How To Remove The Carrier IQ Rootkit

Android developer Trevor Eckhart last week discovered a widespread rootkit, called Carrier IQ, that is often installed by carriers and seems capable of logging everything you do. Here's how it works and how you can get rid of it.

What Is Carrier IQ?

Last week, 25-year old Eckhart discovered a hidden application on some mobile phones that had the ability to log anything and everything on your device — from location to web searches to the content of your text messages. The program is called Carrier IQ, but it isn't malware being distributed by criminals; it's sold as a service to mobile phone companies for troubleshooting and tracking purposes.

It's not clear yet whether the software has been routinely installed in Australia by local carriers; the coverage to date has been very US-centric.

How To Tell If It's Running On Your Phone

Originally, Android users were the only ones able to detect and remove the program (score one for openness). However, depending on your phone, you may have to be rooted to do so. Once rooted, running the "CIQ Checks" task in this app on XDA will tell you whether it's running on your system. On HTC phones, you can also search for the app in Settings > Applications as described in the video above, but using the Logging Checker app is the most reliable way to check.

Note also that if you're running an Android Open Source Project (AOSP) based ROM — like CyanogenMod — you do not have Carrier IQ installed on your system. These apps are based on the original, open source version of Android, and don't include any carrier or manufacturer additions like Carrier IQ. If you're using a modded version of your manufacturer's ROM, however — for example, a modded HTC Sense or Samsung TouchWiz ROM — you could still have it installed. To avoid this, either flash AOSP-based ROMs, or flash ROMs with Carrier IQ specifically removed (many will say NOCIQ or something similar on their description pages).

How To Remove It From Your Device

Android: If you want to remove it from your device, you have two choices. Either flash a custom ROM that doesn't contain Carrier IQ (as described above), or use Eckhart's Logging Test App to remove it. Both solutions require rooting your phone.

To remove it with the Logging Test App, download the original app and then buy the $0.99 Pro licence from the Android Market. Then, open it up, hit the Menu button, and tap "Remove CIQ". This will completely remove it from your device.

iPhone: Turns out the iPhone can also be affected. Here's how to switch it off on the iPhone.

Further Reading

If you want more information on Carrier IQ, XDA Developers and a few other outlets have written a few great articles that give a bit more detail. Check out the following posts if you're curious:


Comments

    "Note also that if you’re running an Android Open Source Project (AOSP) based ROM — like CyanogenMod — you do not have Carrier IQ installed on your system."

    Does this include the stock Android on Nexus phones, and on some tablets? If so, if such a phone is bought from a carrier, could it potentially still be modified by them?

    Pfft! Who cares? In the words of the great and immortal ex-News of the World journalist Paul McMullan:
    ''In 21 years of invading people's privacy I've never actually come across anyone who's been doing any good. Privacy is the space bad people need to do bad things in. Privacy is evil; it brings out the worst qualities in people. Privacy is for paedos. Fundamentally, nobody else needs it.''

    [Sarcasm turned up to 100%]

    Saying to ban privacy because it is evil is as stupid as saying, for example, that we should ban sticks because they have been used in assaults.

    "Right now, Android users are the only ones able to detect and remove the program (score one for openness)."

    How about Right now iPhone users are the only ones immune since apple wouldn't allow carriers to install anything at all [score 2 for ultra-restrictive close minded dictatorshipness]

    Sent from my iPhone :)

      Hate to upset you, but have you already forgotten about the iPhone tracking and privacy issues?

      http://www.gizmodo.com.au/2011/04/your-iphone-is-secretly-tracking-everywhere-you-go/

        Yet another misinformed apple user. Thanks for making me laugh.

        - Sent from my loving Linux desktop.

          Google "iphone and android tracking" and you might notice apple was not alone.
          The difference between recording cell phone towers and what it is likely every keystroke might be a little different don't you think?

            Apple have openly admitted to using this software. End of story.

              Apple only admitted to using it because it was going to come out before they eliminated it, and they knew it. They made the best out of bad. By admitting to the conspiracy and showing action to eliminate it, they avoid a mod of angry Apple fans and a loss of new ones. If this didn't make news with the help of Android's open platform, and tens of thousands of customers didn't inundate Apple with questions, Apple would have NEVER said a word....Just like they didn't for the past 5 years...

    Can Lifehacker please do an article on the processes of rooting your Android phone. Will it void warranties, how does your telco react, can they even detect that you have rooted it, what does it mean for people on contracts, does it change your ability to unlock your phone from a locked handset (ie. a vodafone handset become not locked to vodafone) and so on and so forth.. there are just too many unknowns for me with regards to this.

      See here: http://www.lifehacker.com.au/2011/04/the-complete-guide-to-rooting-any-android-phone/

    You will void all warranty and both carrier and google will treat you like a developer who knows what they are doing in regards to modding a phone (eg little support when u do something wrong) but that being said there are many fail safes and there is a really good forum with a lot of information and helpful people. As for how to do it, its differnet for every phone. Just search google for xpa *your phone model* forum and you will find all the info u need. Only thing you really need to worry about is wheather your phone is one of that 0.001% faulty from production which is not likely.

    It seem that everyone from big corporations such as Kaspersky to the individual whose tests this article is based on, is trying to exploit the fears of Android users. l even wonder if the .99 cent fee to clean phone ,installs it's own key-logger. The fact that it requires root, effectively means the buyer/victim has no recourse ,as both carrier and manufacturer warranties are voided. I would go as far as to say that lifehacker should be held liable, if they publish articles such as this. This article seems very similar to the old P.C your computer is infected scam. If lifehacker publishes an infomrecial for a scammer as editorial, then they should be held accountable.

    Okay so what I'm getting out of this is: "there is this super secret app that logs everything you do, and you can't see it, everyone believes me to have found it, and if you pay me a dollar, I'll remove it" - I'm from Missouri the show-me state show me the path to the log file, and I'll give you a dollar, but as it stands I can find no article on the web that specifically states the full path to the log files, OR how to find a carrier specific log file. (if indeed it changes from phone to phone)

    Boobies. Thats it. Forget CiQ.

    Just removed CIQ via Logging Test App and after reboot my Transform Ultra bricked. Does anyone know how to unbrick or have a site that would help? Ack!

    Poor apple users so dubbed down to stupidity by their apple os i mean it only takes a few seconds to notice apple are umbrella corp in disguise: /

Join the discussion!

Trending Stories Right Now