If you have a rooted Android device then you can check it for the Carrier IQ rootkit right now. Trevor Eckhart, aka, TrevE over at xda-developers, the security researcher who exposed the whole Carrier IQ debacle, posted an .APK you can install yourself to test for logging services like CIQ. Trevor also has a paid ($1) version of the tool that can remove CIQ on certain devices but we can't recommend it after seeing a few reported issues in the related forums.
We ran the test on a Samsung Galaxy S II (GSM) running on the UK carrier Three. It came up clean (see image above), unsurprisingly given the custom Cyanogen ROM that we're using. Dutch site Tweakblogs has readers reporting back their findings and thus far, only a single device, the 7-inch Samsung Galaxy Tab GT-P1000, returned a match for CIQ.
Back in the US, Jeffrey Nelson, of Verizon claims that Carrier IQ is not installed on Verizon phones. We'll be testing that claim soon enough. Meanwhile, let us know how your own testing goes in the comments below.
Update: A new app called Voodoo Carrier IQ Detector has been released to the Android Market that doesn't require root access. However, be aware of the author's disclaimer that the "results are not reliable yet" and it still generates "false positives." Regular updates are promised so it might make sense to bookmark this one, or install and set to auto-update while the developer works out the kinks.
There are 61 Comments. Add yours.
“trevor also has a paid version”
interesting..
Posted on Dec 01, 2011 | 7:26 AM EST reply Recommend (4) Flag actions
What are you implying? :P
Posted on Dec 01, 2011 | 8:15 AM EST reply Recommend (1) Flag actions
Well, you know what I’m implying.
It’s interesting how he mentions “Nokias and Blackberries and more” at the very start of his video, 2 phone brands with incredibly high volumes of phones in the world, and then posts this on Youtube after a first video that guaranteed a lot of buzz.
(Nokia categorically denied what he said btw)
Posted on Dec 01, 2011 | 8:24 AM EST reply Recommend Flag actions
A whole ..“Donate for the cause” .. site too…https://supporters.eff.org/donate
Posted on Dec 01, 2011 | 8:35 AM EST reply Recommend Flag actions
I can’t speak to Trevor Eckhart’s motivations specifically, but the EFF is one of the oldest and most respected internet consumer advocacy groups out there. That donations page has been up for years and years.
Posted on Dec 01, 2011 | 8:54 AM EST reply Recommend (30) Flag actions
Trevor Eckhart has been working on this since September. No one has really heard about it, outside of the Android modding world, until a few weeks ago when Android Police posted about it. Now everyone is posting about it.
Trevor has done a lot of work for the community. What Loly is saying implying that Trevor is trying to get rich off of this problem which is completely shortsighted. A lot of development work has gone into this and 99 cents is hardly anything to anyone. You’re lying if you say it is.
This is the problem with most people. They expect everything to be free even when a lot of time is spent away from friends and family while a programmer is sitting in front of a computer programming in a language he doesn’t like.
People like him really irk me.
/rant
Posted on Dec 01, 2011 | 12:25 PM EST reply Recommend (5) Flag actions
If I read the source correctly, he provided a free version that will allow you to manually uninstall the rootkit and a Pro version for $1 (yes, a whole dollar!) that will do it automatically.
How much more do you want him to do for free? Come to your house and uninstall it himself?
Posted on Dec 01, 2011 | 11:18 AM EST reply Recommend (10) Flag actions
ZFactor: Some people just can’t seem to get the point that there are devs and hackers out there that create these things for the common good :( and that’s a sad sight to see. Never use to be that way.
Posted on Dec 01, 2011 | 12:22 PM EST reply Recommend (1) Flag actions
Someone will have launched a free remover in days. :)
No big deal.
Posted on Dec 01, 2011 | 6:57 PM EST reply Recommend Flag actions
There already IS a free remover, released by Trevor Eckhart
This app has started to turn into a full security suite. It can be used to verify what logging is being done on your phone and where data is going to. It will assist you in manually removing parts you do not running (see post#1), or you can go pro for automatic everything (and support me)Don’t people bother reading the source material?
Posted on Dec 01, 2011 | 11:14 PM EST reply Recommend Flag actions
No. I don’t have time to read all the sources… You read all the source material for every post? I don’t have time, the article implied one didn’t exist.
Posted on Dec 02, 2011 | 8:38 PM EST reply Recommend Flag actions
I definitely read source material before I make comments about things I don’t yet have the full story on.
Hell, you could even have read the posts you were responding to, since I already indicated that Trevor released a free removal tool a whopping 2 posts up from yours.
Posted on Dec 03, 2011 | 4:44 PM EST reply Recommend Flag actions
I did read your post… we are arguing over a technicality.
I was clearly referring to the auto-remover which is not free.
Please apply common sense to your angry, passive-aggressive online ranting.
Posted on Dec 03, 2011 | 8:20 PM EST reply Recommend Flag actions
There’s no confusion about what you meant, its pretty black and white (especially with the second response). If it was really that you were “clearly” referring to the auto remover then you wouldn’t have said what you said in the second reply. Instead, it’s your last ditch effort to try to be right. It’s sad that its so hard for people to admit when they were mistaken, especially in cases where it really doesn’t matter.
Oh well, on to the next thing I suppose.
Posted on Dec 04, 2011 | 12:14 PM EST reply Recommend Flag actions
I think he’s implying that $1 is ‘too rich for his blood’ to remove something heinously evil from his phone. But then again, his phone is going to cost him about $2000 over a two year span, so you wouldn’t think $1 was a big deal.
Hm.
Posted on Dec 03, 2011 | 10:35 PM EST reply Recommend (1) Flag actions
Yeah pay to remove it. Help me understand why that’s an issue?
Posted on Dec 01, 2011 | 6:55 PM EST reply Recommend Flag actions
Running a rooted OG Droid with a ROM that doesn’t contain CIQ, so no worries here. Add this to the list of reasons to run custom ROMs or at the very least, an AOSP ROM.
Posted on Dec 01, 2011 | 7:30 AM EST reply Recommend (3) Flag actions
Galaxy S2 clear here (Samsung based custom rom : CheckROM )
Posted on Dec 01, 2011 | 7:40 AM EST reply Recommend Flag actions
Can we hope that all custom roms based on official firmwares are CarrierIQ free?
Posted on Dec 01, 2011 | 7:51 AM EST reply Recommend (1) Flag actions
I bet non carrier branded devices are free from this crap.
ODMs can’t risk having devices with Carrier IQ be leaked into EU – privacy laws would be enforced against such devices.
Posted on Dec 01, 2011 | 9:10 AM EST reply Recommend Flag actions
There’s privacy laws here, too. They may be different to what you get in the EU, but you can’t just log every keystroke someone makes on their phone. Totally illegal.
Posted on Dec 01, 2011 | 10:17 AM EST reply Recommend (2) Flag actions
Really? Seems like in US companies can get away with anything they can.
Posted on Dec 01, 2011 | 10:48 AM EST reply Recommend (2) Flag actions
ROMs built from AOSP Android should be free of it. It’s gotta be from AOSP.
Posted on Dec 01, 2011 | 1:09 PM EST reply Recommend Flag actions
I’m on an E4GT running LoSTKernel and I’ve got the herpe…. Uh, I mean CIQ. Fuckers.
Posted on Dec 01, 2011 | 11:44 AM EST via mobile reply Recommend Flag actions
Review iPhones from Tweakers don’t contain any CarrierIQ at all.
Posted on Dec 01, 2011 | 7:40 AM EST reply Recommend Flag actions
Nm, they found one that does have it under iOS5.
Posted on Dec 01, 2011 | 7:43 AM EST reply Recommend (6) Flag actions
Well, looks like your covers blown!
Posted on Dec 01, 2011 | 9:18 AM EST reply Recommend Flag actions
Nothing on my stock DROID Bionic
Posted on Dec 01, 2011 | 8:17 AM EST reply Recommend (2) Flag actions
OG Incredible with CM7. No CIQ here either.
Posted on Dec 01, 2011 | 8:22 AM EST via mobile reply Recommend Flag actions
Nothing on my iPhone 4S.
Posted on Dec 01, 2011 | 8:26 AM EST via mobile reply Recommend (1) Flag actions
Long time developer at xda. Thought I would shed a bit of light. Carrier IQ has very few contracts with carriers outside of the US so it’s unlikely you’ll find this particular software on most phones sold outside of the US. Sprint is Carrier IQ’s largest client. It can be found on almost all of their Android phones. AT&T is also a client, but they didn’t start putting this on their phones until very recently, so not all phones on AT&T have it. T-Mobile I’m less familiar with than Sprint than AT&T, but they definitely have it on at least some of their Android phones. I have never developed for or followed Verizon development so can’t comment on them. I checked my cousin’s Thunderbolt though and it was Carrier IQ free.
Posted on Dec 01, 2011 | 8:54 AM EST via mobile reply Recommend (5) Flag actions
Also, you probably don’t need an app to detect Carrier IQ on your phone. Just look at your running services in settings and if you see something called IQ Agent, say cheese.
Posted on Dec 01, 2011 | 9:02 AM EST reply Recommend (1) Flag actions
Nope— my E4GT just checked out positive but I see nothing running in services. This is supposedly running behind the OS, so I don’t see why it would ever show up in running services.
Posted on Dec 01, 2011 | 11:48 AM EST via mobile reply Recommend Flag actions
look again, on my epic 4g OG (not sgs2e4gt) with android 2.3 under running services one says Android System. Tap that, next screen says IQ agent. Hello there you little bugger.
Damn it Verizon, release the Galaxy Nexus so I can switch to you!
Posted on Dec 01, 2011 | 1:51 PM EST reply Recommend Flag actions
I have a rooted stock LG Optimus S on sprint and CIQ is deff installed!
Posted on Dec 01, 2011 | 9:02 AM EST reply Recommend Flag actions
I have a rooted stock LG Optimus V on Virgin Mobile (owned by Sprint), and CIQ is NOT installed. Interesting.
Posted on Dec 01, 2011 | 11:04 AM EST reply Recommend Flag actions
Clean bill of health here. Droid X, running CM7.
http://twitpic.com/7ml54d
Posted on Dec 01, 2011 | 9:08 AM EST reply Recommend Flag actions
That dude has some balls to sell a fix to what he declares to be a rootkit with personal privacy implications. If he were truly a “researcher” and concerned about the issue he would offer the fix gratis. Poor form.
Posted on Dec 01, 2011 | 9:31 AM EST reply Recommend Flag actions
he did fix it for free…
then he said “hey im making this fix for free, can you help support me in my endeavor?”
i dont find that unreasonable.
Posted on Dec 01, 2011 | 9:51 AM EST reply Recommend (10) Flag actions
I love doing work without getting paid for it.
yeah right.
I guess I’m just a greedy, selfish capitalist, but if I were to put a large amount of time (or hell any amount of time) into a project, I wouldn’t mind getting compensated for it. Wanting to have something to show for all the time it took away from my family, personal life, and normal job isn’t bad form, it’s human.
I think the most important fact here, the fact that you are not picking up on, is that the basic fix was free, and there was an option to buy a paid version of his fix, that had a few additional features.
Posted on Dec 01, 2011 | 10:15 AM EST reply Recommend (6) Flag actions
The free version gives you a list of files to remove. If you’re lazy, then buy the version that auto removes the files for you.
I see this more of a fuck the lazy people move, which I am in approve of.
Posted on Dec 01, 2011 | 10:54 AM EST reply Recommend (3) Flag actions
..but it’s ok for Mcaffee, AVG, Norton, etc to do the same.
The guy put in the work, he has a right to be paid for it. If you disagree, you are welcome to fix it yourself.
Posted on Dec 01, 2011 | 10:37 AM EST reply Recommend (4) Flag actions
Which, by the way, he also outlines how to do for free…
Posted on Dec 01, 2011 | 12:12 PM EST reply Recommend (1) Flag actions
If you want to compare this to other privacy protection and root-kit removal software companies, how is this model any different? He offers a free basic fix that points out the problem and tells you how to remove it, and offers a feature enhanced donation version. Isn’t this the exact model that all of these security companies use à la Malware Bytes, Avast, Ad-Aware, AVG? Should his time not get rewarded at least voluntarily?
Posted on Dec 01, 2011 | 11:14 AM EST reply Recommend Flag actions
No CIQ on my HTC Droid Incredible (Stock w/2.3.4), at least according to his app.
Posted on Dec 01, 2011 | 10:28 AM EST reply Recommend Flag actions
I smell congressional investigation and several class action lawsuits against Carrier IQ, OEMS and especially against the carriers that made the OEMs put Carrier IQ into the phones. This seems like illegal spying/surveillance to me, regardless of what they are using the data for. So now if you want a clean phone you have to root it and put a custom ROM in it that doesn’t include a kernel that has been tampered with?
Everyone should start contacting their congressman and their carrier to ensure that Carrier IQ or any similar software is not installed on their phone without their express permission and that users have the option to opt out and uninstall it.
Do we have any enterprising DA’s out there looking to make a name for themselves?
Posted on Dec 01, 2011 | 10:36 AM EST reply Recommend (1) Flag actions
i’m willing to bet that the carriers were not complicit in the key-logging and this is as much a shock to them as the rest of us—actually, considering my disdain for american carriers, this is probably less of a shock to me. carrierIQ is basically an enterprise software company. their product is better analytics for the carriers without the expense of a roll your own solution. it’s basic economics, specialization and the gains from trade. carrierIQ is going to get thrown under the bus.
as for iOS devices, i’m guessing the conversation went something like this:
[note that carrier is a pseudonym for our beloved at&t. and since apple doesn’t like to ship and maintain several versions of their phones and operating systems, the agentIQ comes in as a .plist to be enabled by the carrier with the option to be disabled by the user.]
Posted on Dec 01, 2011 | 11:14 AM EST reply Recommend (1) Flag actions
I’m not sure I agree with this (I don’t trust the government any more than I do a corporation). However, all companies involved (carriers, OEMs, etc) had better be figuring out their PR response to this. It’s starting to look really ugly, and it’s picking up steam (thanks to Verge and others), and it’d be a REALLY bad time to get caught with no plan of response. I can even help:
Good PR response: Due to recently uncovered events, we have suspended all further contracts with the company Carrier IQ until we can further identify their data collection methods.
Bad PR response: No response.
Worst PR response: We do not feel that this information is in violation of customers and will continue business as usual with Carrier IQ.
Posted on Dec 01, 2011 | 12:17 PM EST reply Recommend Flag actions
I went back to stock on my Vibrant (definitely no CIQ on Trigger ROM) and it’s not on the stock ROM either.
Posted on Dec 01, 2011 | 10:37 AM EST reply Recommend Flag actions
Rooted HTC EVO 3d with IQ Agent service running. I tried to stop the process, but it automatically restarts immediately. I have loved Sprint for over 10 years but this is BS.
Posted on Dec 01, 2011 | 10:38 AM EST reply Recommend (1) Flag actions
My rooted G2 running stock OS came up clear.
Posted on Dec 01, 2011 | 10:48 AM EST reply Recommend Flag actions
My G2 is also Clean with Stock 2.3.4
Posted on Dec 01, 2011 | 11:06 AM EST reply Recommend Flag actions
My HTC EVO 3D rooted with CleanRom comes up…..clean
Posted on Dec 01, 2011 | 11:22 AM EST reply Recommend Flag actions
HTC Desire HD (Orange UK) came up clean.
Running Gingerbread (2.3.3)
Posted on Dec 01, 2011 | 11:50 AM EST reply Recommend Flag actions
Well…most of it went over my head but everything came up clean except for some HTC report log file: /system/bin/htc_eblogd.
Running HTC Incredible S Gingerbread 2.3.3 on Virgin Canada.
Posted on Dec 01, 2011 | 1:32 PM EST reply Recommend Flag actions
RESULTS: Virgin Mobile / Optimus V came up clean.
Posted on Dec 01, 2011 | 4:12 PM EST reply Recommend Flag actions
hi got a samsung galaxy s2 im from the uk tried to download this app but says fail as not supported by my phone , i have got the pro app but will not let me update, can anyone help please. many thanks
Posted on Dec 02, 2011 | 6:27 AM EST reply Recommend Flag actions
help anyone, what am i doing wrong???
Posted on Dec 02, 2011 | 7:09 AM EST reply Recommend Flag actions
tried to download attachments.xda-developers.com on my samsung galaxy s2 gigerbread 2.3.4
after buying the pro on the android market , it says cannot download content is not supported on this phone..
Posted on Dec 02, 2011 | 7:15 AM EST reply Recommend Flag actions
I just a message from Josh saying I was picking on Fandroids.
Posted on Dec 03, 2011 | 10:37 PM EST reply Recommend Flag actions
I’ve already tested my DROID Incredible with the Voodoo version of the app from the update but what about this other “Lookout Labs” app? Is one more respected/fewer false positives? The Lookout Labs version of the detector is here:
https://market.android.com/details?id=com.lookout.carrieriqdetector
Posted on Dec 05, 2011 | 9:54 PM EST reply Recommend Flag actions
Something to say? Choose one of these options to log in.