Samsung removing Carrier IQ in their update builds - Epic 4G General

There has just been a leaked build called EL13 for the Samsung Epic 4G TOUCH. Yes the touch. In this build, CIQ has been REMOVED by Samsung. No dev has touched it and there were no traces of Carrier IQ.
It is a leaked build by samfirmware. This is huge news for anyone with a Samsung device. I'm wondering if these later Gingerbread builds for the Samsung Epic 4G Will have no CIQ.
Figured I'd let everyone know and give them hope that Samsung is moving in the right direction!

First!
That is great news. It shows that the minority (us who root their Android) are being heard.

And all it took was national news attention and a State Senator to get involved.

I suspect this to be true for the upcoming GB release.
Sent from my SPH-D700 using XDA App

I don't think Sprint will go for it, but they might use this build to test other forms of CIQ, like Preloaded, After-market(Userinstallable) instead of Embedded like we have now.

Or just have it changed around and renamed.
Hidden from logs.
Sent from my SPH-D700 using XDA App

I know this was about the Touch, but the latest rdf for the Epic 4G (EL09) still lists the same version of CIQ. RDFs have been inaccurate before, but here's what's listed in the EL09 Epic 4G rdf for what it's worth:
Code:
DiagnosticsProtocolVersion 1.1.0
DiagnosticsClientVersion 3.2.13
DiagnosticsClientVendor CIQ
Regardless, I've never been worried about CIQ. The more the facts come out, the less worried I am.

i'd love to see an official update with CIQ removed.. that would totally be their admission to knowing it shouldn't have been there, but only after it gets media attention do they change their stance on it...
Otherwise, I'll be perfectly happy running custom roms with it removed..

Come back when it's missing in a final build.

good to see CIQ gone in a leaked build at least

k0nane said:
Come back when it's missing in a final build.
Click to expand...
Click to collapse
That's what I was thinking. Its just a test build, so it probably just hasn't been added in yet. Anything could happen, but I doubt it will be left out from the next update.

zanderman112 said:
That's what I was thinking. Its just a test build, so it probably just hasn't been added in yet. Anything could happen, but I doubt it will be left out from the next update.
Click to expand...
Click to collapse
Sprint may be considering making this an opt-out service. I think that would require a less integrated version of CIQ that acts more like an apk.

pvtjoker42 said:
i'd love to see an official update with CIQ removed.. that would totally be their admission to knowing it shouldn't have been there, but only after it gets media attention do they change their stance on it...
Otherwise, I'll be perfectly happy running custom roms with it removed..
Click to expand...
Click to collapse
'Privacy'.........(private data) a growing market.

poit said:
Sprint may be considering making this an opt-out service. I think that would require a less integrated version of CIQ that acts more like an apk.
Click to expand...
Click to collapse
That is what I was thinking.

Hmmm......there's no EL13 rdf for the Epic Touch and since that is today's date it's odd that there would be a leak of it already, but there is an EL12. It lists the same CIQ version we currently have.:
DiagnosticsProtocolVersion 1.1.0
DiagnosticsClientVersion 3.2.13
DiagnosticsClientVendor CIQ
http://device.sprintpcs.com/Samsung/SPH-D710/EL12.rdf
So, WTF?

poit said:
Hmmm......there's no EL13 rdf for the Epic Touch and since that is today's date it's odd that there would be a leak of it already, but there is an EL12. It lists the same CIQ version we currently have.:
DiagnosticsProtocolVersion 1.1.0
DiagnosticsClientVersion 3.2.13
DiagnosticsClientVendor CIQ
http://device.sprintpcs.com/Samsung/SPH-D710/EL12.rdf
So, WTF?
Click to expand...
Click to collapse
Ok, that is odd. I don't understand why they would do it for one and not the other...
Sent from my SPH-D710 using xda premium

Bigger than the carrier.
http://www.extremetech.com/mobile/1...q-but-big-brother-scare-tactics-are-overblown
Take it for what it's worth.

othan1 said:
Bigger than the carrier.
http://www.extremetech.com/mobile/1...q-but-big-brother-scare-tactics-are-overblown
Take it for what it's worth.
Click to expand...
Click to collapse
This article is taking a very small amount of information and making a HUGE jump to conclusions. All we know is that there is some mention of CIQ in a document that is involved in an active investigation. That doesn't mean that CIQ is being used by the FBI to snoop, it could just as easily (and likely) mean that the FBI is investigating CIQ at the request of some government official.

