**WARNING** Leaked Gingerbread and VVM leaves your Phone # and Pin exposed - Droid Incredible General

After using VVM built into Sense UI, I notice strange non-encrypted .xml files being created on the root of my sd card. I opened them up with root explorer and what did I see, my voicemail password and phone number is in those files.
So if an app has access to your sd card, your phone number and password could be stolen with ease.
Dont think this problem happens with Verizon's VVM app...just the HTC Sense VVM
Also wanted to mention after deleting the vm's those .xml files are not deleted off your sdcard either.

What's vvm?
EDIT: NVM. visual voicemail. thank god i dont use it

Visual voice mail

Google Voice Voicemail FTW!

Interesting that HTC is passing that information in plain text, after this whole location fiasco between Android and iPhone...you would think they would be a bit more careful about storing any usernames/passwords in plain text.

GodFather25 said:
Interesting that HTC is passing that information in plain text, after this whole location fiasco between Android and iPhone...you would think they would be a bit more careful about storing any usernames/passwords in plain text.
Click to expand...
Click to collapse
Well, this on a leaked ROM so it is not like they intended the public to have and be using their vvm on the Inc yet.

anyone know if this could be a proprietary security flag to track people on the leaked rom? I always suspected something like that was embedded in flawed coding of flashed consoles that got banned on xbox live, and with the tether crackdown I have been a little wary.

Why use vvm anyways? Have we gotten that lazy? If its an issue, dont use it!
Sent from my Optimized Inc using XDA App

I am a use voice over vvm myself but if there are other security measures built in that are harder to detect it may be better to steer clear of the leak. as a side note though have been running it for two days. I am a daily UD rom user but wanted a stock. preview sense preview. Never really liked sense, and if ,y D2 wouldn't have took a toilet dive(no insurance) I wouldnt have my phones software hacked to pieces to get a vanilla rom. Oh well. Guess I should have bought a DX as a replacement,but I love everything about the Inc except Sense UI.
Another sidenote, all data speed are faster on the leaked rom including tether and internet but call quality took a dive. Ran all vanilla and some stripped sense roms and this is the most drastic difference between them I have had besides just phone features not working correctly. Going to post this part in the dev leaked thread also. edit osted thread in Q&A

So basically someone could listen to your voicemails? I realize many would have a problem with that, but seems pretty low-key security-wise to me.

depends on the business you do with and what kind of sensitive information that is passed along to you. not everyone will have important voicemails, but at the same time all voicemails should be confidential.

This is a serious issue... hopefully devs figure out how to beef up the security here.

donnyp1 said:
Why use vvm anyways? Have we gotten that lazy? If its an issue, dont use it!
Sent from my Optimized Inc using XDA App
Click to expand...
Click to collapse
Thank you for your amazing insight into the this situation, it really was a revelation that none of us could live without.

magneticzero said:
After using VVM built into Sense UI, I notice strange non-encrypted .xml files being created on the root of my sd card. I opened them up with root explorer and what did I see, my voicemail password and phone number is in those files.
So if an app has access to your sd card, your phone number and password could be stolen with ease.
Dont think this problem happens with Verizon's VVM app...just the HTC Sense VVM
Also wanted to mention after deleting the vm's those .xml files are not deleted off your sdcard either.
Click to expand...
Click to collapse
I have no clue what your refering to. I am on the leaked GB rom and use htc vvm all the time. It has never created any files on my sd card or emmc at all, other than saving attachments.

cmlusco said:
I have no clue what your refering to. I am on the leaked GB rom and use htc vvm all the time. It has never created any files on my sd card or emmc at all, other than saving attachments.
Click to expand...
Click to collapse
This warning was from the first leaked GB updated. not the newest RUU

synisterwolf said:
This warning was from the first leaked GB updated. not the newest RUU
Click to expand...
Click to collapse
Ah i see. Thanks for the info.

cmlusco said:
Ah i see. Thanks for the info.
Click to expand...
Click to collapse
np. by your post im guessing they fixed it. the first leak was only 2.3 so im sure they patched a bunch of security problems.

Related

best rom for MT3G 32b?

