used to inform good deals to customers.
There are similar ad experiences from certain applications and services already in the U.S. but this is the first time we've seen this behavior from an actual mobile carrier. It's scary to think of this becoming common place so be sure to voice your opposition on this sort of guerrilla advertising to your carrier representatives before it's too late. This is also just all the more reason to keep your rootz skills as up to date as possible. Removing that carrier bloatware is becoming seemingly more and more essential these days....
Click to expand...
Click to collapse
Source: RootzWiki
Read for yourself here
since i've installed an app (don't know which one) i'm starting to something like this on my status bar... do you guys know anything about this?
This sucks... Are they even allowed to do this?
@gigeaky
Check if you have Easy Mp3 Download or DroID3Tagger. One of them should be the Ads source.
Install Airpush Detector or Addons Detector from the market to find the offending app.
Nothing root+delete offending app can't solve.
That said, still sucks, they'll probably end any warranty or whatever services they may offer if they find out. I guess you can still delete any traces of root and send it to samsung. They probably couldn't care less if you uninstalled some carrier app.
I don't mind ads at all while they aren't intrusive. I understand their purpose and their importance. But being randomly interrupted by some notification ad is the worse kind of interruption, as useless as it gets, not to mention the unsolicited data traffic and extra battery drain. I can even see them going a notch up and create random popups out of that you need to dismiss. Now, i like android the best of all mobile operative systems, but i draw a line here. If google ever enforced this at system level with no way around, i'd leave android completely.
I agree, I guess all those stuff is from carriers and not from Google so that I think it won't be difficult delete it.
gigeaky said:
since i've installed an app (don't know which one) i'm starting to something like this on my status bar... do you guys know anything about this?
Click to expand...
Click to collapse
Yes, I seem to be getting similar notifications, I can't for the life of me work out what app they are related to...
can anyone make a patch for all variants of hd2 roms from gb up i used the bluebox app to check if my phone was vunerable for this bug 13678484 (fake id) and my daily driver barebone cm7 v2b was, and id say all roms developed for hd2 are vunerable have searched the net for how to patch this vunerability but cant find the info abywhere this is something i think all xda devs for this device will have to sort out as we cannot get help from carriers on this as this is what advice is given "contact your carrier or phone vendor for patch. if anyone has advice on how to sort this out would be very thankful i think xda should run a piece about this vunerability and what steps are being taken by all devs on xda to patch this vunerabilitu for older handsets likemy hd2.
Bluebox Security revealed a significant security flaw that affects all Android devices since version 2.1. Our hyperbolic title mocks the fact that he had little to ignite the Internet powders. If the fault is real, it should take a step back and put the case in context instead of screaming panic for nothing.
A serious flaw that affects a large number of terminals
Very schematically, the fault Fake ID allows malware to authenticate using the signature of a known application to hide its true origin. The firm provides an example of a virus masquerading as an Adobe Systems and Google software which would be able to become a Trojan horse or steal data used by Google Wallet acquiring the necessary permissions without using the user.
The flaw is serious. However, Google has already been made aware, he has already released a patch he sent to his partners, he corrected the flaw in Android 4.4 KitKat, he scanned the Google Play and can say that no application in its store uses this vulnerability. Finally, Verify Apps, which monitors the behavior of applications on an Android device, is also fixed and can detect an application attempting to exploit Fake ID.
A patch already in place and a flaw in a very limited scope that still show that Google still has work to do in terms of security
In short, it is true that it is possible to be a victim of this fault, but it requires a terminal that has not been updated, download an application containing malware does not come from Google and Play Verify Apps have disabled or have an Android version of which is free. Suffice to say that the cases in question are very limited.
This flaw shows that Google still has work to do in terms of its security strategy. Last month, we décriions lax features the Play Store. Today, we are dealing with a flaw of a limited scope, but was discovered by analyzing the shortcomings of the source code of the operating system.
This flaw shows that Google still has work to do in terms of its security strategy. Last month, we décriions lax features the Play Store. Today, we are dealing with a flaw of a limited scope, but was discovered by analyzing the shortcomings of the source code of the operating system.[/QUOTE]
while the info you have given is fine and i thank you for it, but there are other app stores people use beside google play store and reading up on this bug it is still possible their phones could become compromised downloading apps from them?
A Big Big Thank You
Just an update: opssemnik backported the fake id xposed module and it works perfectly with gb roms a big big thank you to him. he also supplied a link in the comments on http://www.xda-developers.com/android/fight-fake-id-vulnerability-xposed/ So once again a big thank you to opssemnik
According to Samsung customer support and some members of this forum, this device does not have a built-in way of blocking Internet access for specific applications!
Many of those apps have permissions like "storage", "phone ID", "contacts", "calendar", "camera", "microphone", etc...
Therefore, when those applications are given Internet access they will be able to send all our data via the Internet...
That's why it would be of crucial importance and vital to have a built-in way of blocking Internet access to those apps.
For example, if an application has access to your data, to your storage or your contacts, it stands to reason that it should not have Internet access...
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Google, Samsung or any other companies should not have, simultaneously, access to our storage data, contacts, calendar, camera, microphone..., and Internet access to send out all those data and info...
Besides, most apps are proprietary... so nobody knows what info or data the app is really sending out...
(Curiously and as a side note, my son has a Huawei P10 and that device allows the user to block Internet access to specific apps).
Therefore, given that this Samsung device does not have a way to limit specific applications from reaching the Internet, the phone is a spyware device!
Niccolò Paganini said:
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Click to expand...
Click to collapse
Its google that doesn't want to implement an internet permission, we can block apps from access to storage/location/contacts and whatnot but not the internet, blame google not samsung.
peachpuff said:
Its google that doesn't want to implement an internet permission, we can block apps from access to storage/location/contacts and whatnot but not the internet, blame google not samsung.
Click to expand...
Click to collapse
Well, blame them both. Samsung is knowingly 'accepting' the Google 'flaw' on it's phone. So Samsung is also culpable.
Talk about an Over the Top Melodramatic 1st post!
Stay off the internet - Get rid of your Smart TV - Live in a box... SMH
Sent from my SM-G955W ??
Niccolò Paganini said:
According to Samsung customer support and some members of this forum, this device does not have a built-in way of blocking Internet access for specific applications!
Many of those apps have permissions like "storage", "phone ID", "contacts", "calendar", "camera", "microphone", etc...
Therefore, when those applications are given Internet access they will be able to send all our data via the Internet...
That's why it would be of crucial importance and vital to have a built-in way of blocking Internet access to those apps.
For example, if an application has access to your data, to your storage or your contacts, it stands to reason that it should not have Internet access...
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Google, Samsung or any other companies should not have, simultaneously, access to our storage data, contacts, calendar, camera, microphone..., and Internet access to send out all those data and info...
Besides, most apps are proprietary... so nobody knows what info or data the app is really sending out...
(Curiously and as a side note, my son has a Huawei P10 and that device allows the user to block Internet access to specific apps).
Therefore, given that this Samsung device does not have a way to limit specific applications from reaching the Internet, the phone is a spyware device!
Click to expand...
Click to collapse
I wouldn't worry about it the NSA and Google already know everything about you.
without permissions 99% of your apps won't work. want to stop tracking ?dig deep into your account, real real deep to cut off a lot of privacy issues
then when you have time, google your name
pltctytc said:
....then when you have time, google your name
Click to expand...
Click to collapse
Not much came out for me, just a Google+, Twitter, Photobucket and my company activity...
But: I must agree with OP to some extent...at the end it is weighting between functionality vs privacy.
Gregzi said:
Not much came out for me, just a Google+, Twitter, Photobucket and my company activity...
But: I must agree with OP to some extent...at the end it is weighting between functionality vs privacy.
Click to expand...
Click to collapse
Agreeing to ANY extent with the OP's RIDICULOUS and ABSURD post & a Thread Title that is Entirely Misleading and Uninformed!
