My hero seems to be a bit slower than usual. I stared up astro file manager and used their process tool to show that com.smithmicro.DM is running at around 70%. Why would this process be using so much CPU and is there any way to alleviate the cpu processing being done?
what does com.smithmicro.DM do anyways? I mean, if it's nothing too important, you could always remove it.
i dont know, but i thought i read this was to be on the ignore list as it manages the data between your phone and your SD card.
I pulled the battery on my phone, and so far it looks a bit better.
it's causing my update PRL/Profile to crash and cause weird bugs (i.e. PRL showing 26762 or something random until a profile update/crash).
damage r3
mrinehart93 said:
what does com.smithmicro.DM do anyways? I mean, if it's nothing too important, you could always remove it.
Click to expand...
Click to collapse
Here is some info you may want to read.
The DM Suite makes it easy for you to:
Activate, configure, and provision new devices for consumers and enterprises
Manage mobile applications
Secure devices and sensitive data
Personalize the customer experience
Diagnose problems
Update firmware
Offer a customer self-care web portal
Control device capabilities
Manage GSM and WiMAX devices
Automate custom device activation workflows
Extend Mobile Device Management (MDM) with web services
animal7296 said:
Here is some info you may want to read.
The DM Suite makes it easy for you to:
Activate, configure, and provision new devices for consumers and enterprises
Manage mobile applications
Secure devices and sensitive data
Personalize the customer experience
Diagnose problems
Update firmware
Offer a customer self-care web portal
Control device capabilities
Manage GSM and WiMAX devices
Automate custom device activation workflows
Extend Mobile Device Management (MDM) with web services
Click to expand...
Click to collapse
hope i dont get slammed, bump!
this description was the best ive seen!
what is the name of the actual .apk file? did anybody try removing this apk? did it have any adverse effects?
thanks!
From the sound of this info, it seems that the app probably isn't totally necessary. App name coming soon. Do a nandroid, remove the apk, and reboot. If nothing is wrong, then we know we can remove it safely. Do some testing, like download a file from the internet to your SD card. That would be the only thing that concerns me about this app. App name coming soon, again.
what does com.smithmicro.DM do anyways? I mean, if it's nothing too important, you could always remove it.
Click to expand...
Click to collapse
Here is some info you may want to read.
The DM Suite makes it easy for you to:
Activate, configure, and provision new devices for consumers and enterprises
Manage mobile applications
Secure devices and sensitive data
Personalize the customer experience
Diagnose problems
Update firmware
Offer a customer self-care web portal
Control device capabilities
Manage GSM and WiMAX devices
Automate custom device activation workflows
Extend Mobile Device Management (MDM) with web services
Click to expand...
Click to collapse
-------------------------------------
Sent via the XDA Tapatalk App
Try dmservice.apk
I wouldn't remove the dmportread.apk
-------------------------------------
Sent via the XDA Tapatalk App
I guess no one experimented with this?
Shouldn't there be a process website that describes what these processes do?
If you kill the process "com.smithmicro.DM" you will no longer receive over the air firmwear updates. The "DM" stands for device management, and I know for a fact that HTC uses smith micro for their FOTA updating.
Related
Hello everyone. I am coming from windows mobile which I have been using since 2003. I really like Android but I had a few questions and concerns.
1. I realized that apps have access to personal data and are able to access internet and dial. Should I be concerned? How can I be assured that an app developer is not after my bank info and such?
2. Why are so many apps running in the background when I haven't opened them?
I am already using advanced task killer but when i look at the apps running there's a full list even tho I didn't open them.
3. Is there a file explorer on android?
Any tips and tricks would be appreciated.
sammyluva said:
Hello everyone. I am coming from windows mobile which I have been using since 2003. I really like Android but I had a few questions and concerns.
1. I realized that apps have access to personal data and are able to access internet and dial. Should I be concerned? How can I be assured that an app developer is not after my bank info and such?
Google confirms identities of developers. Use your best judgement. Is it possible? Yes. If an app has been out for a while and has lots of high ratings then I'm inclined to trust the developer. If Google does discover malicious software in their market they have tools to remotely remove such apps from everyones phone, kinda creepy but it's there for a good reason and it's all part of the decision you make about whether to trust the platform and the community that surrounds it.
2. Why are so many apps running in the background when I haven't opened them?
I am already using advanced task killer but when i look at the apps running there's a full list even tho I didn't open them.
That's the HTC/Sprint way. Get an app called Autostarts. You will be amazed at what runs automatically and autostarts will allow you to decide what runs and when.
3. Is there a file explorer on android?
Yes. One is not included in the stock rom but they are easy enough to find.