what is the best rom for the MT3G right now.
I tried cyanogen 3.9.11.2 and seems like it has intermitant problems unlocking the screen were it will blink horizontal lines and then after a few times then unlock fine. Seems to happen more with the device when it is warm
I have also tried both v1.3 jacxrom builds and the full v3 hero and works fine when first booted but when I lock the screen and unlock it looks like the screen is overlayed with another copy of itself but a little to the right. Almost taking one verticle line of pixels and switching it wiht the row next to it in pairs al the way across the screen. Any ideas on which one I should be running.
TheArtiszan said:
what is the best rom for the MT3G right now.
I tried cyanogen 3.9.11.2 and seems like it has intermitant problems unlocking the screen were it will blink horizontal lines and then after a few times then unlock fine. Seems to happen more with the device when it is warm
I have also tried both v1.3 jacxrom builds and the full v3 hero and works fine when first booted but when I lock the screen and unlock it looks like the screen is overlayed with another copy of itself but a little to the right. Almost taking one verticle line of pixels and switching it wiht the row next to it in pairs al the way across the screen. Any ideas on which one I should be running.
Click to expand...
Click to collapse
The new Cyanogen 4.1 that just came out is absolutely amazing. I just flashed it over on my MT3G today and have had no troubles. It's a must have.
http://forum.xda-developers.com/showthread.php?t=537204 Link to the Cyanogen 4.01
tazz9690 said:
The new Cyanogen 4.1 that just came out is absolutely amazing. I just flashed it over on my MT3G today and have had no troubles. It's a must have.
Click to expand...
Click to collapse
Do you have all the tmobile apps that came with the mytouch (myfaves etc...)
Im still trying to decide whether or not to root. I have rooted "jailbroken" my iphone. Is rooting give you the same benefit as jailbraking? I mainly used the jailbreak for denied apps from the app store, themes, and tethering. Tethering is not so important (unless I'm traveling haha)
hypmatize said:
Do you have all the tmobile apps that came with the mytouch (myfaves etc...)
Im still trying to decide whether or not to root. I have rooted "jailbroken" my iphone. Is rooting give you the same benefit as jailbraking? I mainly used the jailbreak for denied apps from the app store, themes, and tethering. Tethering is not so important (unless I'm traveling haha)
Click to expand...
Click to collapse
Same idea and then some. Cyan does not include myFaves in his builds but it can be added. Check the G1 forum where he posts his ROMS. I saw a post about it the other day but can't remember where. Search. When in doubt, ROOOOOOT!!! No other way to use Android IMO.
aaronratner said:
Same idea and then some. Cyan does not include myFaves in his builds but it can be added. Check the G1 forum where he posts his ROMS. I saw a post about it the other day but can't remember where. Search. When in doubt, ROOOOOOT!!! No other way to use Android IMO.
Click to expand...
Click to collapse
So the myfaves app that came with my mytouch ("Magic" I like that name so much better btw mytouch sounds so girly) can't be pushed to me by tmobile. I happened to me once where it completely disappeared from my phone and cs refreshed my myfaves and i got it within 5 min. I guess its not a big deal if I can download it. How about the other apps like youtube, android market; will they work as they would on a non rooted mytouch?
The main thing stopping me from rooting is that I can't return it to the original factory state like I could for my iphone. Not sure how stuff works on android (im still a noob with this OS) but on the iphone it wasn't a big deal to jailbreak as it just modifies just a small part of the OS to allow non apple approved apps/themes etc... but with this its like it flashes a whole different OS. How about all the new updates like donut etc...that we will get ota. I guess the devs here will include all those features in their new ROMs (as they are doing now) so that is not such a big deal.
Thanks for the quick answer btw.
MOD EDIT
Moved to general discussion forum
hypmatize said:
So the myfaves app that came with my mytouch ("Magic" I like that name so much better btw mytouch sounds so girly) can't be pushed to me by tmobile. I happened to me once where it completely disappeared from my phone and cs refreshed my myfaves and i got it within 5 min. I guess its not a big deal if I can download it. How about the other apps like youtube, android market; will they work as they would on a non rooted mytouch?
The main thing stopping me from rooting is that I can't return it to the original factory state like I could for my iphone. Not sure how stuff works on android (im still a noob with this OS) but on the iphone it wasn't a big deal to jailbreak as it just modifies just a small part of the OS to allow non apple approved apps/themes etc... but with this its like it flashes a whole different OS. How about all the new updates like donut etc...that we will get ota. I guess the devs here will include all those features in their new ROMs (as they are doing now) so that is not such a big deal.
Thanks for the quick answer btw.
Click to expand...
Click to collapse
