# Ciq Data Collection



## stueycaster

fmcfad01 said:


> Kejar,
> Could you look into this for us for the next update?
> http://www.xda-devel...f-all-evil-ciq/


This was brought up in the GBE 2.1 thread. Also there is this.

http://www.xda-devel...ata-collection/

From what I read it all seems pretty benign. But if it was in our custom roms couldn't Samsung or HTC find out we are running custom software? I'd like for someone in the developer community to let us know if this could be a problem. Has this thing been removed from our custom roms?


----------



## zeuswsu

That sucks


----------



## RWNube

I, for one, find CIQ outrageous. If anybody out there can provide useful information on how to disable CIQ on the Droid Charge, it would be much appreciated.


----------



## rabbert.klein

There is a detection app available and can remove it if present. I don't have the link available but if I find it I will post it.


----------



## RWNube

rabbert.klein said:


> There is a detection app available and can remove it if present. I don't have the link available but if I find it I will post it.


Is it this? I'm pretty sure it only works on HTC devices.
https://market.andro...reve.loggingkey

k0nane's posts at this thread detailing CIQ removal were all removed: http://forum.xda-developers.com/showthread.php?t=1346864

This is a serious invasion of privacy. If anybody can help me figure out to remove CIQ from the Charge, please let us know, thanks!


----------



## neyenlives

The gummycharged roms have been identifying themselves to the network as GBE Gummycharged for a long time now. Go to the market on your PC and tell it to send an app to your device, it will be obvious you are running non-stock firmware.


----------



## RWNube

Even if my phone identifies itself as something other than stock, I don't want it sending off my usage habits and datamining my phone.
Are you talking about a value in the build.prop? That can easily be changed...
Mine identifies itself as verizon samsung sch-i510...


----------



## neyenlives

RWNube said:


> Even if my phone identifies itself as something other than stock, I don't want it sending off my usage habits and datamining my phone.
> Are you talking about a value in the build.prop? That can easily be changed...
> Mine identifies itself as verizon samsung sch-i510...


yeah but by default there was at least one of the Gummycharged roms that were set to something obvious as modded.

if you are concerned about the data mining stuff you shouldn't be carrying a google powered phone, that is the complete premise upon which the android operating system is made, it's "free" because they get to mine the shit out of your data, they make up the money selling your data and habits. Verizon recently changed their policy to include your gps locations and browsing data among other things. They sent you an email allowing you to opt out. What have you done to protect your own data? If you really don't want it out there don't use an Android powered phone and make sure you opt out of your carriers policies.


----------



## RWNube

I opted out a while back. If you want spyware on your devices, that is your decision. I will attempt to disable mine.


----------



## neyenlives

RWNube said:


> I opted out a while back. If you want spyware on your devices, that is your decision. I will attempt to disable mine.


Or use a device that isn't built completely around the express purpose of data mining. Just saying, its what you signed up for when you chose an Android phone.


----------



## Geerboy

Am I the only one who doesn't really care?

I mean....sure i'd care if verizon charged me extra or something...but they don't

Any data that they take they wouldn't just sell to somebody that would put you in harms way

I guess I'm under no dilution that they don't already know how many times I take a piss and when

Just me....I agree with the other guy...you kinda signed up for it when you got a google phone (or any phone, comp, tablet for that matter)

Sent from my SCH-I510 using Tapatalk


----------



## RWNube

I think that it is polite to leave the discussion to that pertaining to the OP. Philosophical pondering regarding the importance or morality of data-mining was not part of the discussion.
Does anybody know the current status of CIQ on the various ROMs already released for the Charge? I believe that it is embedded in the framework, and the developers likely would have informed us if they were able to remove CIQ from their ROMs.
Also, does anybody have any information that could lead to the removal or disabling of the CIQ functions on our phone? There are no-CIQ mods for the Epic 4G, which is quite similar to our phone.


----------



## neyenlives

RWNube said:


> I think that it is polite to leave the discussion to that pertaining to the OP. Philosophical pondering regarding the importance or morality of data-mining was not part of the discussion.
> Does anybody know the current status of CIQ on the various ROMs already released for the Charge? I believe that it is embedded in the framework, and the developers likely would have informed us if they were able to remove CIQ from their ROMs.
> Also, does anybody have any information that could lead to the removal or disabling of the CIQ functions on our phone? There are no-CIQ mods for the Epic 4G, which is quite similar to our phone.


well you are the one who responded with "CIQ is outrageous how do we remove it!!"

