The controversy over stealthy monitoring software by CarrierIQ has raised important questions about user privacy and business ethics in the Brave New World of smart phones, tablets and the like. In the uproar over CarrierIQ’s surreptitious monitoring of mobile phone users, various tools have appeared that claim to be able to detect the software. However – removing CarrierIQ from your phone is another matter entirely. And,while some sites have offered instructions on doing so, Kaspersky Lab researcher Tim Armstrong said that, for all but a few mobile phone hardware experts, doing a CarrierIQ-pendectomy is a bad idea. 

The software simply can’t be removed by the average user,” Armstrong writes in a blog post on Securelist. “Even if a person ‘roots’ or ‘jailbreaks’ their phone to remove the software, there have been reports that this breaks functionality , or even ‘softbricks’ or temporarily renders the phone inoperable. Some other users are flashing custom ROM’s to their systems. These are customized full replacements of the vendor installed operating system. In some cases, users are still finding Carrier IQ files present after doing so.” 

Not that Armstrong doesn’t sympathize that those who want to rid their phone of the noxious wares. 

I have no problem with improving service. I hate dropped calls too. What I do have a problem with is service providers who are intentionally uninformative about what they are doing with your data on a device you’ve paid for, and then not allowing any type of removal or opt-out. Even though this is probably not illegal, it is certainly unethical,” he writes. 

Read the rest of Tim’s post on Kaspersky Lab’s Securelist blog

Categories: Apple, Malware, Mobile Security, SMB Security, Social Engineering

Comments (7)

  1. Anonymous
    1

    I rooted my HTC EVO 4G and used root uninstaller to freeze HTC IQ AGENT and IQRD. Took about an hour to figure out. Not that painful and my battery life has dramatically improved now!

  2. sandhu
    2

    Really poor reporting. Just one odd case of CIQ removal causing issues does not equal “reports”. There are tens of ROMs that have removed CIQ with no side-effects on performance.


    Is this *researcher* for real?

  3. Anonymous
    3

    “ROM’s” is not plural for “ROM”.

    “ROMs” is.

    You don’t like “car’s” or fly in “airplane’s”, do you?

     

  4. Anonymous
    4

    I have a tendancy to agree with Tim on this. While for those of us who hang out in the CLI world all day or are comfortable using custom ROMs on our phones, be it IPhone or Android, I would say that a lot i.e. most folks would have no clue. Yes there are instructions, and you could probably do it, but… Your warenty is bye bye, and if you have call problems and call your carrier, there is a good chance you might hear “click” the moment you mention that you are running a custom ROM.

    Honestly if you want to run something custom great but I think the intention of this article is that if you care about your warenty, and might want support and are not technically savvy it might be a good idea to leave it alone. Dan Rosenberg has done some follow up research as well which I think might be worth reading.

    There are also a few developers who make the custom ROMs who feel that same way that the average joe might not want to try this at home.

  5. Anonymous
    5

    Why would anyone have a problem with a company that can log calls, texts, keystrokes, location, web requests–EVERYTHING–and that will do so with neither your knowledge or consent?

    How about this: What if this company takes this dossier they’ve compiled on you, and decided to sell it? Think they won’t? Think information that fine-grained and detailed doesn’t have a value on the open market?

    For those still trusting and sanguine, I have two words for you: disgruntled employee. Two more: organized crime.

    Worried yet? If not, you’re a fool.

Comments are closed.