Sorry for not answering your response as quickly as the first answer. I can't speak for the iPhone but the G1/myTouch (I have both) are a MUST root IMO. I think having total control over the phone and OS is so important. As far as Market, YouTube, etc. they all work. Every app works, as far as I am concerned and I have 225 apps (all paid for if they weren't free) installed. As far as updates are concerned, the devs here are months ahead of Google and TMO. Cyanogen (best ROMs here, IMO, if you aren't into Hero and things like that) already has some Donut stuff in his stable 4.0.1 ROM and adds quite a bit of cool features in his experimental ROMs. You can also add bits from other devs if Cyan doesn't include something you like. Cyan does not include myFaves (I forget why) but it can be added after. Just search around for that. Even without the app on your phone, you can always update them online and still make free calls to your faves. It just won't show on the phone, that is unless you have the "after market" app installed. Hope this helps. And like I said, root is absolutely the way to go. Nothing frightening. In fact, I feel more comfortable with tools like Nandroid built-in so I can always restore my phone if/when I mess something up or install and unstable ROM/theme. I flash almost daily for that reason.
aaronratner said:
Sorry for not answering your response as quickly as the first answer. I can't speak for the iPhone but the G1/myTouch (I have both) are a MUST root IMO. I think having total control over the phone and OS is so important. As far as Market, YouTube, etc. they all work. Every app works, as far as I am concerned and I have 225 apps (all paid for if they weren't free) installed. As far as updates are concerned, the devs here are months ahead of Google and TMO. Cyanogen (best ROMs here, IMO, if you aren't into Hero and things like that) already has some Donut stuff in his stable 4.0.1 ROM and adds quite a bit of cool features in his experimental ROMs. You can also add bits from other devs if Cyan doesn't include something you like. Cyan does not include myFaves (I forget why) but it can be added after. Just search around for that. Even without the app on your phone, you can always update them online and still make free calls to your faves. It just won't show on the phone, that is unless you have the "after market" app installed. Hope this helps. And like I said, root is absolutely the way to go. Nothing frightening. In fact, I feel more comfortable with tools like Nandroid built-in so I can always restore my phone if/when I mess something up or install and unstable ROM/theme. I flash almost daily for that reason.
Click to expand...
Click to collapse
wow dude you have been a lot of help, I feel a lot more about rooting now (wow you flash almost everyday haha awesome). I think I'm gonna try it tonight haha.
So I wont need to restore to the original shipped state if I ever need to do a warranty claim?
oh yeah so should I flash cyanogen 3.9.X.X or 4.0.1 ( I know 3.9.X.X has some donunt features but its experimental...but is it better?)
so far JACxHero is my fav rom
mykenyc said:
so far JACxHero is my fav rom
Click to expand...
Click to collapse
really is there a main/any difference between the 2?
i've used cyanogen and its amazing rom but i don't know if its me but JACxHero seems waay more smooth and faster...
and the crazy part is im using a class 2 sd i can only imagine using class 6
mykenyc said:
i've used cyanogen and its amazing rom but i don't know if its me but JACxHero seems waay more smooth and faster...
and the crazy part is im using a class 2 sd i can only imagine using class 6
Click to expand...
Click to collapse
So it looks like sense ui from the hero? I heard all those roms are slow due to the ram limitation on the mytouch (192mb) vs the hero (288mb)
btw I have a class 2 card too as of right now so that is good to know
JACxHero is not a hero port its a regular cupcake with hero type theme and htc music port try it out have nothing to lose really
mykenyc said:
JACxHero is not a hero port its a regular cupcake with hero type theme and htc music port try it out have nothing to lose really
Click to expand...
Click to collapse
Yeah I think I will since it is pretty safe to do (especially since aaronranter flashes everyday it has to be lol)
hypmatize said:
Yeah I think I will since it is pretty safe to do (especially since aaronranter flashes everyday it has to be lol)
Click to expand...
Click to collapse
i have too trust me i went through 8 roms already went right back to JACxHero
mykenyc said:
i have too trust me i went through 8 roms already went right back to JACxHero
Click to expand...
Click to collapse
WOW lol
So to flash it all I have to do it to do the 1 click root method and flash that rom? (not sure where to get it btw)
How about when i want to change roms what do I do?
do I do a nandroid backup every time i switch roms?
hypmatize said:
WOW lol
So to flash it all I have to do it to do the 1 click root method and flash that rom? (not sure where to get it btw)
How about when i want to change roms what do I do?
do I do a nandroid backup every time i switch roms?
Click to expand...
Click to collapse
I am a noob, but if you use search option you will find out that JacHero needs latest Radio and SPL which is 2005. One click method doesnt change it. I still have 2006, "perfect".
you can always use the old method just follow the instructions step by step don't feel discourage ... but you must and i repeat follow each step ... one... by ..one
schtuka said:
I am a noob, but if you use search option you will find out that JacHero needs latest Radio and SPL which is 2005. One click method doesnt change it. I still have 2006, "perfect".
Click to expand...
Click to collapse
Ah thanks for the info. I think i'll flash with cyanogen's rom since I currently don't have another micro sd card to do the old method