While everyone is entitled to their opinion - This Thread & Particularly it's Title are perilously close to warrant being Reported to the Mods!
It's a simple process to Disable Background Data for each and every Application that you decide to disable in Settings - Apps - Permissions - Data - Background /Toggle Off.
I made reference to Smart TV's as they are constantly "listening" in order to provide functionality - Then there's Laptop cameras which could be equally used to "spy" on their users... Are we to disable the functionality offered by Ok Google - Which is also "listening" to provide the functionality that we have come to expect from our technology?
Two Tin Cans and String are the bastion of the Paranoid & Conspiracy Theorists.
Sent from my SM-G955W ??
**** this I'm going back to a Palm Pixi so the NSA can't spy on me!
What if.....
The NSA IS Google?!
Seriously? You're downloading things from F-Droid and Yalp and you're concerned with what data individual apps are sending? If you don't trust an app to have an internet connection, why on earth are you using it? If you don't trust the company behind an app to use your data appropriately, whey are you using that app? Do you shut off all data so your internet/mobile provider can't sniff out what you're doing? Tin foil is relatively cheap.
Niccolò Paganini said:
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Click to expand...
Click to collapse
Surely this is "the only reason", surely. I'll assume you have thought through the entire process of creating a mobile phone operating system as complex as Android, and also every detail involved in creating an application ecosystem that scales to millions of user created applications access by billions of people that worldwide probably generates over a trillion dollars in overall economic revenue (including employment by business built around it, advertising money spent, etc). Surely you saw a foolproof way too easily do all of this AND follow seemingly arbitrary privacy rules? You MUST have also COMPLETELY ruled out every other innocent explanation using this model, including showing conclusively that it wouldn't cause ANRs, app crashes, or anything else. Right?
You also have data showing more than just you would revoke this permission right?
Right?
Mr. Orange 645 said:
What if.....
The NSA IS Google?!
Click to expand...
Click to collapse
You mean you only just realised this NOW???!
I have to say, I'm always amazed how little people care about the spying that's being done through their phones. Saying "live in a box" or "just don't use the app" is a stupid response. You can still want to be part of society (which nowadays REQUIRES using whatsapp/facebook/google) EVEN THOUGH you're uncomfortable with the privacy implications. Someone acknowledging and being aware of this, and trying to improve upon it (or even simpler, just demanding improvements by the companies you pay a thousand dollar for a new phone) is often ridiculed as if it wouldn't matter, or people accept it as an something that is required for the systems we use. Social networks could work totally fine without being centralized, google maps doesn't actually need to send your location to google to function, and no app that i know of needs to send your usage of the phone to their company to do whatever it promises to do. Yet many apps do. It's not so much about that it is possible, the problem is that it is allowed. It shouldn't be allowed, much of the data collection should simply be outlawed. But, since hardly anyone seems to care, I don't see that coming anytime soon. I've tried to find people interested in this, but not even on reddit /r/privacy/ this seems to be a major concern.
@the_toast
There's a difference between being responsible for the amount of privacy you have and the amount of personal information that has already been made available... long before people were even aware of the amount of personal information that was already gleaned from the Products and Services that you have been using for years. To some extent trying to reign in your personal information is like closing the barn door after the horse is long gone.
The guy who originally posted this Thread is focusing his "panic" on one device and THAT is naive and Grossly Misleading!
Whether it's FB (which I don't use) or signing up for a Loyalty card - Your personal information is everywhere! Using common sense going forward is the only rational approach, but standing on an imaginary mountain top and shouting to the world that one device is "spyware" is ridiculous and deserves to be called out ?
Sent from my SM-G955W ??
Ahh, the time of the Internet where everyone knows who you are, what you're doing, what you're buying, what sites you browse, your fetishes, etc. Most importantly, here in the U.S., your IP now can sell your internet history to anyone they please, even that time you looked up 2 girls and a cup. Sorry, Charlie, your life is no longer a private one and never will be again.