What I did like about that article was that it cleared up the misconception that ciq logs the acual message body of texts. The statement from treve is on point, because I believe in his video he implies that ciq is capable of doin that.
So kudos to the article on that one.
Trevor Eckhart said:
The other thing you’re seeing (text message bodies in the video) is an unrelated screwup by HTC. HTC put debugging statements in their code, a common practice to help developers figure out what’s going on while they’re working on the phone. These debugging statements included code that outputs the bodies of incoming SMS messages. These printouts should have been disabled before shipping the phone, but for some reason that didn’t happen. So you seeing SMS bodies in the video actually has nothing to do with CIQ, and is an artifact of HTC failing to disable printouts that were intended for developers only.
Click to expand...
Click to collapse
Sent from my SPH-D700 using XDA App

austin420 said:
What I did like about that article was that it cleared up the misconception that ciq logs the acual message body of texts. The statment from treve. Is on point, because I believe in his video he implies that ciq is capable of doin that.
So kudos to the article on that one.
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
This was in the Cnet article:
While McCullagh notes that Carrier IQ is not guilty of keylogging, there are serious privacy concerns that need to be addressed. The software does report user data to wireless carriers, like what applications are used and web history.
So much for tethering, any apps for rooted phones and checking out the pornography sites.
I think we can all agree this is already too much of an invasion of privacy. The carrier can already pull text messages if they needed to.

Related

Android 2.3.3!!!

Here is the link:
http://android-developers.blogspot....id+Developers+Blog)&utm_content=Google+Reader
Looks exciting!!
mmanjj said:
Here is the link:
http://android-developers.blogspot....id+Developers+Blog)&utm_content=Google+Reader
Looks exciting!!
Click to expand...
Click to collapse
Very cool! More NFC functionality is awesome, IMO! Thanks for posting man!
Now where's the manual download link
Too bad it doesn't include the Random Reboot fix, as that (IMO) is a much more needed update. *smh*
http://androidandme.com/2011/02/pho...s-new-nfc-features-random-reboot-bug-remains/
how come i didnt get the update???
Same as before; roll-out is staggered so not everyone will auto-download it on day-1. Could try calling *#*#checkin#*#* & see if that kicks it in... didn't for me though. Hence the hope someone posts the file so it can be manually installed
Noone has it yet, be patient
Sent from my Nexus S using XDA App
this update doesn't really give any benefit to the users right?
looking forward to the OTA update
Excited about NFC, but far more disappointed by lack of major bug fixes.
More locales inside? Any one knows something about this?
Sent from my Nexus S
2012iawait said:
this update doesn't really give any benefit to the users right?
Click to expand...
Click to collapse
Not unless you really love NFC.
thommcg said:
Not unless you really love NFC.
Click to expand...
Click to collapse
disagree. This will allow users to share contact info directly from phone to phone. it will also allow you to write to NFC tags which can be very cool. So for example, I have a watch I wear that is a NFC tag with 4k of memory. With the new release I can write change the content of what is on that tag. Right now I keep it as my contact info.
Who said major bugs won't be fixed? Clearly google decided to showcase 2.3.3 because of the NFC thing. Fixed bugs has never been showcased in change logs by google. So there is still hope!!!
I once had the idea of using NFC as input for password, like an electronic key. This will allow greater convenience once device level encryption is supported. I hope this can be realized some day.
SupaDupaFly24 said:
Who said major bugs won't be fixed? Clearly google decided to showcase 2.3.3 because of the NFC thing. Fixed bugs has never been showcased in change logs by google. So there is still hope!!!
Click to expand...
Click to collapse
Yeah, the idea of true changelogs is apparently alien to Google's Android team.
zorak950 said:
Yeah, the idea of true changelogs is apparently alien to Google's Android team.
Click to expand...
Click to collapse
Hehe they take their cues from Team Douche I'm sure there will be more fixes and alterations than that post implied so I wouldn't be too worried about it not stating specifically what is changing.
Si_NZ said:
I once had the idea of using NFC as input for password, like an electronic key. This will allow greater convenience once device level encryption is supported. I hope this can be realized some day.
Click to expand...
Click to collapse
The hardware supports it. NFC with a secure element provides a new level of security. Just needs to be implemented in items. they already have house locks and car door locks that use this type of system. Just need PCs to adopt it too.
thepro8 said:
The hardware supports it. NFC with a secure element provides a new level of security. Just needs to be implemented in items. they already have house locks and car door locks that use this type of system. Just need PCs to adopt it too.
Click to expand...
Click to collapse
My understanding is that technology uses RFID not NFC.
Will this install on a stock, rooted ROM on a custom kernel?
Sent from my Nexus S using Tapatalk