Google free rom????

Hello.
I am interested in a highly secure Rom for the evo. I would like it to be free of Google or anyother corporately monitored system. real opensource experience free of all this monitoring and tracking and data minning. Maybe with a nice user friendly firewall for all connections. how about built in 512 bit encryption. For private txt messaging.
Let's hear from the community on this.
I may be wrong but... Evo is an Android phone... Android = Google. I don't think you'll have much luck getting a Google free Android phone.
Sent from my PC36100 using XDA App
You know these are google/android forums right? I don't think it will be possible at all....
Do you want an aluminum foil hat with that ROM?
Sent from my PC36100 using XDA Premium App
Dude that will never happen. Thats all i have to say
Umm don't listen to anyone who previously posted. You could easily use CyanogenMod with out Google apps to do this. You would be missing the market and any standard app that has the word Google before it like Google maps, but I guess now you could use the Amazon market anyway.
Sent from my ThunderBolt using XDA Premium App
Actually i had a Samsung intercept that originally had Google android rom and ended up with a non-google phone in the end...... Accidentally flashed a radio from differnet phone and after no signs of Google ..... Or signs of really anything but made a great paper weight!
Sent from my PC36100 using XDA App
u921333 said:
Actually i had a Samsung intercept that originally had Google android rom and ended up with a non-google phone in the end...... Accidentally flashed a radio from differnet phone and after no signs of Google ..... Or signs of really anything but made a great paper weight!
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
i dont think you understand what he means... im not a troll . but he said he doesnt want it to have google ,also for it to keep everything private... also look at my new signature LMFAO
sorry quoted wrong guy but yeah if he is lucky and doesnt brick.
how would this be possible ? dont you need a google account to even use the phone ? could probably be wrong.
josh995 said:
I may be wrong but... Evo is an Android phone... Android = Google. I don't think you'll have much luck getting a Google free Android phone.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
You think wrong.
knowledge561 said:
You know these are google/android forums right? I don't think it will be possible at all....
Click to expand...
Click to collapse
You think wrong too.
tgruendler said:
Do you want an aluminum foil hat with that ROM?
Sent from my PC36100 using XDA Premium App
Click to expand...
Click to collapse
Will it match your dunce cap?
davidc23 said:
Dude that will never happen. Thats all i have to say
Click to expand...
Click to collapse
You are giving wrong info, that's all I have to say.
jvward said:
Umm don't listen to anyone who previously posted. You could easily use CyanogenMod with out Google apps to do this. You would be missing the market and any standard app that has the word Google before it like Google maps, but I guess now you could use the Amazon market anyway.
Sent from my ThunderBolt using XDA Premium App
Click to expand...
Click to collapse
Finally someone smart in this thread.
Any ASOP ROM which doesn't include GAPPS like cyanogyn mod or deck's ASOP rom will do this (minus the sms encryption) as long as you don't flash the GAPPS add ons or enable my location.
I really hate when people act like experts, but don't know what their talking about.
I don't think you're going to find this for the EVO, although I imagine there's a phone out there somewhere that you can accomplish this with.
datajosh said:
I don't think you're going to find this for the EVO, although I imagine there's a phone out there somewhere that you can accomplish this with.
Click to expand...
Click to collapse
Wrong again, check my post immediately above yours.
mjs1231 said:
Hello.
I am interested in a highly secure Rom for the evo. I would like it to be free of Google or anyother corporately monitored system. real opensource experience free of all this monitoring and tracking and data minning. Maybe with a nice user friendly firewall for all connections. how about built in 512 bit encryption. For private txt messaging.
Let's hear from the community on this.
Click to expand...
Click to collapse
When you say free of google what do u mean?? Evo runs android, android is created by Google. There is no way you could have android without Google. If you mean Google apps, as someone else said just run cyanogenmod without GAPPS. You wont be able to do much, won't even be able to load apps that aren't preinstalled.
indagroove said:
You think wrong.
You think wrong too.
Will it match your dunce cap?
You are giving wrong info, that's all I have to say.
Finally someone smart in this thread.
Any ASOP ROM which doesn't include GAPPS like cyanogyn mod or deck's ASOP rom will do this (minus the sms encryption) as long as you don't flash the GAPPS add ons or enable my location.
I really hate when people act like experts, but don't know what their talking about.
Click to expand...
Click to collapse
It wouldn't be anymore secure than the current version of Android being ran (which he mentioned and is apparently worried about).. but as far as all the 'monitoring and tracking' and what not, I mean, sure. But what would be the point? Seems like a pretty half assed Android experience.
There is only so much that can be done without the use of, say, GApps ... might get the job done but would essentially kill the idea of even owning said phone.
Get Yo'Self a Jitterbug
bwcorvus said:
When you say free of google what do u mean?? Evo runs android, android is created by Google. There is no way you could have android without Google. If you mean Google apps, as someone else said just run cyanogenmod without GAPPS. You wont be able to do much, won't even be able to load apps that aren't preinstalled.
Click to expand...
Click to collapse
Obviously the OS is made by Google, but I don't think that's what he meant. I think he means a rom which won't constantly sync with google's servers.
Also, you CAN sideload apps without market or GAPPS installed, the trick is just to find the .apk files somewhere other than google market, but most are on either amazon market or Edit, so again another WRONG piece of info given out here.
conqu1stador said:
It wouldn't be anymore secure than the current version of Android being ran (which he mentioned).. but as far as all the 'monitoring and tracking' and what not, I mean, sure. But what would be the point? Seems like a pretty half assed Android experience.
Click to expand...
Click to collapse
Although I wouldn't do it myself, I can see the point. You would have way better battery life without the constant syncing. Also takes much less ram. Not everyone cares about sync with gmail, contacts, and calendar. Some just want a nice smooth OS. It would be more secure, because everything wouldn't go through google's servers.
mjs1231 said:
Hello.
I am interested in a highly secure Rom for the evo. I would like it to be free of Google or anyother corporately monitored system. real opensource experience free of all this monitoring and tracking and data minning. Maybe with a nice user friendly firewall for all connections. how about built in 512 bit encryption. For private txt messaging.
Let's hear from the community on this.
Click to expand...
Click to collapse
Seriously? This is like asking for the competitor iPhone and not wanting Apple to make it. If you didn't want a Google phone then why did you buy a phone with software developed by Google? Please don't tell me you Yahoo'd your phone. That would just be an Epic Fail!
mdean1981 said:
Seriously? This is like asking for the competitor iPhone and not wanting Apple to make it. If you didn't want a Google phone then why did you buy a phone with software developed by Google? Please don't tell me you Yahoo'd your phone. That would just be an Epic Fail!
Click to expand...
Click to collapse
Actually it's more like having an iphone and not paying for mobile me. But in this case it's a better situation because you wouldn't have to register with google to get the apps (get them somewhere else as I suggested previously), like you would have to with apple.
indagroove said:
Although I wouldn't do it myself, I can see the point. You would have way better battery life without the constant syncing. Also takes much less ram. Not everyone cares about sync with gmail, contacts, and calendar. Some just want a nice smooth OS. It would be more secure, because everything wouldn't go through google's servers.
Click to expand...
Click to collapse
I get the 'tracking' and what not ... but no one is really 'tracking' you. Recorded, maybe. But what does that even really matter in the end?
I get that you want to point out that it can be done, and others were wrong, but it was a silly question none the less.
And, sure, of course - less RAM. And no syncing? Could always disable. But freeing up RAM and what not? Running a smooth experience? It's not going to be that much smoother than should you elect to NOT use proprietary apps. It's not going to be a 'night and day' thing.
I'm more or less curious what the OP wants to do with his phone. Yeah, getting apps from other avenues is always a possibility ... sure. But getting apps from outside of the Market isn't going to offer less system stability, or smoothness, as opposed to getting them from the market.
Sure, I suppose it could be done ... but what are you trying to do? And, as said, it's only as secure as the latest version of Android ... which is constantly facing security issues.
It was sort of a silly post. Gotta admit that much.

