Results 1 to 8 of 8

Thread: HTC Sneaks Spying App into Android 2.3.4 Phones

  1. #1
    Retired WiiHacks Staff peire's Avatar
    Join Date
    Sep 2010
    Location
    England,Liverpool (land of the scousers)
    Posts
    6,674
    Thanks
    980
    Thanked 1,377 Times in 1,137 Posts
    Blog Entries
    10

    HTC Sneaks Spying App into Android 2.3.4 Phones

    Looks like HTC has quietly slipped its users a spying app that tracks an alarming amount of user behavior and sends that data off to itself and perhaps others via a mysterious service in the cloud. The snooping app came nestled with the 2.3.4 Android update pushed out to some of its smartphones such as the Sensation 4G and EVO 4G.
    TrevE and Team Synergy of the InfectedROM site (and XDA fame), discovered the app. HTC includes an application called Carrier IQ and Carrier IQ recently added a user-behavior logging feature called IQ Insight Experience Manager.


    According to the Carrier IQ website: "IQ Insight Experience Manager uses data directly from the mobile phone itself to give a precise view of how users interact with both their phones and the services delivered through them, even if the phone is not communicating with the network. ... Identify exactly how your customers interact with services and which ones they use. See which content they consume, even offline."
    But wait there's more. Turns out that after HTC collects these stats, CIQ isn't the only app with access to them. TrevE writes:
    "CIQ is meant to monitor user activity and send logs off to wherever. Shortly after seeing this, team synergy went to work finding out exactly what was being done. ... Come to find out, CIQ is not the only part of android responsible for sending these stats. They get written out by framework to 4 major locations."
    The four locations are ...
    1- /data/system/appusagestats: Hosts a file that seems to collect every Android intent used on the phone. An intent is abstract description of an operation to be performed and is used, for instance, to launch activities. An intent is used to dial the phone, display the contact information and so on.
    2- /data/system/usagestats - Team Synergy concluded that these are Google usage stats collecting much the same data as appusagestats and possibly sending this data somewhere else.
    3- /data/system/userbehavior.db -- This looked to hold the IP address where the data is sent. They discovered two IP addresses in their phone going to Amazon cloud services.
    4- /data/system/dropbox -- TrevE writes, "Now this is interesting, there were over 500 files in this directory. When we deleted everything in this folder and opened market, logcat reported errors looking for these files. Why is the market looking for these files on start?"
    Do HTC users have the right to complain -- or even opt out of this snooping behavior? Apparently, not if the HTC license agreement is to be believed, points out Chris Chavez, on the Phandroid site.
    He notes that users apparently are required to agree. Look at Settings > About Phone > Legal > HTC Legal and you'll find that HTC tells you it is collecting information. Each device has been allocated with "one or more unique identification numbers," the agreement says, It later adds: "HTC might share non-personal, aggregated information with selected third parties. However such information will not identify you personally." The privacy statement goes on like that for quite a few paragraphs, on the one hand explaining that it is gathering information, and that it reserves the right to share it, but promising that the data won't be personally identifiable.
    Now the good folks at Team Synergy have, of course, managed to kill off the app and remove it from the framework locations and have provided this code on a ROM. Unfortunately, ROM flashing and fiddling with system apps requires root access. And more unfortunately, as soon as you root your phone, the snooping app will know and could tell HTC, voiding your phone warranty.



    thanks to bmarlo for this signature


  2. 1 User Says Thank You peire For This Useful Post


  3. #2
    Senior Member Shift_Lock's Avatar
    Join Date
    Dec 2010
    Location
    The City of Rain
    Posts
    5,932
    Thanks
    1,320
    Thanked 1,389 Times in 1,030 Posts
    Blog Entries
    2
    Thats effin lame....... im kinda upset now..

    Did I come off like a jerk?? Read more here


    [/spoiler]

  4. #3
    Member
    Join Date
    Jun 2010
    Posts
    2,811
    Thanks
    273
    Thanked 771 Times in 588 Posts
    all modern cell phones are trackable to a certain extent, big brother is always looking...


  5. #4
    Senior Member Shift_Lock's Avatar
    Join Date
    Dec 2010
    Location
    The City of Rain
    Posts
    5,932
    Thanks
    1,320
    Thanked 1,389 Times in 1,030 Posts
    Blog Entries
    2
    Yeah but thats pretty extensive..

    Did I come off like a jerk?? Read more here


    [/spoiler]

  6. #5
    Senior Member
    WiiHacks Staff
    Nancy the Moderator

    VWA, Game Master, News Hound
    Only site donators may send a PM to WiiHacks Staff
    Red_Gh0st's Avatar
    Join Date
    Jul 2009
    Location
    Puerto Rico. Sexyness: 2376
    Posts
    6,289
    Thanks
    628
    Thanked 2,142 Times in 1,350 Posts
    Blog Entries
    26
    There are free tracking apps on tje iphone

    Sent from my iPod touch using the WiiHacks App

  7. #6
    Senior Member Shift_Lock's Avatar
    Join Date
    Dec 2010
    Location
    The City of Rain
    Posts
    5,932
    Thanks
    1,320
    Thanked 1,389 Times in 1,030 Posts
    Blog Entries
    2
    I dont wanna be tracked loL!

    Did I come off like a jerk?? Read more here


    [/spoiler]

  8. #7
    New Member adam2new's Avatar
    Join Date
    May 2011
    Posts
    3
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Uh oh... I guess I'm in trouble =(

  9. #8
    WiiHacks Staff
    Only Site Donators Can PM Staff
    Forum Administrator
    IRC AOP
    Wall-Eyed Mucksucker
    emuhack's Avatar
    Join Date
    Aug 2009
    Location
    Windy City
    Posts
    7,471
    Thanks
    892
    Thanked 2,132 Times in 1,347 Posts
    Blog Entries
    13
    That is why I rooted and removed the bloatware!!!! Mmwwwahhhhhh

    ------------------
    Sent from my DROID X2 using WiiHacks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •