• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

(Carrier IQ) Security Vulnerability Found on Bionic - IMPORTANT

R

Reverence

Android Enthusiast
After all the latest news about the rootkit that is allowing apps to bypass requests and can track what you're doing on the phone, I have found that particular app on our Bionics.

First, read this article:
Are Carriers Illegally Tapping your Android Phone? | Hello Android

Next, go to settings, applications, manage applications, all applications tab, and look for the Fake Blur app. I am rooted and rommed and noticed that I still have this app. Is it something that we should be worried about? Has anyone tried uninstalling it and seeing if the phone still works without it?
 
I was just reading about this as well.

Interestingly enough, the reason you found it on your phone is because it is on all BIONICs (or, quite possibly, all BIONICs that have been updated using the leaked update(s) - not quite sure which one yet. For one, this paragraph from their reply to the snooping allegations on their website says so:

Carrier IQ delivers Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers. We do this by counting and measuring operational information in mobile devices – feature phones, smartphones and tablets. This information is used by our customers as a mission critical tool to improve the quality of the network, understand device issues and ultimately improve the user experience. Our software is embedded by device manufacturers along with other diagnostic tools and software prior to shipment.
Click to expand...

Secondly, I looked up their apps in the market place: Carrier IQ Apps - Market Search

I have none of those apps installed - and yet I have Fake BLUR on my BIONIC.
 
I'm running a 7.893 based ROM and I have it installed. I tried freezing it with TiBu and that doesn't appear to have done anything. Even after restarting, if I look at it in the applications menu it still looks as though its running and force stop does nothing.

Gonna make a quick nandroid backup and try uninstalling it.
 
Awesome, I'll wait for your report.

Also, copy it somewhere so you can put it back, just in case this is one of those "must be installed or the update will not install" apps. I doubt it, and after all this flak, I'm betting that the OTA actually removes it, but, who knows?
 
I can confirm that that app has been there since Day 1. Reason I know that is because the first thing I did after root was go thru and freeze all the apps I thought was bloat and that was one of the ones I was staring at since the name stood out. This was before we got our first taste of a rom.
 
Discussion over at Moto Users Forums: https://supportforums.motorola.com/thread/62843?tstart=0

Talk is to use Any Cut - Market Link to search for the processes to see if this is actually doing any sort of reporting.

The thing is, this would b a great way for Moto to know which of us have what leaked updates, that I have Cheesecake installed and regularly troll their dev servers, etc.

I'm not happy any more. I am about to start clamoring for an unlocked bootloader as compensation for this being on my phone....

I smell a class action lawsuit here that should have very favorable chances of winning its case - my only demand is the unlocked bootloader, but I definitely will not say no to cash. And I'm not making a smiley face b/c I'm dead serious.
 
Quick links to interesting posts in that thread (it's growing fast):

https://supportforums.motorola.com/message/517143#517143 - a voice of reason post

https://supportforums.motorola.com/message/517135#517135 - use any Cut to monitor it

https://supportforums.motorola.com/message/517207#517207 - more Any Cut info

https://supportforums.motorola.com/message/517255#517255 - says that Contacts Sync and Contacts Data are same icon as fakeblur

https://supportforums.motorola.com/message/517445#517445 - says VZW does not use Carrier IQ (so why is fakeblur on there?)

https://supportforums.motorola.com/message/517418#517418 - refers to an article right here on Phandroid lol (I'll link it in a second)

Carrier IQ Withdraws Cease & Desist Order against Developer

Just In Case You Wanted to See What It Looks Like When Carrier IQ is Doing Its Thing [Video]

Nexus Devices, Original XOOM Escape the Grips of Carrier IQ

https://supportforums.motorola.com/message/517505#517505 - another voice of reason post - running the outlined tests shows no evidence

Read through pages 3 and 4 for specifics.
 
And the irony:

From the Carrier IQ press statement after withdrawing the C&D letter to Trevor:

Here’s what our software does:

- Our software makes your phone work better by identifying dropped calls and poor service.

- Our software identifies problems that impede a phone’s battery life.

- Our software makes customer service quicker, more accurate, and more efficient.

- Our software helps quickly identify trending problems to help mobile networks prevent them from becoming more widespread.
Click to expand...

Now, I don't know about you, but it seems to me that, if this software is legitimate, and it does, in fact, do what they say it does, isn't this almost as if Motorola was expecting these sorts of problems on our phones? :p

Let's see if that helps stoke the fires any....
 
Well I uninstalled and rebooted. No FCs or anything. To be honest this all seems like a lot of speculation. That logo looks nothing carrier IQ's logo. It definitely has a rather dubious name and some clarification as to what it does would be nice.
 
Lol - I've been researching in a different manner - though the Moto Users' Forum posts.

It's now being touted as basically non existent....
 
johnlgalt said:
And the irony:

From the Carrier IQ press statement after withdrawing the C&D letter to Trevor:



Now, I don't know about you, but it seems to me that, if this software is legitimate, and it does, in fact, do what they say it does, isn't this almost as if Motorola was expecting these sorts of problems on our phones? :p

Let's see if that helps stoke the fires any....
Click to expand...

Well it makes sense for the major manufacturers to outsource something like that to a single company rather than all of them trying to each seperately diagnose what could be similar issues across different networks and hardware.
 
Lol - yeah, bu I was being facetious, b/c the first 2 issues are 2 of the top 3 issues reported by current BIONIC users...
 
Now if I don't notice any issues with this thing being removed I wonder what it actually does. They should really give some sort of brief description of what all these services do. Then I can just remove the ones that say "invades your privacy without your consent".
 
If you read through the Moto Users Forum post, in particular pages 3 and 4, you'll see it's basically Much Ado About Nothing.

There are also reports of VZW not using Carrier IQ anyway. Which means someone needs to go digging to find what they do use....
 
Yeah... that's what I'm saying lol. If this thing does actually perform some behind the scenes stuff that I need and uninstalling it is going to slowly and subtly screw up my phone I would like to know.
 
been hearing a lot about whatever this is the past few days. Anyone no what it is? I read that it tracks what you do on your phone down to actual keystrokes. Is there a way to get rid of it? I use my phone to access personal bank accounts and other sensitive stuff. I dont see any need to allow some company to collect that data.....
 
I also edited the title to add Carrier IQ to it so that people will see the thread and respond in it instead of making new posts.
 
you can go ahead and delete my post as well as this one. I noticed the other thread after I made the Carrier IQ post...didnt mean to be redundant
 
So how is the Fakeblur app associated with Carrier IQ? Or is that just a guess because no one knows what Fakeblur does?
 
I have no idea what Fakeblur does, but VZW tweeted that they do not use Carrier IQ software on their handsets. This is contrary to the finding that someone posted above after finding IQAgent on a Moto handset (VZW I assume).

The semantics of the tweet leave room for something similar to be used in place of Carrier IQ.

I agree that they should be mandated to unlock the bootloaders and let us remove the crapware they load onto the handsets.


RMD
 
You must log in or register to reply here.
Back
Top Bottom