possibly the end of nexus geting updates directly from google

http://www.droid-life.com/2011/11/1...ak-in-two-bloatware-apps-on-the-galaxy-nexus/
silver03wrx said:
http://www.droid-life.com/2011/11/1...ak-in-two-bloatware-apps-on-the-galaxy-nexus/
Click to expand...
Click to collapse
Not necessarily. Those apps might not be integrated into the rom.
poit said:
Not necessarily. Those apps might not be integrated into the rom.
Click to expand...
Click to collapse
They are. The pics are in the galaxy nexus general forums. This killed my dream of getting a Nexus phone...... Will the international version work on Sprint???
Sent from my 1.6 ghz 3.2 rockin A500
Qwallace70129 said:
They are. The pics are in the galaxy nexus general forums. This killed my dream of getting a Nexus phone...... Will the international version work on Sprint???
Sent from my 1.6 ghz 3.2 rockin A500
Click to expand...
Click to collapse
I think what he meant is that those apps aren't put there until after the rom is installed, meaning Verizon put them there.
You make your statement with such certainty, yet provide nothing to back it up - why are you so sure?
Sent from my SPH-D700 using XDA App
The pics show it...... ICS has a built in uninstaller/disable feature...... There is no option to uninstall or delete.... Only disable... Meaning its cooked into the rom(if I've learned correctly) which also means all updates have to go through Verizon. No bueno for a Nexus phone....
Sent from my 1.6 ghz 3.2 rockin A500
Qwallace70129 said:
The pics show it...... ICS has a built in uninstaller/disable feature...... There is no option to uninstall or delete.... Only disable... Meaning its cooked into the rom(if I've learned correctly) which also means all updates have to go through Verizon. No bueno for a Nexus phone....
Sent from my 1.6 ghz 3.2 rockin A500
Click to expand...
Click to collapse
As long as Google pushed the update with a data backup, it shouldn't be an issue, correct? Google would update everything except carrier apps. Carrier could update them like the way Sprint updated Sprint Navigation to Telenav or some other delivery method.
Qwallace70129 said:
The pics show it...... ICS has a built in uninstaller/disable feature...... There is no option to uninstall or delete.... Only disable... Meaning its cooked into the rom(if I've learned correctly) which also means all updates have to go through Verizon. No bueno for a Nexus phone....
Sent from my 1.6 ghz 3.2 rockin A500
Click to expand...
Click to collapse
I think that only means that the app is installed into the system app directory, instead of the user app dir. I suppose I will have to adb push an apk into my system app folder to confirm, but I'm fairly certain that the lack of an uninstall button is because android never gives that option for system apps...
Sent from my SPH-D700 using XDA App
styles420 said:
I think that only means that the app is installed into the system app directory, instead of the user app dir. I suppose I will have to adb push an apk into my system app folder to confirm, but I'm fairly certain that the lack of an uninstall button is because android never gives that option for system apps...
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
Please say it would be that easy.... But then again it defeats the purpose of me buying a nexus if I have to get rid of bloatware.
Sent from my SPH-D700 using xda premium
Supposed to be a developer platform....what developer is going to want VZ Backup assistant...lol.
Verizon: You are dumb.
Oh well, I still believe it will be google updated.
Guys, in ICS there is a feature in which you can hide the apps.
Also i dont think this really matters. The two apps included are something verizon users may want. Looking at your status with the company and backing up information with the carrier hardly seem like bloat apps to me. Also, this is only the case for verizon and not other carriers like sprint, which can uninstall bloatware apps. I still believe google will be pushing out their own updates.
