Google chairman Eric Schmidt has criticised Carrier IQ and added that the company doesn't work with the controversial software maker. "Android is an open platform, so it's possible for people to build software that's actually not very good for you, and this appears to be one," Schmidt said, according to Reuters. Late last month …
Well if this isn't proof.
"it's possible for people to build software that's actually not very good for you"
Well if this isn't proof that Schmidt's insight, acumen, and intelligence far exceed what anyone has ever given him credit for, then I don't know what is!
Schmidt should read The Register more often:
He's obviously misinformed!
“When ideas are blocked, information deleted, conversations stifled and people constrained in their choices, the internet is diminished for all of us,” Clinton said, according to the New York Times.
That's a pretty funny statement considering she's part of the same government which is bringing in the The Stop Online Piracy Act and who routinely shutdown websites that don't agree with their policies or views.
"That's a pretty funny statement considering she's part of the same government which is bringing in the The Stop Online Piracy Act and who routinely shutdown websites that don't agree with their policies or views."
One of the problems I've been having with convincing some of my friends and acquaintances how truly awful the Stop Online Piracy Act really is is that a lot of them think that opposition to it is hysterical overreaction.
The SOPA is a stunningly dreadful piece of legislation that's bad for the Internet and bad for users. There's no question about it. If this ill-considered rubbish becomes law, there's no question in my mind that it could and probably would stifle legal expression while tilting the balance of power dramatically in favor of wealthy copyright holders.
But your comment, sadly, is part of the reason that it's difficult to make people outside the IT community see how bad it is. As obnoxious as the government may be when it comes to the Internet, it does not "routinely shutdown websites that don't agree with their policies or views." Quite the opposite, in fact; a quick Google search easily turns up tens of millions of Web sites that disagree with the government's policies and views, on every topic from drug policy to foreign policy to what country the president was born in to the SOPA itself.
The SOPA is bad enough that we don't need overheated, and provably false, rhetoric to oppose it.
well, not really
Nice thought, and all, except it's not really true, and demonstrates an insufficient understanding of the American political process.
SOPA is a bill in the House of Representatives - part of the legislative branch of the government. Clinton is a member of the executive branch. She is not a representative or a senator. Representatives do not need the permission of the executive branch to introduce legislation, under the U.S. system. Clinton, and the entire branch of government of which she is a part, had no involvement in, no control over, and no power to prevent the introduction of SOPA.
SOPA was introduced by Lamar Smith, a Republican, and co-sponsored by eight Republican and four Democratic representatives.
Say it ain't so!!!
Remember, this is supposed to be the most "open" and "transparent" administration the US has ever had.
@AdamWill Entirely true, that is indeed the constitutional position in the US. However,.......
.............we await of course with bated breath to see whether the President will stand by his Secretary of State's avowed principles and veto that piece of shameless lobby-fodder legislation if it actually passes both houses.
that is, indeed, an interesting question.
upvoted anyway :)
so you find brazen, dangerous cynicism funny?
well lucky you.
Didn't BitDefender say that the Carrier IQ is "so deeply integrated with the device’s firmware [that] Carrier IQ Finder cannot remove it".
If it's integrated with the firmware, doesn't that mean that Google have worked with them? Or is the Android platform really that open? Not trolling, just asking as I'm curious.
The great thing about Open Source is that carriers could inject code directly into the kernel if they so deemed. Perhaps Carrier IQ already has such a patch readily available to their customers....
It's open souce. Anyone can build their own version of.
1) it's not that integrated, just requires root access to remove (afaik). And if it were more integrated, see (2)
2) yes, Android is *that* open that carriers can add it when creating their custom bloatware roms
It really IS that open...
...The only bits that aren't are the GApps (Google Apps), but other than that you can download the source and (almost) change anything you want, to do anything you want. You can even swap/edit Linux kernals to get it running on devices that were never intended for Android. My HD2 for instance, which now has a version of CyanogenMods CM7 Android build as a daily driver, has a modified kernal to get Android to work with the hardware. So, its not beyond the realms of possibility for CIQ to hide stuff away in there too.
Well kind of
Google's stock Android is Carrier IQ free.
in the linux context, FW crudely put tends to be anything that has root only access.
Second executables can be spawned via scripts (sysinit script eg) or binaries (init executable for eg). Both will have root only privileges. For one you will have to edit the script after getting root. For the other you will need a recompiled binary that does call CarrierIQ. This an automated virus cleaner type thing cannot really do. It assume that starting CarrierIQ sw is necessary to continue execution (some inits ignore errors)
Caveat: Above explanation is extremely oversimplified.
It means it's an application that's been placed on the read-only partition on the phone. This is why you have to reflash or at least root to make certain changes to devices. Obviously operators have control over what goes into their software images, and that's how it gets in there. This is totally independent of Google.