I was just politely reminding you that you kinda signed up for nothing being private when you decided to carry a Google backed device. Just trying to align the expectation with the choice bro.....

This would be kinda like signing up to be in some random sweepstakes in exchange for a chance at free groceries and then being appalled when you find everyone has access to your published information and demanding action to obscure it.


----------



## fmcfad01

Can we get this topic away from whether or not we signed up for something or whether or not you care? The point of this thread and the post I originally made is asking if there is a way to remove it if we so choose. We remove bloatware and mod all kinds of other things on our phones. Lets make ciq another option. Whether or not you personally choose to disable it will be up to you. That isn't what this thread is about.


----------



## RWNube

Apparently, CIQ is not active on the Charge if using custom ROMs and not using the My Verizon app. I'm not sure though, I need to do some more digging. CIQ is certainly a technical achievement- it will be interesting to learn how it functions.


----------



## stueycaster

I was just wondering if Verizon is aware that I'm using a custom rom and is my warranty already void. I was hoping I could replace the stock software in the case I have hardware issues and I need to take it to them.


----------



## poontab

Moved to general. Please use development sections for releases only.


----------



## diablospeed

stueycaster said:


> I was just wondering if Verizon is aware that I'm using a custom rom and is my warranty already void. I was hoping I could replace the stock software in the case I have hardware issues and I need to take it to them.


Have you read anything here? Flash the stock Rom and you will be fine.

Sent from my SCH-I510 using Tapatalk


----------



## Cruiserdude

RWNube said:


> Apparently, CIQ is not active on the Charge if using custom ROMs and not using the My Verizon app. I'm not sure though, I need to do some more digging. CIQ is certainly a technical achievement- it will be interesting to learn how it functions.


Have you found anything yet? I froze My Verizon, and am comfortable digging into system files and appending .bak or replacing them with null ones, editing a few lines in scripts, etc. I just want to know how remove or disable any form of unauthorized carrier data collection myself, even on an otherwise stock rooted ROM. Finding that specific info will make it easy for devs to make roms with this disabled, and for us users to do it no matter what software we run.


----------



## trparky

I'm running Danalo's EP4D ROM release on my phone and one of the things that he so kindly removed from this ROM was the My Verizon App. The My Verizon App may be where CIQ is hiding on this phone so if you rip it out via Titanium Backup (not just freeze it, uninstall it!), I believe you may be ripping CIQ out of the phone along with that garbage Verizon app.

But, those who are more in the know than I am will have to investigate further.


----------



## Cruiserdude

Yeah, I just froze it for now, as I actually use the app from time to time. Good to be able to check my text usage, shuffle Friends and Family #'s, and pay the bill if I happen to be away from home near the end of they cycle. Thankfully NFL Mobile still seems to work, but I never know which things that are actually useful depend on some VZ crapware. It'd be nice to have the option to use features like My VZW occasionally without having to worry about ciq, but its not worth the risk anymore.

Also, from reading some more blog posts about how it can collect anything you type in the browser, even financial passwords (which is not a good idea anyway on a phone, but w/e), it seems like some ciq functionality may be embedded in stock web browsers. I don't know how to tell if its in ours or not, but it would be the safest to run a third-party browser, or the AOSP one, rather than the stock TW one. I'm now wondering if it would be best to freeze or remove the stock browser as well...


----------



## trparky

I wonder if we can get a hold of a new Browser.APK file that was compiled from AOSP source.

I'm wondering if we could do that just to get updated browser functionality as well. Google fixes stuff in the browser all the time so getting new a new Browser.APK file would be good.


----------



## BleedsOrangeandBlue

neyenlives said:


> I was just politely reminding you that you kinda signed up for nothing being private when you decided to carry a Google backed device. Just trying to align the expectation with the choice bro.....


if this truly is the case, it doesn't really make sense that the only fix to get rid of CIQ is to run an AOSP ROM.

But that's jmho.


----------



## Cruiserdude

Yeah, keep in mind that ciq is NOT something from Google, nor do they appear to be too happy about it. Google collects certain data, but it's done anonymously, in other words, they see your search history as just a variable, helps them profile related interests for more effective and relevant advertising, but they don't store it under any personally identifiable info. Location services help you find more relevant info from your searches, and provides them with anonymous usage data valuable to local advertisers, but of course you can turn this feature off. Keeping track of people's apps helps them ensure that none of them are malicious or cause instability, and just like web page rankings, is necessary for assigning value to embedded banner ads.