Sent from my Galaxy Tab 10.1
I'm a little curious why this would discourage anyone here from owning this phone. Are any of you guys buying it with the intention of running stock?
Even if people plan on using cooked roms they still want google to push the updates because that means they would come quicker and therefore the developers would have new versions to create new roms off of.
See. I am learnimg.
Sent from my Epic on Legandary ROM or my Galaxy Tab rooted (feels naked without a ROM)
|| Acer || said:
Guys, in ICS there is a feature in which you can hide the apps.
Also i dont think this really matters. The two apps included are something verizon users may want. Looking at your status with the company and backing up information with the carrier hardly seem like bloat apps to me. Also, this is only the case for verizon and not other carriers like sprint, which can uninstall bloatware apps. I still believe google will be pushing out their own updates.
Sent from my Galaxy Tab 10.1
Click to expand...
Click to collapse
Verizon users that want them could just install them though! that's the complete opposite of them being installed and people who don't want them being unable to uninstall them...
faceless said:
Verizon users that want them could just install them though! that's the complete opposite of them being installed and people who don't want them being unable to uninstall them...
Click to expand...
Click to collapse
The Verizon customers that don't want them are almost certainly going to know at least enough to be able to remove them, but many of the users that would want them would also fall into that special category of users that know just the bare minimum to be able to use the phone - average users, the ones even XDA noobs can run circles around. They make up the majority of Verizon's customer base, so the big V will cater to them. (They're also a lot more likely to pay for things that can be had for free, because they're a lot less likely to know that those things can be free... it's a two-fold win for any service provider)
Sent from my SPH-D700 using XDA App
Simply put, google can still update the phone.
I don't understand how the OP jumped to the conclusion he did. How does two "bloatware" apps point to "the end of nexus geting [sic] updates directly from google"?
Nonsensical, I tell you!
AmericanJedi001 said:
I don't understand how the OP jumped to the conclusion he did. How does two "bloatware" apps point to "the end of nexus geting [sic] updates directly from google"?
Nonsensical, I tell you!
Click to expand...
Click to collapse
I think this is the logic:
When a phone gets major customization from a carrier such as Sense or Touchwiz, it complicates the updates and delays updates due to additional testing and debugging needed on these customized ROMS. People are assuming that is the reason why US carriers get updates so much later than the much more plain European versions. So, the OP assumes that adding two Verizon apps is somehow as complex a modification as adding Touchwiz, therefor it will delay the release of jellybean, or whatever the next version will be called.
Seems pretty silly to me.
poit said:
I think this is the logic:
When a phone gets major customization from a carrier such as Sense or Touchwiz, it complicates the updates and delays updates due to additional testing and debugging needed on these customized ROMS. People are assuming that is the reason why US carriers get updates so much later than the much more plain European versions. So, the OP assumes that adding two Verizon apps is somehow as complex a modification as adding Touchwiz, therefor it will delay the release of jellybean, or whatever the next version will be called.
Seems pretty silly to me.
Click to expand...
Click to collapse
What I was trying to say all along. Thank you.
Sent from my SPH-D700 using XDA App

BUSTED! Secret app on millions of phones logs key taps

An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.
http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/
You can download the app to see if you have CIQ from here:
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110
Im running Miui and came out ok. Need root to run the app / clean it out.
http://forum.xda-developers.com/showthread.php?t=1122569&highlight=ciq
That's pretty f**ked up. This logs keys as they are pressed, even in dialer. It doesn't appear to be installed on all android builds, seems to be carrier dependant.
I ran TrevE_Logging_TestApp_v7 to check for CIQ on my SGHT959 stock froyo.uvka6 rooted (Tmobile USA) and it came back clean, no CIQ found.
It would be good to post a list of which carriers/phone manufacturers are utilizing this rootkit so they can be avoided.
Anyway I think the only ones affected would be users of stock roms like me, CM7/MIUI and other custom roms should be fine.
Vibrant
just ran it on my Samsung Vibrant running Trigger 3.2 and it came up clean...
Phrack said:
It would be good to post a list of which carriers/phone manufacturers are utilizing this rootkit so they can be avoided.
Click to expand...
Click to collapse
Agree!
I found it on my T-Mobile SGS2.... :/ I killed it with Titanium backup and rebooted. So far so good. I backed it up just in case it does mess up the phone by removing it.
Cool thanks.
sw20 said:
Agree!
I found it on my T-Mobile SGS2.... :/ I killed it with Titanium backup and rebooted. So far so good. I backed it up just in case it does mess up the phone by removing it.
Click to expand...
Click to collapse
From my research the only way to tell if your phone has icq is to run log cat on your phone. Also just uninstalling the visible program didn't stop the program. I have found that asop and Muiu roms do not have ciq installed and only custom roms or kernels (in sgs2 case) which specifically removes listed as it removed.
I talked to a customer rep @ T-Mobile and she had no idea what I was talking about when I asked about ciq.
Can't wait for the class action law suit against ciq and see if this company can survive especially after eckhart's new video showing the program logging everything.
Sent from my SGH-T959 using xda premium
Does anyone know how i get sqlite3?
Hey man! this is ****ed up. How do we remove this?
It depends on which rom you are using. If you are using CM7/MIUI they don't have CIQ because they are based on open source android builds. CIQ is added by carriers and some phone manufacturers so if you are running stock rom or hacked rom based on a stock rom there is a good chance you have CIQ.
You need to download TrevE's Logging Test App to check for CIQ:
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110
There's different versions, try them until you find one that works for your phone. This will tell you if CIQ is found. To remove it you need to pay 99 cents for pro version of app and your phone needs to be rooted.
**EDIT
Here's some more info on Carrier IQ from the author of Logging Test App. It details what Carrier IQ does and logs.
http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/
IMHO CIQ would probably be useful software if
A) Subcribers voluntarily participated
B) The software can easily be removed
As it stands this is classified as a rootkit because it is carefully hidden with no way for an average person to remove or disable it.
**EDIT ++
On the plus side there seems to be a plethora of apps available in Android Market for checking if Carrier IQ exists on your phone.
https://market.android.com/search?q=carrier+iq&so=1&c=apps
I have a feeling there will be eventually a simplified method for removing CIQ. Just be patient.
vibrant doesn't have it...
Sent from my SGH-T959 using xda premium
im glad mine doesn't have it. i put important stuff like mine and my moms bank accounts on my phone. cm7 is a safe choice