BUSTED! Secret app on millions of phones logs key taps

An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.
http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/
You can download the app to see if you have CIQ from here:
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110
Im running Miui and came out ok. Need root to run the app / clean it out.
http://forum.xda-developers.com/showthread.php?t=1122569&highlight=ciq
That's pretty f**ked up. This logs keys as they are pressed, even in dialer. It doesn't appear to be installed on all android builds, seems to be carrier dependant.
I ran TrevE_Logging_TestApp_v7 to check for CIQ on my SGHT959 stock froyo.uvka6 rooted (Tmobile USA) and it came back clean, no CIQ found.
It would be good to post a list of which carriers/phone manufacturers are utilizing this rootkit so they can be avoided.
Anyway I think the only ones affected would be users of stock roms like me, CM7/MIUI and other custom roms should be fine.
Vibrant
just ran it on my Samsung Vibrant running Trigger 3.2 and it came up clean...
Phrack said:
It would be good to post a list of which carriers/phone manufacturers are utilizing this rootkit so they can be avoided.
Click to expand...
Click to collapse
Agree!
I found it on my T-Mobile SGS2.... :/ I killed it with Titanium backup and rebooted. So far so good. I backed it up just in case it does mess up the phone by removing it.
Cool thanks.
sw20 said:
Agree!
I found it on my T-Mobile SGS2.... :/ I killed it with Titanium backup and rebooted. So far so good. I backed it up just in case it does mess up the phone by removing it.
Click to expand...
Click to collapse
From my research the only way to tell if your phone has icq is to run log cat on your phone. Also just uninstalling the visible program didn't stop the program. I have found that asop and Muiu roms do not have ciq installed and only custom roms or kernels (in sgs2 case) which specifically removes listed as it removed.
I talked to a customer rep @ T-Mobile and she had no idea what I was talking about when I asked about ciq.
Can't wait for the class action law suit against ciq and see if this company can survive especially after eckhart's new video showing the program logging everything.
Sent from my SGH-T959 using xda premium
Does anyone know how i get sqlite3?
Hey man! this is ****ed up. How do we remove this?
It depends on which rom you are using. If you are using CM7/MIUI they don't have CIQ because they are based on open source android builds. CIQ is added by carriers and some phone manufacturers so if you are running stock rom or hacked rom based on a stock rom there is a good chance you have CIQ.
You need to download TrevE's Logging Test App to check for CIQ:
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110
There's different versions, try them until you find one that works for your phone. This will tell you if CIQ is found. To remove it you need to pay 99 cents for pro version of app and your phone needs to be rooted.
**EDIT
Here's some more info on Carrier IQ from the author of Logging Test App. It details what Carrier IQ does and logs.
http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/
IMHO CIQ would probably be useful software if
A) Subcribers voluntarily participated
B) The software can easily be removed
As it stands this is classified as a rootkit because it is carefully hidden with no way for an average person to remove or disable it.
**EDIT ++
On the plus side there seems to be a plethora of apps available in Android Market for checking if Carrier IQ exists on your phone.
https://market.android.com/search?q=carrier+iq&so=1&c=apps
I have a feeling there will be eventually a simplified method for removing CIQ. Just be patient.
vibrant doesn't have it...
Sent from my SGH-T959 using xda premium
im glad mine doesn't have it. i put important stuff like mine and my moms bank accounts on my phone. cm7 is a safe choice