MiMtnBiker said:
Ahh, the time of the Internet where everyone knows who you are, what you're doing, what you're buying, what sites you browse, your fetishes, etc. Most importantly, here in the U.S., your IP now can sell your internet history to anyone they please, even that time you looked up 2 girls and a cup. Sorry, Charlie, your life is no longer a private one and never will be again.
Click to expand...
Click to collapse
And if you Travel into the USA... Did you know THIS?
https://www.google.ca/amp/www.cbc.ca/amp/1.4494371#ampshare=http://www.cbc.ca/1.4494371
Sent from my SM-G955W ??
@shaggyskunk True, the OP is alarmist and uninformed. I was just put off by many of the answers, which basically said "why do you use Internet then". With respect to your post about searching phones - we can easily make this a scare thread (and people would be scared for good reasons). Let me continue:
- apps that want to use your microphone without apparent reason (of course also the ones WITH a good reason to use the mic) can track you through high-pitched sounds you cannot hear, which are emitted e.g. by some retailers to track you through their store.
- You talk about 1 in 13.000 people arriving in the US getting their phone/laptop looked at and potentially copied? How about knowing for 1Bn people (1 in 7 on earth) who they talk with, when they talk with them, and in which location they are whenever their phone has internet. That's Whatsapp.
@MiMtnBiker Gnn that's exactly my problem, people just accept it and believe it's never going to change. I'm not happy they know what kind of porn I'm looking at, and even less happy that they could sell the information (although I don't live in the US). If it is that way, it CAN be fixed, you CAN prohibit selling this information. Or to collect it at all. It's definitely better to know the big 5 have all my information but won't have all future information about me than to know they can continue like this forever
@the_toast
Many of the answers - including "live in a box" - "stay off the internet" were in direct response to the careless & irresponsible comments by the OP - like = like?
Not only your phone has the potential to gain access to your personal information - But your Laptop camera - Your Smart TV (that is "listening") But this technology is something that most people appreciate and expect their tech to provide them with the functionality that they want - Being aware of the capabilities of your Tech is prudent - being paranoid & frightened by it is just sad.
The issues of Privacy are extensive and if someone decides to pull on that thread - it's going to be never ending.
Common sense & being informed is the most appropriate way to go ??
Sent from my SM-G955W ??
the_toast said:
@shaggyskunk True, the OP is alarmist and uninformed. I was just put off by many of the answers, which basically said "why do you use Internet then". With respect to your post about searching phones - we can easily make this a scare thread (and people would be scared for good reasons). Let me continue:
- apps that want to use your microphone without apparent reason (of course also the ones WITH a good reason to use the mic) can track you through high-pitched sounds you cannot hear, which are emitted e.g. by some retailers to track you through their store.
- You talk about 1 in 13.000 people arriving in the US getting their phone/laptop looked at and potentially copied? How about knowing for 1Bn people (1 in 7 on earth) who they talk with, when they talk with them, and in which location they are whenever their phone has internet. That's Whatsapp.
@MiMtnBiker Gnn that's exactly my problem, people just accept it and believe it's never going to change. I'm not happy they know what kind of porn I'm looking at, and even less happy that they could sell the information (although I don't live in the US). If it is that way, it CAN be fixed, you CAN prohibit selling this information. Or to collect it at all. It's definitely better to know the big 5 have all my information but won't have all future information about me than to know they can continue like this forever
Click to expand...
Click to collapse
I'm afraid the only way you are going to change it is to completely get off the grid. Many people are oblivious to the fact that they are willingly giving up their personal information when they have their noses buried in their smartphones pert near all day. What's worse is that the politicians only seem to cater to the wealthy, and since they are salivating at the idea of getting their grubby hands on your info, this will continue. Unless there is a huge uprising and people assemble in protest of this, it will not stop. Heck, I don't even think it will stop, then. Nope, money is the reason as to why this won't change and, unfortunately, you have no say in the matter. Unless, that is, you do get completely off the grid.