Author Topic: HTC Sneaks Spying App into Android 2.3.4 Phones  (Read 2495 times)

Offline miDnIghtEr20C

  • The Founder
  • Administrator
  • Showtime Padawan(The force is strong in this one)
  • *****
  • Posts: 21655
  • Showtime Karma: 680
  • Gender: Male
    • Follow Showtime for Free on Twitter!
HTC Sneaks Spying App into Android 2.3.4 Phones
« on: September 03, 2011, 08:32:16 AM »
Pocket found this one... i'm at a loss for words.   i don't know what to say... damn.  :(

Looks like HTC has quietly slipped its users a spying app that tracks an alarming amount of user behavior and sends that data off to itself and perhaps others via a mysterious service in the cloud. The snooping app came nestled with the 2.3.4 Android update pushed out to some of its smartphones such as the Sensation 4G and EVO 4G.

TrevE and Team Synergy of the InfectedROM site (and XDA fame), discovered the app. HTC includes an application called Carrier IQ and Carrier IQ recently added a user-behavior logging feature called IQ Insight Experience Manager.

According to the Carrier IQ website: "IQ Insight Experience Manager uses data directly from the mobile phone itself to give a precise view of how users interact with both their phones and the services delivered through them, even if the phone is not communicating with the network. ... Identify exactly how your customers interact with services and which ones they use. See which content they consume, even offline."

But wait there's more. Turns out that after HTC collects these stats, CIQ isn't the only app with access to them. TrevE writes:

"CIQ is meant to monitor user activity and send logs off to wherever. Shortly after seeing this, team synergy went to work finding out exactly what was being done. ... Come to find out, CIQ is not the only part of android responsible for sending these stats. They get written out by framework to 4 major locations."

The four locations are ...

1- /data/system/appusagestats: Hosts a file that seems to collect every Android intent used on the phone. An intent is abstract description of an operation to be performed and is used, for instance, to launch activities. An intent is used to dial the phone, display the contact information and so on.

2- /data/system/usagestats - Team Synergy concluded that these are Google usage stats collecting much the same data as appusagestats and possibly sending this data somewhere else.

3- /data/system/userbehavior.db -- This looked to hold the IP address where the data is sent. They discovered two IP addresses in their phone going to Amazon cloud services.

4- /data/system/dropbox -- TrevE writes, "Now this is interesting, there were over 500 files in this directory. When we deleted everything in this folder and opened market, logcat reported errors looking for these files. Why is the market looking for these files on start?"

Do HTC users have the right to complain -- or even opt out of this snooping behavior? Apparently, not if the HTC license agreement is to be believed, points out Chris Chavez, on the Phandroid site.

He notes that users apparently are required to agree. Look at Settings > About Phone > Legal > HTC Legal and you'll find that HTC tells you it is collecting information. Each device has been allocated with "one or more unique identification numbers," the agreement says, It later adds: "HTC might share non-personal, aggregated information with selected third parties. However such information will not identify you personally." The privacy statement goes on like that for quite a few paragraphs, on the one hand explaining that it is gathering information, and that it reserves the right to share it, but  promising that the data won't be personally identifiable.

Now the good folks at Team Synergy have, of course, managed to kill off the app and remove it from the framework locations and have provided this code on a ROM. Unfortunately, ROM flashing and fiddling with system apps requires root access. And more unfortunately, as soon as you root your phone, the snooping app will know and could tell HTC, voiding your phone warranty.

Offline Pakman3000

  • Founding Father
  • Showtime's in your blood.
  • ***
  • Posts: 684
  • Showtime Karma: 406
Re: HTC Sneaks Spying App into Android 2.3.4 Phones
« Reply #1 on: September 03, 2011, 08:45:16 AM »
More reason for me to move to Samsung for my next phone(Samsung Note :loco:). This shit and their cameras suck, but I love HTC Sense interface. Too bad.

Offline Szabada

  • 2011 Co-Member of the Year
  • Showtime for Free Hero
  • ******
  • Posts: 4899
  • Showtime Karma: 569
Re: HTC Sneaks Spying App into Android 2.3.4 Phones
« Reply #2 on: September 03, 2011, 11:21:20 AM »
Oh NOooooo!  While I don't agree with this kind of action being taken by a company or whatever.  It's not really all that bad.  As long as they're not taking personal information or anything like that its no big deal to me.  We don't live in caves anymore.  Everything is out there for everyone to take, unless you're super paranoid (and live in a cave).