There are Terminal Emulators which equate to cmd in win, and there are file explorers too. Root Explorer is my personal favorite.
Any tips and tricks would be appreciated.
Click to expand...
Click to collapse
elevenchars
nebenezer said:
elevenchars
Click to expand...
Click to collapse
What do u mean?
Sent from my PC36100 using XDA App
sammyluva said:
What do u mean?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
search "10chars"
Text in quotes doesn't count...
1. Just use common sense like was said.
2. If you use the main apps that came with the phone you are fine. It can be apps you download that run in the background that hurt the battery life.
3. Astro file manager is by far my favorite app.
sammyluva said:
1. I realized that apps have access to personal data and are able to access internet and dial. Should I be concerned? How can I be assured that an app developer is not after my bank info and such?
Click to expand...
Click to collapse
How did you prevent apps on WM from accessing this info? Answer..you didn't, the fact is that WM programs are even more scary because they don't even tell you what they are accessing.
sammyluva said:
2. Why are so many apps running in the background when I haven't opened them?
I am already using advanced task killer but when i look at the apps running there's a full list even tho I didn't open them.
Click to expand...
Click to collapse
Same answer as why are so many services running on your desktop when you have no programs running. Operating systems have all kinds of services running beside the app you are watching.
sammyluva said:
3. Is there a file explorer on android?
Click to expand...
Click to collapse
Uh...did you check the program icons?
1.) As stated, doesn't hurt to check the number of DLs an App has or checking through some of the comments. Can find out if an App is giving a specific phone issues too ... thus saving you time from bothering to check it out. Trust it or don't check it out. Understandable why some people would see that and wonder ... but then again your info is already out there ...
2.) They just do. Even some **** that might not make sense, it just does for it's own reasons. Task killing can be good and bad. Or just good. Or just bad. Depending on who you ask so think on it before you decide to start murdering Apps or leaving em running.
3.) Astro File Manager is "what's up" but there are others. But that 1 is legit though.
Thanks for all those that replied but I didn't really get a satisfying answer to the first 2 questions. It seems like some of the people on here are just confused as well but are defending android in thinking that I am against the operating system. As I said in my original post I like the OS but i had some concerns that i wanted to learn more about.
Ramiss, you asked how I knew what info WM accessed? You are right they don't disclose accessing any data which means to me they are not. If they did and I found out then I could take them to court but when a company discloses that they are accessing your personal data and you agree to it then you have no say in how that info is used since you gave them permission. Also I never had an app running that I didn't open or give it permission to run in the background during my years with WM.
I have the evo since Friday and I've downloaded a couple of apps where I saw the disclosure of the kind of access these apps have and I was just thinking whats the point of having the apps if you have to worry abt it accessing important info. Then I got an email from Marketplace telling me the activities of my friends on facebook marketplace. The email went further to tell me some of the activities of my friend's friends. The point is its accessing personal data I didn't give it access to, which is scary.
I came on here to ask the people that know the OS better but it seems like there are some confused people on here. So I did a little research and found the article below which basically concurs that there is a problem with apps on android accessing personal data.
http://www.computerworld.com/s/arti...apps_pose_privacy_threat_says_security_vendor
So my question is, are there preventive ways to protect against apps using personal data? Of course other than abstaining from downloading apps. Like an app that would block access to personal data or tell a person what each app accessed and did with it. Please if you can not give an educated answer then don't reply. Thanks.
sammyluva said:
Ramiss, you asked how I knew what info WM accessed? You are right they don't disclose accessing any data which means to me they are not. If they did and I found out then I could take them to court but when a company discloses that they are accessing your personal data and you agree to it then you have no say in how that info is used since you gave them permission. Also I never had an app running that I didn't open or give it permission to run in the background during my years with WM.
So my question is, are there preventive ways to protect against apps using personal data? Of course other than abstaining from downloading apps. Like an app that would block access to personal data or tell a person what each app accessed and did with it. Please if you can not give an educated answer then don't reply. Thanks.
Click to expand...
Click to collapse
Actually my point was that Windows Mobile programs could easily access personal information, you just weren't aware of it. For example, try downloading a windows mobile program that handles your contacts (Pocket Informant comes to mind). Does the OS give you a warning that this new program will access your contacts? Not as far as I can remember! Whereas Android apps must disclose what they access, that is a rule from Google.
The way to protect an app from not accessing something is to not use it. This is the reason the access list is disclosed - so you have a choice not to continue.
As others have said you need to make your own decision based on the popularity of the app, the comments made and perhaps a quick Google search. Trust me, if an app is malicious there is a good chance you would know about it by reading the comments.
