36 comments

[ 3.6 ms ] story [ 73.1 ms ] thread
NO (Samsung galaxy S II, T-Mobile)
I suggest using this open-source alternative instead: https://market.android.com/details?id=org.projectvoodoo.simp...
Used this to check my Samsung Intercept and got a positive on CIQ. However, Voodoo says it seems to be inactive.
They don't pay as much attention to UI as these guys. I'd rather use the better app.
I don't really like the other UI either. "Share results with Lookout"? "For full protection, download Lookout Mobile Security"? "Tell your friends about Carrier IQ Detector"?
UI? what ui? All the app does is open a detection report. The "better app" shows a green/yellow icon and links to other apps. The "worse app" shows a list of tests performed along with "found/not found".

The whole app UI is basically install/run/home/uninstall.

(by the way, no carrierIQ found on Motorola Atrix w/Orange French ISP)

Yep. As someone who wants to know if they have CarrierIQ, my main concern is whether I have CarrierIQ.
So isn't your best strategy to install both apps just to be sure? They don't seem to have the exact same detection procedure nor the same result.

I'm starting to wonder why I'm even arguing, it's like comparing the landing page of a company website to its wikipedia entry when all you want is the exact spelling of their latest product.

For some perspective, the one I linked only requests permission to read log files (to detect) while the Lookout one wants full network access (and interestingly enough no access to log files).
Presumably the one that requires network access tests for existence by attempting to connect to its local tcp port.

I'd be more comfortable installing an app that just scans the logs.

On the other hand, I have a rooted Android phone with LBE Privacy Guard installed, so I can install apps that require network privileges, and then simply deny them access to the Internet.

No (Desire, cm7.1)
Cyanogen stated a few days ago that CarrierIQ has never, and will never, be in their roms.
Yes, I'm was aware of it.

And I really tested it with "Voodoo Carrier IQ detector", also mentioned here in comments, just when it was released - install count was less than 500 - yesterday or day before - just before CM announced that they don't have it.

This scandal was the trigger for me to finally root my phone and install CM.
"trigger for me to root my phone"

I think this is the most sensible response. I imagine that there may now be a market for smartphone "rootkit detectors/cleaners/etc" but that path is about as sensible as the PC "anti-virus" industry.

It will not solve the problem and inevitably people's trust will be abused by some bad actors.

In my opinion users need to be more involved in or at least aware of the boot process. They should be able to ascertain what is running on the device.

There is no way for a consumer to retain full control over her device if she ignores the boot stage(s)... unless she can absolutely trust whomever is controlling them for her.

No (Sony Magic Cap)
Every single app review says their phone was clean. That makes me think this app is less detector and more placebo.
Dell Streak 5, Softbank: Not found (checked with both apps)
Not found on Samsung Charge (Android 2.3)
Another way to get the guileless to install malware?
Any evidence or should we assume all app are now malware?
So my Sprint Replenish does have Carrier IQ. Now that I know, how do I get rid of it?
soak it in salted water, then wrap it in aluminum foil. Then you're safe
root it and installed a non-tainted ROM like Cyanogenmod.
I just looked at the website and they don't support my phone. Do you have any other suggestions for what I can use on a samsung replenish?
Any of us in Europe has CarrierIQ? None of my friends has on their phones. P.S. I bought my phone not from network provider.
I bought my Samsung Galaxy S II in Finland. It does not have CarrierIQ.
I'm on Orange, UK - I can't find any of the related apps in the applications list and the Voodoo app says it isn't present. I'm yet to check LogCat myself.

However, I've not actually seen anyone directly say that it's US only but I haven't seen any Europeans claiming they have it either. I'm fairly certain it's only used on American carriers at the moment.

HTC Desire S on O2 in the Republic of Ireland, clean!
T-Mobile Samsung Galaxy S II is all clean.
It's telling me no on HTC / Orange / UK.
Score 320, with CIQ active and running on Infuse4g on Rogers Wireless. I guess, I shouldn't be surprised considering it's Rogers.

Is there a detailed list of what CIQ transmits ?

This app worked. I have an Atrix 2. I froze the process associated with cIQ. I'm not an advocate for violating peoples privacy but if they want to collect the texts i send to my mother they can have at it. The lack of disclosure is obviously a problem though. What was infuriating to me is now my phones battery life has increased by 1/3. For the last few weeks and probably on my older android devices this nonsense has been sucking the battery down like a sorority girl drinking malibu. On the atrix 2 the process you want to freeze is called "device health application"
I see this as a triumph of the Android ecosystem. Carriers (Verizon) have the option of doing the right thing and not inflicting this invasive tracking software/rootkit on their users.

With Apple's our-rule-is-law, whether you're on AT&T, Verizon, or Sprint, you don't have a choice. You have Carrier IQ.