More about CIQ and HTC including a rather massive exploit with permissions

Monday, 03 October 2011 10:30

b_500_274_16777215_0___images_stories_news_CIQ_CIQ-Android.jpg

Back in the beginning of September our hardware nut, Shamus, wrote about CIQ services and how HTC is using them to watch everything you do and collect that data. Well XDA has done further digging into this and found even more information on what CIQ and HTC are doing.

Mostly affecting newer HTC devices such as the Sensation and Evo 3D, HTC has included services from CIQ which, in a short and dirty explanation, essentially monitors your activity on your phone. CIQ stands for Carrier Intelligence Quotient and has been used by many carriers and manufacturers for quite some time now. Recent updated to this tool, however, cross a line with privacy and security on your Android device and HTC has all of these implemented.

CIQ accesses:

  • Screen presses and coordinates of where
  • Application usage and how much time is spent in each app
  • GPS location periodically and current when requested
  • Accelerometer usage, including current orientation of handset along with use of the --
  • Magnetometer (digital compass).
  • Both front facing and rear facing cameras with latest update.

 

HTC officially came out once all of this started to drop into the public domain's knowledge stating that these services can be opted out of and once you opt out, HTC wouldn't be able to collect any information. Well a member over at XDA has not only proven that you can't opt out of this by conventional means, but that these apps also making a gaping hole in security through the use of the android.permission.INTERNET permission with any installed app that has this permission enabled.

HTCLogger allows any app that has access to android.permission.INTERNET on devices such as the evo3d to obtain full access to query sensitive info such as network/appusagestats/meid/esn/phone#/past 10 location broadcasts and last known locations/and more.

While HTC having access to all of this information from your device is bad enough, with the use of the android.permission.INTERNET by another app, it can easily be intercepted and sent anywhere to anyone else which could possibly lead to your device being fully cloned or worse if the person intercepting all of this information knows what they are doing. We are even working on a proof-of-concept with some security people about how else this could be used in order to show companies like HTC the dangers of having this sort of service on a device.

Currently the only way to remove CIQ from your Android device is to fully root it. Unfortunately there is no known way for unrooted users to remove CIQ. If you are worried about if you are vulnerable or not, you can use a niftly little app to check to see if you are. For those of you who do use rooted devices, there are instructions for removal over on this XDA Thread should you feel like not being completely spied on by HTC.

You can check all of this out in action in the video above.

Website Referenced: XDA

blog comments powered by Disqus
Tags: Utility Development Devices Hardware

Andrew Huff

Andrew Huff, otherwise known as ExtremeT on this site, is the Founder and Chief Editor here at DroidGamers. When not writing and editing articles on DG, testing games, new Android devices, playing lots of video games in general and geeking out on general mobile gadget news, you can find him spending time with his wife and 2yr old son.

Follow Us and Tips!



DroidGamers App

Newest Tweet

droidgamers: Dont forget to enter our Week 3 Asus Transformer Pad Tegra 3 #gaming package giveaway. Last one! http://t.co/iBPlwypx #android

More Stories

Week 2 Giveaway: Enter for a chance to win an Asus Transformer Pad gaming pack
To continue on with the celebration of Tegra Zone's first birthday, we have another Asus Transformer Pad (TF300) gaming package to giveaway. This package is exactly like the first week's package and this giveaway will pretty
Read More 4626 Hits
EA unleashes Mass Effect Infiltrator onto the Google Play store
From the makers of Dead Space comes the new Mass Effect game for Android that we have been talking about for the last little while. EA has just released Mass Effects Infiltrator onto the Google Play store which is not only a
Read More 3618 Hits
World of Midgard MMORPG third beta updated once again, now includes music
The World of Midgard third beta, which is a public beta, has been updated once again and a new download is now available. Officially named Faction Wars, the third beta has been updated on a fairly regular basis, almost every
Read More 2822 Hits
Pitbull Studios working with Epic on Unreal Engine 4 and an UE4 game
While a lot of gaming media may not have heard about Pitbull Studio, a game development company in Britain that specializes in getting hired out for specific projects, anyone who owns a Tegra-based Android device should be
Read More 2668 Hits
Samsung Galaxy S III pre-orders now live on Amazon in Blue and White
It looks like the pre-orders for Samsung's newest high-end Android phone, the Galaxy S III, has jumped the borders of the UK and are now available for U.S. residents to pre-order. Both the white and blue models are up on
Read More 2471 Hits

Latest Video

Monster Shooter Gameplay Trailer
Monster Shooter Gameplay Trailer
11-27-2011
Hits 4207
Joomla Templates and Joomla Extensions by ZooTemplate.Com

Announcements

Login

Podcast

DG Staff

Andrew Huff (ExtremeT)
Founder/Chief Editor

Kimberly Huff (MamaDroid)
Co-Founder/Editor

Reddragon72
Contributor/Gameloft Nut

Shamus Locke
News Hound/Hardware

Chris Summerfield
Game Reviewer

Jason Stengren
Game Reviewer

William Smith
Interviewer/Game Reviewer

Tom Grace
Game Reviewer

Josh Andrews
Columnist/Game Reviewer

Charan Singh
Columnist/Rom Dev

Top 5 Commenters

Login Form