Edit: The end of that article you posted gives you the answer:
Android's security model requires that applications declare the permissions they will be using prior to installation by the user. An informed user can use these declarations to decide if they want to install an application or not, according to SMobile. However, the fact remains that there is no means available for a user to know for sure that the application they just downloaded is doing only what the user sees it doing, it said.
Click to expand...
Click to collapse
We have all seen this CIQ information in SFR thread and repeated all over the internet on various forums and blog sites.
Code:
What Is Carrier IQ? Why Should We Care?
3/31/2011: Hello, Slashdotters!
Put simply - and bluntly - Carrier IQ is a software package buried deep within Android by Samsung at the behest of Sprint. It has been in active use since the time of the Moment, if not before. The company that develops it, also known as Carrier IQ, bills it as "Mobile Service Intelligence". In their own words,
[T]he combination of the MSIP and IQ Insight lets you move seamlessly from broad trend data across many users, through comparative groups down to diagnostic data from individual devices. Now, not only can you identify trends, you have the power to drill down to specific instances, giving you the insight your specialists need to make a difference.
On its own, that description can vary from harmless, to worrying, depending on how you look at it. It's not until one drills deep down into the system and ferrets out every piece of the software that one truly knows what it contains. As some of you might remember, ACS took the first steps toward disabling the Carrier IQ software with the release of SyndicateROM and Xtreme Kernel 1.0. That, however, didn't even scratch the surface.
Carrier IQ's native libraries are plainly visible - libiq_client.so and libiq_service.so in /system/lib. During every boot, this service is launched - you can see it in Settings > Applications > Running Services as "IQAgent Service". These native libraries are called by non-native (Android application) libraries located in ext.jar (the client) and framework.jar (the service). Removal of these (rather obviously-named) libraries alone, be it the .so files or the libraries in framework or ext, will, obviously, break boot. So I - k0nane - had to dig deeper. To make a long story short, reference to the IQ Service and IQ Client were littered across the deepest portions of the framework, and some of the most basic functions of the Android system as we know it.
Carrier IQ as a platform is designed to collect "metrics" at any scale. What I found it to hook into is far beyond the scope of anything a carrier needs - or should want - to be collecting. Carrier IQ sits in the middle of, and "checks" the data of, SMS and MMS messages. It listens for and receives every battery change notifications. It hooks into every web page you view, and every XML file your device reads. It receives every press of the touch screen. It 'sees' what you type on the physical keyboard. It reads every number you press in the dialer. It can track which applications you use, what 'type' they are, how often, and for how long. It hooks into data sent and received.
.................
What I am asking in this thread is for any specific information about CIQ that Dev's who have worked with it are willing to provide from their personal experience with investigating and removing it. I am also asking Dev's and Forum Members who have come across other articles, threads in other forums, etc, to please provide information with links.
Code:
Provided by chris41g
to be effectively removed you only need to remove it from 4 files. it is referenced elsewhere scattered throughout... but the four main files are
DialerTabActivity.apk
ext.jar
framework.jar
services.jar
then in the kernels initramfs, you have to disable the service in the init.rc
Provided by mkasick
Here's all the files that reference "CIQ", "carrieriq", or "libiq" with instances unrelated to Carrier IQ removed:
/ (initramfs):
- init: /dev/ttyCIQ0 UART, presumably to communicate with radio.
- init.rc: Start iqmsd service if property:service.iq.active=1.
- lib/modules/dpram.ko: Implements ttyCIQ UARTs.
/system:
- app/DialerTabActivity.odex
- app/FactoryTest.odex
- bin/iqmsd
- framework/ext.odex
- framework/framework.odex
- framework/sec_feature.odex
- framework/services.odex
- lib/libiq_client.so
- lib/libiq_service.so
Of these, bin/iqmsd is a purpose-unknown daemon, and libiq_client.so & libiq_service.so the client & service native code. The client & service managed code is implemented in framework/ext.odex & framework/framework.odex respectively.
In addition, the following framework classes reference Carrier IQ in some fashion:
framework/ext.odex:
- org.apache.http.impl.client.DefaultRequestDirector
framework.framework.odex:
- android.inputmethodservice.InputMethodService
- android.net.http.Request
- android.webkit.{BrowserFrame,CallbackProxy,LoadLis tener,WebViewCore}
- com.android.internal.telephony.SMSDispatcher
framework.services.odex:
- com.android.server.BatteryService
- com.android.server.WindowManagerService
- com.android.server.am.UsageStatsService
Finally, libiq_service.so is used exclusively by framework/framework.odex (com.carrieriq.iqagent.client.NativeClient), and libiq_client.so is used by:
- bin/iqmsd
- framework/ext.odex (com.carrieriq.iqagent.service.IQService)
- lib/libopencore_player.so
I am seeking facts, file names, files, information on CIQ in the framework, specifically what files CIQ hooks into, etc. Thank you for taking the time to read this.