Carrier IQ

All right the company Carrier IQ is suddenly popping up in news stories everywhere. I assume I am safe from this garbage if I am using Cyanogenmod but how do I make sure my Wife's shift is clean of this if she's using Stock rooted 2.2? She will not let me change roms or even upgrade her to 2.3 so I would like to know what I need to delete to make sure Carrier IQ is not installed on her Shift or at least not sending any info back to it's mother ship.
If you haven't heard Carrier IQ is installed on millions of phones of different manufacturer's and is supported by many carriers including HTC and Sprint. It collects data and sends it back to Sprint or who knows who. Apparently it can log everything and it ignores any permissions or security you have set up or something like that. It is installed "invisibly" and you do not have the option to opt in or out. I assume Titanium or some other program can see the pieces I would need to delete but I don't know what they are.
Here's where I read about it and it does list an app that may be able to take care of it but I would rather know how to do it manually:
http://www.engadget.com/2011/12/01/carrier-iq-what-it-is-what-it-isnt-and-what-you-need-to/#comments
Thanks
Evo_Shift said:
All right the company Carrier IQ is suddenly popping up in news stories everywhere. I assume I am safe from this garbage if I am using Cyanogenmod but how do I make sure my Wife's shift is clean of this if she's using Stock rooted 2.2? She will not let me change roms or even upgrade her to 2.3 so I would like to know what I need to delete to make sure Carrier IQ is not installed on her Shift or at least not sending any info back to it's mother ship.
If you haven't heard Carrier IQ is installed on millions of phones of different manufacturer's and is supported by many carriers including HTC and Sprint. It collects data and sends it back to Sprint or who knows who. Apparently it can log everything and it ignores any permissions or security you have set up or something like that. It is installed "invisibly" and you do not have the option to opt in or out. I assume Titanium or some other program can see the pieces I would need to delete but I don't know what they are.
Here's where I read about it and it does list an app that may be able to take care of it but I would rather know how to do it manually:
http://www.engadget.com/2011/12/01/carrier-iq-what-it-is-what-it-isnt-and-what-you-need-to/#comments
Thanks
Click to expand...
Click to collapse
Run supreme sense
VICODAN said:
Run supreme sense
Click to expand...
Click to collapse
I know! I told my wife it is better...she still says no
You can use Treve's app http://forum.xda-developers.com/showpost.php?p=17612559
https://market.android.com/details?id=com.treve.loggingkey
Evo_Shift said:
I know! I told my wife it is better...she still says no
Click to expand...
Click to collapse
Show her that video and tell her you want a divorce if she doesn't agree.
lol jk about the divorce part but seriously I just watched that video and im so glad im not on stock sense.
Flash MikShifted G v1.76 or Supreme Sense, then hand her back the phone. If she doesn't like them better than stock there is something wrong
i think people over think things too much about these little threats
+1 OP, I'm in exactly the same boat!
Unfortunately it seems at this point, no way to remove CIQ without root
guyandhisdog said:
+1 OP, I'm in exactly the same boat!
Unfortunately it seems at this point, no way to remove CIQ without root
Click to expand...
Click to collapse
I think he already mentioned that yes she does have root on stock if you read the OP. So yes titanium backup should be able to remove it no problem. Use the app carrier IQ detector to find out how much of it needs to be removed.
CIQ is built into the kernel too. He needs to swap kernels as well as remove the apps.
Sent from my PG06100 using XDA App
Ron Overdrive said:
CIQ is built into the kernel too. He needs to swap kernels as well as remove the apps.
Sent from my PG06100 using XDA App
Click to expand...
Click to collapse
I looked at the kernel. All there is in the kernel is bug fixes to allow CIQ to run properly. If you remove the system apps there is nothing for the bug fixes in the kernel to use.
Sent from my PG06100 using xda premium
has anyone used the advanced version of treve's app on a shift successfully?
or removed the the ciq stuff manually with success? if so is there anything that needs to stay on the device so it doesn't brick.
i'm using a stock rooted rom and kind of want to stick with it.

