Carrier IQ detection: check your source before you install

Android

1

A number of companies have released software that allows you to determine whether Carrier IQ software is installed on your phone, though I haven’t seen any such app that isn’t Android-specific, and that does present a problem. That is, of course, assuming that you accept that it is a real, significant problem – and I think it’s been more than a little overblown, though I continue to think that Carrier IQ (and those carriers using its service) need to clarify how it’s being used. But it’s not an Android-specific problem, and it might actually confuse people into thinking  that it is.

But to the extent that attention has been focused on the way it is (sometimes) implemented on Android, it ‘s worth remembering that the volume (and potential sensitivity) of that information has a lot to do with the problems Android has had with malicious applications. These take advantage of the lack of pre-checking apps in the Android Market and the fact that you can get Android apps from other sources. What are the chances of some enterprising malware author coming up with a Trojan, or something analogous to fake AV on desktop systems, that passes itself off as an app for detecting the presence of Carrier IQ software? Of course, you shouldn’t be in any danger with an app supplied directly by a legitimate security company, but if people always did that there wouldn’t be a fake AV problem, would there? And if something like this did happen, it’s likely that the consequences of infection would be worse than the “risk” from the presence of CIQ. So while I don’t blame the companies responsible for taking what is essentially a PR opportunity, you should be careful to check the credentials of a web site that offers such an app. Even a respectable download site can surprise you, not necessarily in a good way.

If you want some more information to help you make up your mind whether you want to go this route, here are a few relevant links:

Hat tip to Quinton Watts of ESET UK for bringing the issue to my attention, and to Randy Abrams for pointing out an ambiguous clause in the above. :)

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Author David Harley, ESET

  • Dan

    Very good article! With all the firestorm and screaming sometimes people forget about who they are getting their applications from and whether those might do something bad. Also these detectors don't remove the Carrier IQ application but simply tell you it is there.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
08 Dec 2011
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.