I received a response yesterday (June 15, 2011) from a group that has disassembled IQAgent & CarrierIQ.
in response to questions about CIQ's capabilities.
We have actually disassembled IQAgent/carrierIQ and captured its behavior to find exactly what it is sending back to sprint on the samsung optimus phone. The information we found it to collect was basic, such as cell towers, signal strengths, device battery. Nothing alarming on that phone, but Sprint could send a remote update to enable the surveillance features without the owner being aware.
Click to expand...
Click to collapse
Now while the above statement is about the Optimus, I was able to confirm through another source that IQAgent & CarrierIQ collection and transmission capabilities are set the same across all Sprint Android offerings.
During a telephone call with Sprint and in a follow up email Sprint responded to requests for information on Carrier IQ, who was responsible for the installation on Sprint's hardware and asked to directly address concerns over its potentially invasive nature.
the software that is in the Android phones is supplied by Google themselves as well as the manufacturer. We
(Sprint) has no control over the actual operating system supplied to us such as the Carrier IQ as it is indigenous to the Android platform.
Click to expand...
Click to collapse
Off the record, Google has denied this referencing that the Nexus S did not have CIQ installed on it because they would not let carriers install such software on their native Android devices.
In the same conversation and follow up email Sprint stated;
removing the Carrier IQ software from your Samsung Epic device can void your manufacturer warranty.
Click to expand...
Click to collapse
The representative was questioned on Sprint's use of the word "can" but could not elaborate on under what circumstances removal of CIQ would not void the warranty.
Update July 5, 2011
Sprint still refuses to address the concerns over Carrier IQ's potentially invasive nature. When directly questioned on if CIQ as it is installed on Sprint hardware is capable of the level of invasive data collection as previously reported by Steve Toplez, Sprint responds with complete silence.
I have since requested contact and an official response from both Sprint's compliance department and General Counsel. Once again, the silence is deafening.
Good thinking
Sweet ... but this might just start another debate ..
Lets hope it doesn't. I would really like to see this community come together and allow this information to be provided with little or no flaming, thread hijacking or warring.
Description of CarrierIQs Service
Mobile Service Intelligence
Mobile Service Intelligence is the process of analyzing data from phones to give you a uniquely powerful insight into mobile service quality and user behavior. Carrier IQ's Mobile Service Intelligence Platform (MSIP) is the smart database at the heart of our solution. It receives raw data (known as Metrics) from phones and converts them into reliable, repeatable Measures which feed into analytic applications. The MSIP delivers true enterprise grade performance, with its proven ability to process data submitted by millions of phones with outstanding integrity and security.
Get the Insight
We know you don't just want data, you want to solve business problems and identify new business opportunities. The IQ Insight application suite uses data from the MSIP to deliver true Actionable Intelligence, tailored to specific business areas. From the performance information to support the launch of a new phone or service to historical information to understand in detail customer behavior and usage patterns, the IQ Insight suite cuts through the complexity to allow you to focus on critical business issues, create and track Key Performance Indicators (KPIs) and all in the knowledge that the data is measured at the point the customer experienced it – in the phone.
What's more, the combination of the MSIP and IQ Insight lets you move seamlessly from broad trend data across many users, through comparative groups down to diagnostic data from individual devices. Now, not only can you identify trends, you have the power to drill down to specific instances, giving you the insight your specialists need to make a difference. That is the power of Mobile Service Intelligence.
Click to expand...
Click to collapse
http://www.freshnews.com/news/383257/carrier-iq-powers-android-platform-mobile-service-intelligence
twolostminds said:
Lets hope it doesn't. I would really like to see this community come together and allow this information to be provided with little or no flaming, thread hijacking or warring.
Click to expand...