Stagefright Vulnerabilities

Is someone more technical than me able to tell me if the stock 5.0.1 Tmobile has us on vulnerable to this?
http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/
Yes. Even the nexus 5 on 5.1.1 is still vulnerable. Google has already distributed a patch to all carriers, but as far as I know, none of the carriers have actually released it. The only patched rom so far is the most recent cyanogenmod 12.1 nightlies
acdcflame said:
Yes. Even the nexus 5 on 5.1.1 is still vulnerable. Google has already distributed a patch to all carriers, but as far as I know, none of the carriers have actually released it. The only patched rom so far is the most recent cyanogenmod 12.1 nightlies
Click to expand...
Click to collapse
Switched to the CM nightly today. It's going to take for ever for Samsung to get this patch of there.
Sent from my SM-N910T using XDA Free mobile app
Turn off auto retrieve in mms settings of you messaging app and only accept vids and pics from close friends! It's an annoyance but it'll keep you safe for now!
I have also heard you can just use hangouts as your default text app and avoid the issue all together.
Sent from my SM-N910T using XDA Free mobile app
ShrekOpher said:
I have also heard you can just use hangouts as your default text app and avoid the issue all together.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
I'm not so sure seeing as it centers around that video being downloaded with the virus automatically before you even open it but if true that would be nice!
Dvanzutphenkann said:
I'm not so sure seeing as it centers around that video being downloaded with the virus automatically before you even open it but if true that would be nice!
Click to expand...
Click to collapse
Hangouts uses a cloud based system to handle mms. Basically everything goes through Google Photos. The pictures and videos are the loaded to you phone once you click on them. As long as you dont click on a video or picture from someone you dont know, it would never reach your phone and thus not be an issue.
Sent from my SM-N910T using XDA Free mobile app
ShrekOpher said:
Hangouts uses a cloud based system to handle mms. Basically everything goes through Google Photos. The pictures and videos are the loaded to you phone once you click on them. As long as you dont click on a video or picture from someone you dont know, it would never reach your phone and thus not be an issue.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
Do you have a link to a reference on that?
I ask this because the guys that originally found the exploit stated that depending on what SMS app you use, you may not even know you were infected, hangouts being one of those.
(Joshua) Drake found that when the exploit code was opened in Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”.
Click to expand...
Click to collapse
http://www.forbes.com/sites/thomasbrewster/2015/07/27/android-text-attacks/
pcriz said:
Do you have a link to a reference on that?
I ask this because the guys that originally found the exploit stated that depending on what SMS app you use, you may not even know you were infected, hangouts being one of those.
http://www.forbes.com/sites/thomasbrewster/2015/07/27/android-text-attacks/
Click to expand...
Click to collapse
Drake found that when the exploit code was opened in*Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”
The above is true, but hangouts allows you to approve the messages which hold them in photos before they are delivered. You can also block all sms message that are not from contacts in hangouts.
See the screen shot below. The stock messaging app on many android phones does not have this option.
Also hangouts can be updated without a carrier approval so they will address it in the next update. The infamous hangouts 4.0.
Sent from my SM-N910T using XDA Free mobile app
ShrekOpher said:
Drake found that when the exploit code was opened in*Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”
The above is true, but hangouts allows you to approve the messages which hold them in photos before they are delivered. You can also block all sms message that are not from contacts in hangouts.
See the screen shot below. The stock messaging app on many android phones does not have this option.
Also hangouts can be updated without a carrier approval so they will address it in the next update. The infamous hangouts 4.0.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
I suppose the clarification I wanted to get out there is that this isnt some inherently present functionality without some forethought to change those settings. So hangouts like any other text app needs to be made secure enough to prevent the exploit if you are not running a patched build. Just making sure the people reading don't get a false sense of security simply because they are using Hangouts.
pcriz said:
I suppose the clarification I wanted to get out there is that this isnt some inherently present functionality without some forethought to change those settings. So hangouts like any other text app needs to be made secure enough to prevent the exploit if you are not running a patched build. Just making sure the people reading don't get a false sense of security simply because they are using Hangouts.
Click to expand...
Click to collapse
In all reality this is just a puff piece to try and make Apple who is losing market share look more secure and to get this Drake guys name in some press. The threat HAS NOT BEEN SEEN IN THE WILD, and its very likely Drake is the only one to ever produce it.
Its also very low class to unveil a zero day exploit that you know hasn't been patched and that no one else has found. Dude just wants the fame, in reality no one is at risk as long as it gets patched in the near future (months) . And if that douche would have kept his mouth shut and just let Google know and not the press none of us would have been at risk at all.
Sent from my SM-N910T using XDA Free mobile app
ShrekOpher said:
In all reality this is just a puff piece to try and make Apple who is losing market share look more secure and to get this Drake guys name in some press. The threat HAS NOT BEEN SEEN IN THE WILD, and its very likely Drake is the only one to ever produce it.
Its also very low class to unveil a zero day exploit that you know hasn't been patched and that no one else has found. Dude just wants the fame, in reality no one is at risk as long as it gets patched in the near future (months) . And if that douche would have kept his mouth shut and just let Google know and not the press none of us would have been at risk at all.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
It's not even really about Google dropping the ball after the fact. Google has already released the patch, it just hasn't been implemented across the various OEMs. Just because it has yet to be exploited doesnt mean it shouldn't be brought to light. In fact the exploit was found in APRIL and the article I cited was posted June 27th. Also Google has its own team of software nerds that do this very thing. Find vulnerabilities in software and give the authors a window to respond before publishing it. Of course the last 0day exploited posted to google for windows 8.1 was published 90 days after its finding but the person who found it NEVER contacted Microsoft..
This is why I would be weary of trying to call this dude out as starved for attention when our beloved Google does the same thing his firm does.
I'm sorry but I am all for transparency when it comes to security issues no matter how big or small. Especially in this mobile world we live in.
And now more potential hackers have been made aware of this.
StageFright defense
ChompSMS has patched their sms app from running StageFright, fingers crossed, you will see the explanation when you search PS for it
---------- Post added at 08:06 PM ---------- Previous post was at 08:03 PM ----------
pcriz said:
It's not even really about Google dropping the ball after the fact. Google has already released the patch, it just hasn't been implemented across the various OEMs. Just because it has yet to be exploited doesnt mean it shouldn't be brought to light. In fact the exploit was found in APRIL and the article I cited was posted June 27th. Also Google has its own team of software nerds that do this very thing. Find vulnerabilities in software and give the authors a window to respond before publishing it. Of course the last 0day exploited posted to google for windows 8.1 was published 90 days after its finding but the person who found it NEVER contacted Microsoft..
This is why I would be weary of trying to call this dude out as starved for attention when our beloved Google does the same thing his firm does.
I'm sorry but I am all for transparency when it comes to security issues no matter how big or small. Especially in this mobile world we live in.
Click to expand...
Click to collapse
I'm with you, what's really hilarious is that when I called the nation's largest carrier, and as usual I was transferred 3 times for a simple question, no one knew of the SF exploit, what does the word EMAIL or MEMO mean again Verizon??
Sprint released their patch specifically for stagefright...
The other major carriers will soon follow!
Do not download the Korean version released today 910t3...
You may be sorry!
But that's just my 2 cents...
acdcflame said:
Yes. Even the nexus 5 on 5.1.1 is still vulnerable. Google has already distributed a patch to all carriers, but as far as I know, none of the carriers have actually released it. The only patched rom so far is the most recent cyanogenmod 12.1 nightlies
Click to expand...
Click to collapse
So would the latest cm nightly rom from here be good to go? http://forum.xda-developers.com/not...-temaseks-unofficial-cm12-0-build-v9-t3066174
There is an app called stage fright detector in the playstore that can tell you if you are vulnerable.
Sent from my SM-N910T using Tapatalk

Categories

Resources