Carrier IQ

All right the company Carrier IQ is suddenly popping up in news stories everywhere. I assume I am safe from this garbage if I am using Cyanogenmod but how do I make sure my Wife's shift is clean of this if she's using Stock rooted 2.2? She will not let me change roms or even upgrade her to 2.3 so I would like to know what I need to delete to make sure Carrier IQ is not installed on her Shift or at least not sending any info back to it's mother ship.
If you haven't heard Carrier IQ is installed on millions of phones of different manufacturer's and is supported by many carriers including HTC and Sprint. It collects data and sends it back to Sprint or who knows who. Apparently it can log everything and it ignores any permissions or security you have set up or something like that. It is installed "invisibly" and you do not have the option to opt in or out. I assume Titanium or some other program can see the pieces I would need to delete but I don't know what they are.
Here's where I read about it and it does list an app that may be able to take care of it but I would rather know how to do it manually:
http://www.engadget.com/2011/12/01/carrier-iq-what-it-is-what-it-isnt-and-what-you-need-to/#comments
Thanks
Evo_Shift said:
All right the company Carrier IQ is suddenly popping up in news stories everywhere. I assume I am safe from this garbage if I am using Cyanogenmod but how do I make sure my Wife's shift is clean of this if she's using Stock rooted 2.2? She will not let me change roms or even upgrade her to 2.3 so I would like to know what I need to delete to make sure Carrier IQ is not installed on her Shift or at least not sending any info back to it's mother ship.
If you haven't heard Carrier IQ is installed on millions of phones of different manufacturer's and is supported by many carriers including HTC and Sprint. It collects data and sends it back to Sprint or who knows who. Apparently it can log everything and it ignores any permissions or security you have set up or something like that. It is installed "invisibly" and you do not have the option to opt in or out. I assume Titanium or some other program can see the pieces I would need to delete but I don't know what they are.
Here's where I read about it and it does list an app that may be able to take care of it but I would rather know how to do it manually:
http://www.engadget.com/2011/12/01/carrier-iq-what-it-is-what-it-isnt-and-what-you-need-to/#comments
Thanks
Click to expand...
Click to collapse
Run supreme sense
VICODAN said:
Run supreme sense
Click to expand...
Click to collapse
I know! I told my wife it is better...she still says no
You can use Treve's app http://forum.xda-developers.com/showpost.php?p=17612559
https://market.android.com/details?id=com.treve.loggingkey
Evo_Shift said:
I know! I told my wife it is better...she still says no
Click to expand...
Click to collapse
Show her that video and tell her you want a divorce if she doesn't agree.
lol jk about the divorce part but seriously I just watched that video and im so glad im not on stock sense.
Flash MikShifted G v1.76 or Supreme Sense, then hand her back the phone. If she doesn't like them better than stock there is something wrong
i think people over think things too much about these little threats
+1 OP, I'm in exactly the same boat!
Unfortunately it seems at this point, no way to remove CIQ without root
guyandhisdog said:
+1 OP, I'm in exactly the same boat!
Unfortunately it seems at this point, no way to remove CIQ without root
Click to expand...
Click to collapse
I think he already mentioned that yes she does have root on stock if you read the OP. So yes titanium backup should be able to remove it no problem. Use the app carrier IQ detector to find out how much of it needs to be removed.
CIQ is built into the kernel too. He needs to swap kernels as well as remove the apps.
Sent from my PG06100 using XDA App
Ron Overdrive said:
CIQ is built into the kernel too. He needs to swap kernels as well as remove the apps.
Sent from my PG06100 using XDA App
Click to expand...
Click to collapse
I looked at the kernel. All there is in the kernel is bug fixes to allow CIQ to run properly. If you remove the system apps there is nothing for the bug fixes in the kernel to use.
Sent from my PG06100 using xda premium
has anyone used the advanced version of treve's app on a shift successfully?
or removed the the ciq stuff manually with success? if so is there anything that needs to stay on the device so it doesn't brick.
i'm using a stock rooted rom and kind of want to stick with it.

Thank you for the what???