Click to collapse
as info is provided, you should compile it (in an easy to read format) in the first post so others don't have to read through (potentially) pages and pages of stuff.. (you can use 'code' HTML tags to 'condense' longer text into smaller boxes I think)
Just my .02
and hopefully the community can come together and compile good/relevant info without all the drama.
http://www.carrieriq.com/overview/IQInsightServiceAnalyzer/ServiceAnalyzer.datasheet.pdf
by the way, as far as framework.. to be effectively removed you only need to remove it from 4 files. it is referenced elsewhere scattered throughout... but the four main files are
DialerTabActivity.apk
ext.jar
framework.jar
services.jar
then in the kernels initramfs, you have to disable the service in the init.rc
http://www.carrieriq.com/overview/IQInsightDeviceAnalyzer/DeviceAnalyzer.datasheet.pdf
this datasheet, makes it sound like its installed for testing the phone, then turned off and can be turned on if needed for support..
daddymikey1975 said:
as info is provided, you should compile it (in an easy to read format) in the first post so others don't have to read through (potentially) pages and pages of stuff.. (you can use 'code' HTML tags to 'condense' longer text into smaller boxes I think)
Just my .02
and hopefully the community can come together and compile good/relevant info without all the drama.
Click to expand...
Click to collapse
I will be updating the OP on a regular basis and once enough verifiable information is gathered I will be creating a Wiki-like posting.
i would think that if we are rooting and also using custom roms or taking features Sprint has built into the phone (Carrieriq) then would we not be violating the terms and conditions of service. And lets not forget that google can tell if we are rooted as we can not get movie rentals from the market. Also google and sprint are able to see what apps we have installed and if they see super user app then its a safebet we are rooted. If google wants to get rid of rooted apps they can by simply removing them from the market upon carrier request like vzw and att did for wifi tether.
chris41g said:
...
then in the kernels initramfs, you have to disable the service in the init.rc
Click to expand...
Click to collapse
sorry noob here, I'm running stock EC05, how do I remove it from init.rc?
chris41g said:
http://www.carrieriq.com/overview/IQInsightDeviceAnalyzer/DeviceAnalyzer.datasheet.pdf
this datasheet, makes it sound like its installed for testing the phone, then turned off and can be turned on if needed for support..
Click to expand...
Click to collapse
I don't know much about it but I do know it runs in the background at boot. To me, that's not "turned off."
dchawk81 said:
I don't know much about it but I do know it runs in the background at boot. To me, that's not "turned off."
Click to expand...
Click to collapse
The service is running, with logging and reporting turned off, and can (presumably) be remotely activated..
Sent from my SPH-D700 using XDA App
chris41g said:
The service is running, with logging and reporting turned off, and can (presumably) be remotely activated..
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
Right. So it's not truly off. Standby isn't off.
Since it's not off, I prefer it gone.
From what I've been able to gather from it it doesn't do much of anything. It has the potential to track stuff, but i'd bet stuff for marketing purposes and possibly troubleshooting remotely.
Everyone is all up in arms over removing it, but there or not it doesn't have any effect on your phone, or battery life.
As far as security purposes, you may as well stop using your phone all together, because thats similar to the kind of stuff google can collect from your phone at any point. Its not a big deal, its not important, and the performance gain for removing any of it is nil.
Well if it doesn't do anything at all, it doesn't need to be there.
chris41g said:
http://www.carrieriq.com/overview/IQInsightServiceAnalyzer/ServiceAnalyzer.datasheet.pdf
by the way, as far as framework.. to be effectively removed you only need to remove it from 4 files. it is referenced elsewhere scattered throughout... but the four main files are
DialerTabActivity.apk
ext.jar
framework.jar
services.jar
then in the kernels initramfs, you have to disable the service in the init.rc
Click to expand...
Click to collapse
Does anyone have a list of every file that references CIQ?
twolostminds said:
Does anyone have a list of every file that references CIQ?
Click to expand...
Click to collapse
That would be an almost impossible task, without going through the source... and even then there are likely to be closed source files too....
The list I gave you is what is edited in a nociq rom though..
Sent from my SPH-D700 using XDA App
chris41g said:
That would be an almost impossible task, without going through the source... and even then there are likely to be closed source files too....
The list I gave you is what is edited in a nociq rom though..
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
You are probably right, it would be impossible without access to both open and closed source. My goal is to put together the most complete and comprehensive information source on CIQ's implementation and capabilities as installed in Android. So any other references that have been found would be greatly appreciated.
The Vulnerability
In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, corporate evilness - it doesn't matter. If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in.
That is not the case. What Trevor found is only the tip of the iceberg - we are all still digging deeper - but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:
the list of user accounts, including email addresses and sync status for each
last known network and GPS locations and a limited previous history of locations
phone numbers from the phone log
SMS data, including phone numbers and encoded text (not sure yet if it's possible to decode it, but very likely)
system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails.