So yes, Google collects info, but they do it to improve your experience and gather valuable, yet anonymous, data on social trends, interests, and buying habits. Remember, they have the resources they do (that lets them make so much awesome free stuff) because they sell more ads than anyone else, and it's this info that lets them be the most effective.

Google continues to claim that the info is indeed anonymous, and I have seen nothing to indicate otherwise. They don't gather the level of data that ciq does, and they have a legitimate use for the data they do gather. When there have been issues of privacy, Goog


----------



## Cruiserdude

Yeah, keep in mind that ciq is NOT something from Google, nor do they appear to be too happy about it. Google collects certain data, but it's done anonymously, in other words, they see your search history as just a variable, helps them profile related interests for more effective and relevant advertising, but they don't store it under any personally identifiable info. Location services help you find more relevant info from your searches, and provides them with anonymous usage data valuable to local advertisers, but of course you can turn this feature off. Keeping track of people's apps helps them ensure that none of them are malicious or cause instability, and just like web page rankings, is necessary for assigning value to embedded banner ads.

So yes, Google collects info, but they do it to improve your experience and gather valuable, yet anonymous, data on social trends, interests, and buying habits. Remember, they have the resources they do (that lets them make so much awesome free stuff) because they sell more ads than anyone else, and it's this info that lets them be the most effective.

Google continues to claim that the info is indeed anonymous, and I have seen nothing to indicate otherwise. They don't gather the level of data that ciq does, and they have a legitimate use for the data they do gather. When there have been issues of privacy, Google has taken swift action to address and respond to them. The carriers, on the other hand, have no legitimate need for the type of info Google collects, as they are not an advertising company, they do not govern the overall software experience, and do not provide core software services, just networking and peripheral apps. They certainly have no need for the type of data that TrevE claims they collect, and should not store it with personal info. When questioned, they just kept mum about it, or just lied.

I'm not saying that I'm convinced beyond all shadow of a doubt that Google doesn't collect things they shouldn't, but I know the carriers do, and they are not providing me with awesome free services in exchange for data on my usage habits. I pay them quite dearly for their services, and this breech of trust is unacceptable.


----------



## charlie_c

https://twitter.com/#!/VZWjeffrey/statuses/142206836832075777

@VZWjeffrey: To be 100% clear: Carrier IQ is *not* on #Verizon Wireless #VZW phones.


----------



## Cruiserdude

That's awesome news if true, unless of course they use some identical software from a ciq competitor. But I'd like to hope that's true, how reliable/knowledgeable is this guy?


----------



## charlie_c

Cruiserdude said:


> That's awesome news if true, unless of course they use some identical software from a ciq competitor. But I'd like to hope that's true, how reliable/knowledgeable is this guy?


Not sure, but that seems to be consistent with what VZW is saying: http://technolog.msn...t-personal-info

"Verizon Wireless told msnbc.com it doesn't put Carrier IQ "on our phones, nor do we use any Carrier IQ data." Asked whether it uses similar programs from other companies, a Verizon Wireless spokesperson said it does not."

EDIT: Latest release from Carrier IQ: http://www.androidcentral.com/carrier-iq-new-press-release-reminds-us-it-works-carriers


----------



## Cruiserdude

Well that's very good news then, pleasantly surprised that Verizon of all carriers seems to respect our privacy, score one for VZW if true. They ought to start an ad campaign then for everyone concerned with this on other carriers, considering this ciq scandal has left the tech world and is pretty much general news now that most people are talking about.


----------



## neyenlives

Verizon doesn't need CIQ

see an email I got from them in July


> Important Privacy Notice: Customer Proprietary Network Information *Re:* Account Number ending XXXX-XXXXXX Dear Valued Customer, At Verizon Wireless, we value you as a customer, and we know how important privacy is to you. As a company, we have a long-standing policy of guarding personal customer information. This notice contains information about Customer Proprietary Network Information (CPNI). Verizon Wireless needs your permission to share your CPNI within the Verizon family of companies, which includes our affiliates, agents and parent companies (including Vodafone), as well as their subsidiaries. This information allows us to better serve you by identifying, offering and providing the most appropriate communications products and services to fit your needs. You have the right to request that we not share such information, so please read this notice carefully. Regardless of your decision, your CPNI will never be shared byVerizon Wireless with any unrelated third parties. As your wireless provider, Verizon Wireless may have certain information about you that is made available to us solely by virtue of our relationship with you, such as details regarding the telecommunications services you purchase, as well as the type, destination, technical configuration, location and amount of use of such services. This information and related billing details are known as CPNI. The protection of your CPNI is important to us, and we acknowledge that you have a right, and we have a duty under federal and state law, to protect the confidentiality of this information. You have a right to request that your CPNI remain private, and may do so by clicking the Do Not Share My CPNI button below. Unless you notify us within 45 days of receiving this notice that you do not want your CPNI shared, we will assume that you give us the right to share your CPNI with authorized companies described above. <img border="0" height="23" width="147" /> Please be advised if you allow your CPNI to be shared, your consent will remain valid until we receive your notice withdrawing it, or for two years, whichever comes first. You may withdraw your consent at any time through My Verizon. If you would like more information on CPNI and selecting not to share, please review the frequently asked questions. Sincerely, Verizon Wireless