If it is in the kernel then the source must e made available under the GPL.
I suspect that it is a true rootkit ie it simply change some tables to direct all input to the app ie not compiled into the kernel.
Under the GPL any changes to the code must be made available to all for at the most cost of reproducing and transmitting the code.
You can make your own ROM based on Android, and you have to do this as a ROM made for a Samsung Galaxy S will not work on an HTC phone or even another Samsung model. It is specific to a particular hardware model.
Not a rootkit
You can do everything that it does with standard Android APIs. A Market app could do it if you granted it the permissions. It's just an ordinary app in the read-only partition.
Companies like CIQ don't go outside the application space (and certainly not into the kernel!) if at all possible because it is an enormous headache. You want cheap mass-market applicability, not something that you have to modify for every device and every OS version. The operators certainly aren't interested in you going that deep either.
While true, it only means that CarrierIQ is a user-land rootkit, not a kernel-land rootkit.
Remember, Google is only the source code provider,
it is the TELCO MFGs who worked with Carrier IQ to include the stuff in your system.
Now, properly secured and disclosed, it CAN be a valuable diagnostic tool, exactly as Carrier IQ asserts. The objection is that it wasn't properly disclosed, and the question on the floor is whether it is properly secured. Given the publicized video, it would seem to be leaning 70-30 against at this point.
Pot calling Kettle!
Pot calling the kettle black
That's the one thing I don't like about the Android platform, so much can get past, no one really knows what's going on. creators of cash making trojans are looking at this very closely as the new money maker.
Kane, you are right, how did it get so integrated without anyone knowing?
i'm lost, CIQ has also been used on iOS in some form, android is the most receptive to scrutiny being open source, so I don't see why you'd dislike the platform. You'll only be able to trust the device as much as you bother to scrutinise the software on it, if you don't want to read all the source and compile it and install it all yourself then you need to trust other people, but its an option. other platforms aren't so forthcoming.
as for software you install yourself, i don't see how android fare any worse than apple, or do you really place that much faith in apple's scrutiny of apps? i guess you could argue some scrutiny is better than none, and for most people that's correct, but its still overstating things a bit... the android market still takes down apps and the like...
Damage control at work
As much as I despise (honest) the whole rootkit approach I still give CarrierIQ the benefit of the doubt that they provided the software to the network operators and that's that. It could also explains their silence; its not uncommon that when delivering specific software requirements you're also under an obligation to keep your mouth shut about it.
And as fellow Reggers pointed out; we read another story as well.. Though don't be too hasty to point at Google here (IMO) because Android is an open platform. So I do see a possibility that carriers / operators worked their way "into" Android without the assist of Google.
Doesn't change the fact that I consider this (very) cheap propaganda. I would be /more/ impressed if Google started complaining to the carriers / operators who paid CarrierIQ to develop this rootkit for them and scold them for using it.
But that's not going to happen obviously.
Maybe YOU should read more often. The corp-spokes-liar says that CIQ captures keystrokes but that they they don't collect them through their own filter. But he also says that the CARRIER is the one who sets their own filtering policy. He makes no statement about what the carriers filter and collect. If the software captures it the carrier can collect it. You've misinformed yourself based on your own bias toward the corps and against the privacy critics.
Google doesn't make the handsets, only the OS. Firmware is produced by the carrier / manufacturer pair.
no surprise here
In other words, if some shady creeps are going to spy on you, it's going to be us.
Ciq eating googles lunch?
"so it's possible for people to build [evil] software"
and by "people" in this case he means "our carrier partners"...
Why then Mr Google,
when you type into google search box and observe the 'differences' in quasofasciistic autosuggests using obvious comparatives:
is eric schmidt g
is IT quite indicative of biases, occultings, distortions thus a subtle swaggery?
Cheif Search Site speaks with forked autocomplete.
If handlers decided on a whim say; a takedown order of an Idea like 'pants', 'the google machine' will unquestioningly down the pants forthwith, accepting a fee for downward delivery of said garment, distorting the view for most.
This offers great comfort and support to only a few.
Don't Be Evil....
....but feel free to do business with Dr. Evil, that's okay.
But didnt Schmidt also say...
...if you're doing stuff that you don't want anybody to know about, well maybe you shouldn't be doing it at all. (or something like that)
So I'm surprised he wasn't all for it, i.e. don't press any keys on your internet connected handset that you wouldn't be happy telling the world about!
Glenn Greenwald over at Salon.com on Her Clintonness on net freedom thingies.
A bit rich coming from a company whose entire income is from stealing privacy and selling it on. I really don't like Schmidt. He always speaks with forked tongue. It's typical that he should use Carrier IQ as a propaganda opportunity when Google goes far beyond Carrier IQ in collecting data and actually selling it.