OK so at the recommendation of one of the members I flashed U.K.E. Rom on to my phone. Kinda liking it but I got the oddest text this morning.
谢谢你的电话插孔一天。
Google translate says it's simplified Chinese and means "Thank you for the phone Jack"...
Is this a fluke or should I be worried?
Sent from my PG06100 using XDA App
Maybe it was built in to send to you when you flashed only One_love could be able to explain it cuz i got the same message when i ran U.K.E
One by One the penguins steal my SANITY
Is your name Jack? Does the text show the number it was sent from? Where did you download your rom from (ROM Manager, SDX website, etc)? Do you have any apps that didn't come from the market?
MrLinky said:
Is your name Jack? Does the text show the number it was sent from? Where did you download your rom from (ROM Manager, SDX website, etc)? Do you have any apps that didn't come from the market?
Click to expand...
Click to collapse
I got the Rom from the sdx forum and I haven't installed anything that wasn't from the market. I do have the phone number and it's from a local number, that's what freaks me out the most. If this wasn't a fluke then anyone with this knowledge can get my info let alone could they call out of country on my account and all that stuff...
turkbot said:
Maybe it was built in to send to you when you flashed only One_love could be able to explain it cuz i got the same message when i ran U.K.E
One by One the penguins steal my SANITY
Click to expand...
Click to collapse
This makes me feel a bit better though as long as you didn't get any odd charges on your bill...
Sent from my PG06100 using XDA App
Wow very random if i must say. I have yet seen or heard of this. Im wondering if you have a rogue app messing with you two. Lets see if we can figure this out, what apps do the both of you have the same of? Ive yet to see this message to me or hear of it from others. And i can tell you that there is nothing written into this rom to send you that message. This is why im thinking its a rogue app. If we could get a list of the apps you both have that received this random message.
Sent from my PG06100 using Tapatalk
one_love_420 said:
Wow very random if i must say. I have yet seen or heard of this. Im wondering if you have a rogue app messing with you two. Lets see if we can figure this out, what apps do the both of you have the same of? Ive yet to see this message to me or hear of it from others. And i can tell you that there is nothing written into this rom to send you that message. This is why im thinking its a rogue app. If we could get a list of the apps you both have that received this random message.
Sent from my PG06100 using Tapatalk
Click to expand...
Click to collapse
Sounds good. BTW, I called Sprint just to double check to see if they show any calls placed through my phone number or anything. The lady on the phone said it's possible but if someone did it wont post to my account for a few days, especially if they made any international calls.
I didn't figure there was anything scripted into the rom itself to do this, it's possible that it could be something rogue. It's also possible that someone with the skillz was just driving by and grabed my info from a wifi signal and texted me just to F with me.
Anywho, on to the installed program list...
Andchat
Androzip
Antivirus (AVG)
App 2 SD Free
Astro
Brightness Level
Business Calendar Free
CamScanner
ColorNote
Craigslist
Dropbox
eBay
Echolink (Amateur radio stuff)
ElectroDroid
Evernote
Fast Reboot
Forum Viewer for Warcraft (letting my geek show now...)
Gmail
GO Contacts
GO Launcher EX
GO Locker
GO SMS Pro
(few go themes)
Google Voice (yeah I know... if they realy want to know so be it)
GOWidget Transparent Theme
Gps Speedometer
GPS Test
gTabSiMiClock
History Eraser
Just Playlists
KeePassDroid
Kingsoft Office
Klondike
Linux Utils Lite
Maps (Google...)
market
Offline Dictionaries
Opera Mobile
Pandora
Philly D App
PocketManga
QuickPic
RealCalc
Rom Manager
Scanner Radio
Simple Weather Alert
Sync Settings
Tethering Widget
Titanium Backup
TuneIn Radio
TweakDeck
Uptime Widget
Upvise Pro
Voice Search
WoW Armory
XDA
Yachtc
....
and there's more room to put moah on my phone!!!!
This is the list as of the time I got the text. Sometimes I uninstall things like maps if I don't need it and what not.
And keep in mind, I'm not blaming anyone for what has or may happen. I'm not accusing anyone of anything. Just figured I'd see if this is just an odd ball spam from someone locally trying to troll me or what.
Wow that is odd as hell. I've been running and testing uke since before it was released and I've never had that pop up on me. Its def not something in the rom and I hope you guys find the app doing it. Good luck.
-somebody- said:
Wow that is odd as hell. I've been running and testing uke since before it was released and I've never had that pop up on me. Its def not something in the rom and I hope you guys find the app doing it. Good luck.
Click to expand...
Click to collapse
I think this is what's making me think it's just a fluke or a troll... I've been running these apps for a while now and haven't ever had a problem with them. I didn't even expect a comment from One_Love_420 either. VICODAN is the one that recommended the ROM to me so I wasn't going to just point the finger to the ROM anyways. I did have my Wifi running all night long (had the advanced setting setup to not put my wifi to sleep when my phone goes off). The only thing I haven't done yet is check to see what my logs say on my Linksys router (maybe he tapped my phone for internet).
I think it's just a fluke (or at least I hope... this could be an exspensive bill if this person was able to make calls from my phone or anything like that).