and again in October



> Why am I getting this notice? Your privacy is an important priority at Verizon Wireless. OurPrivacy Policy (available at www.vzw.com/myprivacy) informs you about information we collect and how we use it. Today we want to tell you about some important updates relating to two new uses of information. Verizon Wireless will begin using the information described below for (1) certain business and marketing reports and (2) making mobile ads you see more relevant. If you do not want us to use this information for these purposes, you can let us know by using one of the options described in the "Your Choices" section of this notice. This supplements our PrivacyPolicy. What information are we talking about? Under these programs, we willnot share any information that identifies you personally. Verizon Wireless will use the following categories of information: Mobile Usage Information: • Addresses of websites you visit when using our wireless service. These data strings (or URLs) may include search terms you have used •  Location of your device ("Location Information") • App and device feature usage Consumer Information: • Information about your use of Verizon products and services (such as data and calling features, device type, and amount
> of use) • Demographic and interest categories provided to us by other companies, such as gender, age range, sports fan, frequent diner, or pet owner ("Demographics") Is my information shared? Under these new programs, we will not share outside of Verizonany information that identifies you personally. HOW INFORMATION
> WILL BE USED DESCRIPTION EXAMPLE To create business and marketing reports. We will combine Mobile Usage Information and Consumer Information in a way that doesnot personally identify you. We will use this information to prepare business and marketing reports that we may use ourselves or share with others. A report might state that 10,000 mobile users visited a sports website in a month and 60% were men. For other companies to create business and marketing reports. We may also share Location Information with other companies in a way that doesnot personally identify you. We will allow these companies to produce limited business and marketing reports. The data we provide could be combined with data provided by other wireless carriers to create a report on the number of mobile users who take a particular highway during rush hour. To make mobile ads you see more relevant. When you use your wireless device, you often see ads on websites and apps. Using certain Consumer Information (such as your Demographics, device type, and language preference) and the postal address we have for you, we will determine whether you fit within an audience an advertiser is trying to reach. This means ads you see may be more relevant to you. We will not share any information that identifies you personally. A local restaurant may want to advertise only to people who live within 10 miles, and we might help deliver that ad on a website without sharing information that identifies you personally. Your choices. If you do not want us to use your information for any of the purposes described above, please let us know at any time by: • Visiting
> www.vzw.com/myprivacy
> 
> Or
> •  Calling 1-866-211-0874 You will receive mobile ads whether you participate or not, but under the advertising program, ads may be more relevant to you. If you have a Family SharePlan® or multi-line account, you must indicate your choice for each line. If you add a line or change a telephone number, you will need to update your
> privacy choices.


They are pretty open about sharing your data


----------



## charlie_c

neyenlives said:


> Verizon doesn't need CIQ
> 
> They are pretty open about sharing your data


Unless I'm mistaken that also has an opt out option.


----------



## empty_skull

And they informed us about it with the opt out. I can respect that. It's still a bit shady because probably 90% of folks ignore that notice. And Verizon is counting on that. But the CIQ mess is totally black. NO notification. No opt out. That is bad.


----------



## Cruiserdude

That's the difference, they explain it in detail, and let you opt out. I for one still think that gathering that info is ridiculous and not anything carriers should be doing, unless they want to lower our rates in exchange for making money off our marketing data. I of course opted my family out the instant I heard this awhile back, and for those that didn't, it was at least publicized, and they have the ability to opt out at any time. The main thing here though is still the fact that they explain it fully and give you the option not to participate.


----------



## skatastic

To play devil's advocate it is unlikely that Verizon has refrained from using ciq for any other reason that they didn't want to pay for it.


----------



## charlie_c

skatastic said:


> To play devil's advocate it is unlikely that Verizon has refrained from using ciq for any other reason that they didn't want to pay for it.