But that's not all. After looking at the huge amount of data (the log file was 3.5MB on my EVO 3D) that is vulnerable to apps exploiting this vulnerability all day, I found the following is also exposed (granted, some of which may be already available to any app via the Android APIs):
active notifications in the notification bar, including notification text
build number, bootloader version, radio version, kernel version
network info, including IP addresses
full memory info
CPU info
file system info and free space on each partition
running processes
current snapshot/stacktrace of not only every running process but every running thread
list of installed apps, including permissions used, user ids, versions, and more
system properties/variables
currently active broadcast listeners and history of past broadcasts received
currently active content providers
battery info and status, including charging/wake lock history
and more
Let me put it another way. By using only the INTERNET permission, any app can also gain at least the following:
ACCESS_COARSE_LOCATION Allows an application to access coarse (e.g., Cell-ID, WiFi) location
ACCESS_FINE_LOCATION Allows an application to access fine (e.g., GPS) location
ACCESS_LOCATION_EXTRA_COMMANDS Allows an application to access extra location provider commands
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
BATTERY_STATS Allows an application to collect battery statistics
DUMP Allows an application to retrieve state dump information from system services.
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
GET_PACKAGE_SIZE Allows an application to find out the space used by any package.
GET_TASKS Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.
READ_LOGS Allows an application to read the low-level system log files.
READ_SYNC_SETTINGS Allows applications to read the sync settings
READ_SYNC_STATS Allows applications to read the sync stats
Theoretically, it may be possible to clone a device using only a small subset of the information leaked here.
I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door. For a more technical explanation, see the section below.
Additionally, and the implications of this could end up being insignificant, yet still very suspicious, HTC also decided to add an app called androidvncserver.apk to their Android OS installations. If you're not familiar with the definition of VNC, it is basically a remote access server. On the EVO 3D, it was present from the start and updated in the latest OTA. The app doesn't get started by default, but who knows what and who can trigger it and potentially get access to your phone remotely? I'm sure we'll know soon enough - HTC, care to tell us what it's doing here?
Technical Details
In addition to Carrier IQ (CIQ) that was planted by HTC/Sprint and prompted all kinds of questions a while ago, HTC also included another app called HtcLoggers.apk. This app is capable of collecting all kinds of data, as I mentioned above, and then... provide it to anyone who asks for it by opening a local port. Yup, not just HTC, but anyone who connects to it, which happens to be any app with the INTERNET permission. Ironically, because a given app has the INTERNET permission, it can also send all the data off to a remote server, killing 2 birds with one stone permission.
In fact, HtcLogger has a whole interface which accepts a variety of commands (such as the handy :help: that shows all available commands). Oh yeah - and no login/password are required to access said interface.
Furthermore, it's worth noting that HtcLogger tries to use root to dump even more data, such as WiMax state, and may attempt to run something called htcserviced - at least this code is present in the source:
/system/xbin/su 0 /data/data/com.htc.loggers/bin/htcserviced
HtcLoggers is only one of the services that is collecting data, and we haven't even gotten to the bottom of what else it can do, let alone what the other services are capable of doing. But hey - I think you'll agree that this is already more than enough.
Patching The Vulnerability
... is not possible without either root or an update from HTC. If you do root, we recommend immediate removal of Htcloggers (you can find it at /system/app/HtcLoggers.apk).
Stay safe and don't download suspicious apps. Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower.
Affected Phones
Note: Only stock Sense firmware is affected - if you're running an AOSP-based ROM like CyanogenMod, you are safe.
EVO 4G
EVO 3D
Thunderbolt
EVO Shift 4G? (thanks, pm)
MyTouch 4G Slide? (thanks, Michael)
the upcoming Vigor? (thanks, bjn714)
some Sensations? (thanks, Nick)
View 4G? (thanks, Pat)
the upcoming Kingdom? (thanks, Pat)
most likely others - we haven't verified them yet, but you can help us by downloading the proof of concept above and running the APK
HTC's Response
After finding the vulnerability, Trevor contacted HTC on September 24th and received no real response for five business days, after which he released this information to the public (as per RF full disclosure Policy). In my experience, lighting fire under someone's ass in public makes things move a whole lot faster, which is why responsible disclosure is a norm in the security industry. (This is where we come in.)
As far as we know, HTC is now looking into the issue, but no statement has been issued yet.
HTC, you got yourself into this mess, and it's now up to you to climb out of the hole as fast as possible, in your own interest.
The ball is in your court.
Credit
ANDROID POLICE
Huge thank you to Trevor Eckhart who found the vulnerability and Justin Case for working with us today digging deeper.