retiredhp2200 said:
I think this is what's making me think it's just a fluke or a troll... I've been running these apps for a while now and haven't ever had a problem with them. I didn't even expect a comment from One_Love_420 either. VICODAN is the one that recommended the ROM to me so I wasn't going to just point the finger to the ROM anyways. I did have my Wifi running all night long (had the advanced setting setup to not put my wifi to sleep when my phone goes off). The only thing I haven't done yet is check to see what my logs say on my Linksys router (maybe he tapped my phone for internet).
I think it's just a fluke (or at least I hope... this could be an exspensive bill if this person was able to make calls from my phone or anything like that).
Click to expand...
Click to collapse
yeah its def an oddity. have you ran miui on it anytime recently and maybe there was residual mess from it and someone was still able to mess with you? or hell, coulda been someone texting the wrong person, i would think its just a fluke if youve been using the same apps for x amount of time and havent had this happen before.
One thing does come to mind when looking at your app list. Go sms pro is a china developed app and has a ton of permissions that i would never approve of, one being the ability to make calls. Check its permissons list on the market. A little much for an app imho.
Sent from my PG06100 using Tapatalk
...
Didn't think about that... Figured the GO stuff was lagit since it's all from the same group.
/me uninstalls GO SMS
-somebody- said:
yeah its def an oddity. have you ran miui on it anytime recently and maybe there was residual mess from it and someone was still able to mess with you? or hell, coulda been someone texting the wrong person, i would think its just a fluke if youve been using the same apps for x amount of time and havent had this happen before.
Click to expand...
Click to collapse
I haven't tried Miui yet. I started with CM7 and wanted to get into somthing light (meaning less sprint stuff and being able to uninstall maps and stuff since I only use them once in a great while). I know I got a lot of GO stuff on it but I've just been tinkering with it since the kernal is running a bit more then just the 800 mhz on the cpu. Wanted to "test" out what this thing is capable of.
The bling is nice, the personalization of colors and stuff is cool and all... But I use this for business a lot and kinda like a rock solid machine that's as efficient as possible. I'm looking into other options of roms that are just plane Jane Android next. U.K.E. has been running nicely even with all the bling (minus go sms now I guess). Depending on how put off I am about no bling I might just go back to using U.K.E.
retiredhp2200 said:
...
Depending on how put off I am about no bling I might just go back to using U.K.E.
Click to expand...
Click to collapse
U.K.E. is pretty rock solid for an aosp ROM, I try all of the ROMS on XDA for the shift as theyre released and even though that means im trying alot of diff ROMS i generally restore my UKE backups for my daily driver
retiredhp2200 said:
...
Didn't think about that... Figured the GO stuff was lagit since it's all from the same group.
/me uninstalls GO SMS
Click to expand...
Click to collapse
You should always check permissions of apps even from the market..Google doesn't keep track of apps published on the market and if they are malicious or not. It's up to users to report if something funky is happening. That's why I un-installed GoSms a long time ago when they first added all of those strange permissions to the updated versions. It was even causing people to have issues with phone calls. Read through market comments and check permissions Always with any app even if it's just a update to a new version. The devs of GoSms are very un-responsive also when people ask them about the permissions and report issues. If you really want to get down to the bottom of something also run a logcat and see what the app is doing.
one_love_420 said:
Wow very random if i must say. I have yet seen or heard of this. Im wondering if you have a rogue app messing with you two. Lets see if we can figure this out, what apps do the both of you have the same of? Ive yet to see this message to me or hear of it from others. And i can tell you that there is nothing written into this rom to send you that message. This is why im thinking its a rogue app. If we could get a list of the apps you both have that received this random message.
Sent from my PG06100 using Tapatalk
Click to expand...
Click to collapse
I can attest that UKE is a SOLID rom and is very secure.
VICODAN said:
I can attest that UKE is a SOLID rom and is very secure.
Click to expand...
Click to collapse
Because it's based on cm7?
Solid indeed. Outside of that odd text I haven't had any other issues. I haven't tried to track down who's phone number that is Incas it's a friend just messing with me and I haven't had any charges posted to my account so... Might have just been someone messing with me.
Sent from my Evo Shift using XDA.
It's definately not a rom related issue. Download Addons Detector from the market. This will help you to track down suspicious apps intalled on your device.
So I got rid of all of the GO products and I'm just running the AWD stuff that came with the rom. Only thing I realy miss is the SMS stuff. I looked at handsent and their permissions are the same (for the most part) as go sms.
Any thoughts on an sms program? I'm looking for character count and more info like sent date/time displayed without going into message details.
Sent from my PG06100 using XDA

Categories

Resources