Possibly, but they're not shy about spending money if it will result in a return for them. I've seen a list of CIQ servers and it had Verizon test/demo servers listed iirc, so maybe Verizon tested it and decided it didn't perform the way they wanted so they went another route. Who knows...either way, they dealt with it in a more respectable way.


----------



## neyenlives

charlie_c said:


> Unless I'm mistaken that also has an opt out option.


it does or eh did.....yes, and I think, since we are speaking of passive technicalities here, there are terms and conditions in the material that came with the devices with CIQ installed that essentially said they agreed to the terms simply by the action of activating the handset. I do agree they should have had an explicit terms to accept on the device before CIQ could become active. Just saying though, people these days have some huge expectation of privacy and then they run out and put their business on facebook/twitter and carry an always connected smartphone running on Verizons network and an operating system sponsored by the largest data collection company ever, Google.....

i accepted the fact that by carrying one of these phones, I was giving up a certain amount of data to them, but all things in moderation, if i knew for a fact that my phone was sending a copy of the text in my text messages to some company to analyze.....i would be pissed if they didn't give me the opt out


----------



## stueycaster

I just found this.

http://www.forbes.com/sites/andygreenberg/2011/11/30/phone-rootkit-carrier-iq-may-have-violated-wiretap-law-in-millions-of-cases/


----------



## timedroid

Carrier IQ doesn't try that hard to hide itself. There would be something with "IQ" in the name in the running services list and /system/bin/ciqd would exist. At least that's what I saw on my old Samsung Intercept.


----------



## Cruiserdude

Well again, Verizon has gone on record that it has never used Carrier IQ or similar software.  While it sounds odd that VZW would be the one good guy, the consequences of going on record for an outright lie in the midst of a public scandal would be pretty severe. So I for one am inclined to believe them, and so far, no one has found evidence of ciq on other Verizon devices afaik.


----------



## xxxedjixxx

To the best of my knowledge, android was a small group developing Linux for smartphones that Google made mainstream. As such, I think it false under the GPL, making it free, not the data mining. As such, I think if there is CIQ out there, someone would find it. Let's face it, the developers that work on these are way too good to let that slip


----------



## shrike1978

xxxedjixxx said:


> To the best of my knowledge, android was a small group developing Linux for smartphones that Google made mainstream. As such, I think it false under the GPL, making it free, not the data mining. As such, I think if there is CIQ out there, someone would find it. Let's face it, the developers that work on these are way too good to let that slip


The GPL only applies to GPL'ed or derived code...not just anything that's on the system. Non-free stuff can be and is throughout your average Android phone.


----------



## xxxedjixxx

Right. I was just talking about the OS in particular. The other apparently they can charge for. I was saying the developers are usually extremely skilled and will find it extremely quickly.


----------



## Cruiserdude

Well again, this has been on phone's for some time now. Phone's running AOSP roms don't have proprietary code, but things like drivers and RIL's are often proprietary on stock builds (like ours all are). There's a number of things built into stock roms that spawn processes that may be necessary for other carrier services, it wasn't discovered until quite recently that this carrieriq software does anything malicious.

Keep in mind that devs have looked deeply into a number of phones, and made carrieriq detection programs, and no one has found anything on VZW phones from what I have seen. They've gone on record, which means if someone found anything they'd not only lose respect, but they would face stiff legal consequences. So its not likely that they would lie.

My understanding, after some more research, is that VZW only gathers data on their server side, as they keep logs like any ISP. The privacy options determine whether this data is shared with other companies, or just used internally.


----------



## xxxedjixxx

Thanks Cruiserdude. I kinda figured that was the case, as I knew SMS and mms were logged, and browsing history was saved through applicable law. This ciq thing is new, and the prospect to me seems almost borderline criminal. Maybe we can put this Carrier IQ issue to rest, at least with VZW


----------



## m0unds

figured i'd share this in case any of you were interested in some more technical details from a security researcher:

http://vulnfactory.org/blog/2011/12/05/carrieriq-the-real-story/


----------



## stueycaster

I'm running GummyCharged GBE 2.1 with Imoseyon 4.0 kernel and Voodoo and I just downloaded "Carrier IQ Detector" from the market and ran it.

http://thenextweb.co...ust-three-days/

It found my phone to be free of it.


----------



## stueycaster

The FBI uses it.

http://mybroadband.co.za/news/quick-news/39833-fbi-uses-carrier-iq.html


----------



## stueycaster

Verizon has never used Carrier IQ according to this. The Droid Charge has never had it.

http://betanews.com/...w-you-can-know/

Sprint says they have stopped using it.

http://www.mobilebur...-on-our-devices


----------