Hi there, I need help, someone is consistently hacking into my phone, htc evo 4g, they are penetration testers and pc savvy, currently I cant login to the phn for trying to do a factory reset. They kept intercepting me and now my password does not work. Who knows maybe they changed it on their side. I wrote down everything I saw. I was seeing all these process running for the same app. in my applications. My phone was getting hot, freezes but its people that live in my apt complex and at work. can you help?
zzm5 said:
Hi there, I need help, someone is consistently hacking into my phone, htc evo 4g, they are penetration testers and pc savvy, currently I cant login to the phn for trying to do a factory reset. They kept intercepting me and now my password does not work. Who knows maybe they changed it on their side. I wrote down everything I saw. I was seeing all these process running for the same app. in my applications. My phone was getting hot, freezes but its people that live in my apt complex and at work. can you help?
Click to expand...
Click to collapse
Is your device rooted?
I used root explorer and removed the HtcLoggers.apk and other than the forced close loop that removing it caused (requiring me to remove the battery), after rebooting all seems to be working fine.
EDIT: Actually I didn't just delete HtcLoggers.apk but moved it to a safe location on the SD Card in case there was a problem and it needed to be restored. I highly suggest you do this instead of just deleting it, or better yet, a nandroid backup.
there are a few good ROMS out there that have the ICQ loggers removed already.
Do we really need three threads on the front page about the same thing?
http://www.ubergizmo.com/2012/09/new-naval-app-secretly-recreates-environments-from-your-phone/
The Naval Warfare Surface Center in Crane, Indiana today revealed a smartphone app that puts the capability of modern smartphones to observe areas in sharp relief and shows the power of malware to tap into those capabilities. The app, PlaceRaider, is capable of running in the background of any smartphone running Android 2.3. While running in the background, it takes photos at random while recording the orientation and location of the phone. Those photos get sent back to a central server, where they can be used to reconstruct a pretty good idea of where the phone has physically been.
Click to expand...
Click to collapse
What do you guys think?
I'm gonna do it to my every single one of my friends and creep on them.
At least with Android it will eventually be found and will be a fix or a way to prevent it, who knows what Apple is doing with iOS and even if the problem is founded, one would have to wait for Apple to patch a bug, but only if they choose to.
http://news.cnet.com/8301-13579_3-20014356-37.html
In some embodiments, an unauthorized user can be detected by comparing the identity of the current user to the identities of authorized users of the electronic device. For example, a photograph of the current user can be taken, a recording of the current user's voice can be recorded, the heartbeat of the current user can be recorded, or any combination of the above. The photograph, recording, or heartbeat can be compared, respectively, to a photograph, recording, or heartbeat of authorized users of the electronic device to determine whether they match. If they do not match, the current user can be detected as an unauthorized user.
Click to expand...
Click to collapse
The linux kernel have the iptables as firewall, if you are rooted, you can use DroidWall to manage it, not even that spying app can get any internet. Personally, I always manage which app gets internet access on my device.
eksasol said:
At least with Android it will eventually be found and will be a fix or a way to prevent it, who knows what Apple is doing with iOS and even if the problem is founded, one would have to wait for Apple to patch a bug, but only if they choose to.
http://news.cnet.com/8301-13579_3-20014356-37.html
The linux kernel have the iptables as firewall, if you are rooted, you can use DroidWall to manage it, not even that spying app can get any internet. Personally, I always manage which app gets internet access on my device.
Click to expand...
Click to collapse
Very nice tip! I downloaded DroidWall and it does exactly as you say!
Thanx!
However, with DroidWall you need to enable all the system apps and services, otherwise you'll start finding things like PlayStore not working.
If using DroidWall gets confusing LBE Security Manager also have internet firewall, but it doesn't utilize the same method, DroidWall works at the kernel level and will override LBE. Although LBE is also a very essential app. It can monitor how much data each app uses as well and set the permission for each app. Although if you flash roms all the time it gets tiresome to configure after each flash, also you have to know which permission to enable for some apps to not interfere with its normal functions.
Dear hacker guy,
Good luck reconstructing the images and dimensions of my butt pocket.
-signed dgaf user
Sent from my SGH-T959
suchavibrantthang said:
Dear hacker guy,
Good luck reconstructing the images and dimensions of my butt pocket.
-signed dgaf user
Sent from my SGH-T959
Click to expand...
Click to collapse
?????
I am in the process of configuring a number of Note 4 (910F) with Android 4.4.4 for issue to employees within my department. To prevent people from using a corporate handset for their unauthorised purposes, the devices have to be as clean as possible, with access to base functions such as phone, contact, sms, camera and business applications, but remove access to unnecessary applications that are all part of the bloatware installed on them by the network operator.
For device management, we are using SOTI Mobicontrol. SOTI allows me to blacklist applications to prevent them from launching. For security and warranty reasons, rooting the devices to remove unwanted applications is not an option. Therefore the only option is to use the SOTI blacklist to remove access to the application icon for launch.
SOTI requires that I input the application path eg com.sec.android.samsung.samsungapps to add an application to the blacklist. For the majority of mainstream applications such as Amazon, Evernote etc these are readily available. I'm having difficulty in finding the details for things like S Voice, and other bloatware that has been installed as part of the ROM.
I have one device that I can use for testing, so can install applications onto that. Is there any application readily available which will be able to capture the application launch path for an app that doesn't require me to root the device? I've found a few lists on the forum that related to the same apps on different devices which has given me a starting point. Just thought there may be an easier way to find the information out from the device.
Any help gratefully accepted.
IP
Work smarter, not harder. 'Dilbert'
In my opinion, these forums are for helping others to be able to get the most out of their devices, to improve and to make them more enjoyable, that is not your case, here we come as enthusiasts, fans, you better hire a pro in order to accomplish your corporative goals
winol said:
In my opinion, these forums are for helping others to be able to get the most out of their devices, to improve and to make them more enjoyable, that is not your case, here we come as enthusiasts, fans, you better hire a pro in order to accomplish your corporative goals
Click to expand...
Click to collapse
Thanks for the reply. I am an enthusiast, both Android, HTC and Samsung. Where I've been happy to read through the forums and customise my own devices over the years, my 'enthusiast' status has now put me in a position at work where a little bit of advice would go a long way to helping me out.
It's all fine and well paying someone else to do something, but the advice I was looking for was to help me as learning a new skill or how to use a new tool or app is always useful and helps keep me in a job and putting food in the mouths of my children!
I could have easily not included anything about this being needed to help me out for a situation at work and got an entirely different response, but I'm an honest guy just looking for a little advice.
indigo_prime said:
I am in the process of configuring a number of Note 4 (910F) with Android 4.4.4 for issue to employees within my department. To prevent people from using a corporate handset for their unauthorised purposes, the devices have to be as clean as possible, with access to base functions such as phone, contact, sms, camera and business applications, but remove access to unnecessary applications that are all part of the bloatware installed on them by the network operator.
For device management, we are using SOTI Mobicontrol. SOTI allows me to blacklist applications to prevent them from launching. For security and warranty reasons, rooting the devices to remove unwanted applications is not an option. Therefore the only option is to use the SOTI blacklist to remove access to the application icon for launch.
SOTI requires that I input the application path eg com.sec.android.samsung.samsungapps to add an application to the blacklist. For the majority of mainstream applications such as Amazon, Evernote etc these are readily available. I'm having difficulty in finding the details for things like S Voice, and other bloatware that has been installed as part of the ROM.
I have one device that I can use for testing, so can install applications onto that. Is there any application readily available which will be able to capture the application launch path for an app that doesn't require me to root the device? I've found a few lists on the forum that related to the same apps on different devices which has given me a starting point. Just thought there may be an easier way to find the information out from the device.
Any help gratefully accepted.
IP
Work smarter, not harder. 'Dilbert'
Click to expand...
Click to collapse
Why you're not using knox? Which gives you & your team clean,safe & high security in a partition where your enterprise data & emails are there, also it's allows your team to enjoy device as it's.
I believe knox has been designed for this purpose only.
jdomadia said:
Why you're not using knox? Which gives you & your team clean,safe & high security in a partition where your enterprise data & emails are there, also it's allows your team to enjoy device as it's.
I believe knox has been designed for this purpose only.
Click to expand...
Click to collapse
Knox is an additional license for the SOTI software we are using for device management and my suggestion to include it as part of the project were ignored. Work want to 'see how it goes' without spending any more money!
If you want a better Corporate security:
KNOX
ROOT
Choose EITHER ONE or you are out of options.
KNOX is a corporate solution for most big enterprises provided by Samsung & it's a good investment.
ROOT gives you FULL control over any LINUX based OS (Android is a LINUX fork) & it's cheaper as it's FREE.
By using ROOT access, you can create secondary user that is very limited & password protected, even encrypted; in a way that it differs from Android guest mode.
Using ROOT access, you can even remove the BLOAT/Unnecessary apps entirely from your devices, therefore eliminates unwanted possible BUGs that may compromise your company securities.
Linux & Android security knowledge is highly required.
IMHO, for warranty issue, you can replace warranty with insurance.
...And from my knowledge, I've read that many people claim their warranty with KNOX counter tripped without problem from Samsung (But of course they un-ROOT it before claiming).
But remember, as long as your employee can access Download Mode, all of it is useless.