Comment by gruez
8 years ago
>It's not just your cell carrier. Your cell phone chip manufacturer, GPS chip manufacturer, phone manufacturer and then pretty much anyone on the installed OS (android crapware) is getting a copy of your location data. Usually not in software but by contract, one gives gps data to all the others as part of the bill of materials.
so what's the flow here? is it something like this?: phone gps -> manufacturer installed crapware app -> crapware server -> (various third parties)
wouldn't this be mitigated if you use a custom ROM like lineageos?
some of crapware can be avoided by using custom ROMs, but not all of it. For example: Qualcomm IZat location services and other location-based trustzone applets remain running even on custom ROMs.
You seem to be quite familiar with Qualcomm, but do you know if there's anything similar in Mediatek SoCs? They do have assisted GPS ("A-GPS"/"EPO") but from the info I can find (including leaked very thorough datasheets and programming manuals), it does nothing more than downloading already-public ephemeris data from an FTP server periodically. I've also inspected the firmware, and there doesn't appear to be any traces of the TrustZone/Trustonic stuff that you mention is present for Qualcomm; AFAICS the only thing running on the main CPU cores is Android itself, the modem runs its own baseband firmware, and the GPS/WiFi/BT/FM combo chip (which is a physically separate part, accessed over a serial interface with no direct DMA capabilities) runs a third firmware. Any "secure boot" features in MTK SoCs are (fortunately?) not very secure, so it's all quite easy to inspect.
There's some bits of interesting info here:
https://github.com/cyrozap/mediatek-lte-baseband-re
https://postmarketos.org/blog/2018/04/14/lowlevel/
How is it sending the data though? if it's using mobile plans, wouldn't it be noticeable on the data usage plan? (or is it that manufacturers have agreements with carriers to not charge for it?)
> IZat location technologies use a network of cloud-based assistance servers that provide industry-leading location performance for any mobile device, on any network, in any environment.
https://www.qualcomm.com/products/izat
Location data is what, maybe 1kB per sample, including lots of overhead? 100 samples/day is 3MB/month. It's not going to affect your mobile data budget.
2 replies →
This is my question too... nobody has explained this part.
>Qualcomm IZat location services
did a quick check, it's not on my phone (SD 820 SoC).
>other location-based trustzone applets remain running even on custom ROMs.
I have no doubt some proprietary blobs still remain on custom ROMs, but do those actually send back location data to the OEM?
You have a Qualcomm Snapdragon 820? Oh yes, IZat is definitively there, along with other interesting trustzone applets :)
It is running under QSEE (Qualcomm) and/or MobiCore (Trustonic) OS, which is separate from your Android OS. It is left untouched by custom ROMs.
14 replies →
It uses these domains:
http://xtrapath1.izatcloud.net
http://xtrapath2.izatcloud.net
http://xtrapath3.izatcloud.net
I'm not sure what part of the OS is sending it, but it's definitely happening (and is block-able!)
> did a quick check
How? Thanks.
3 replies →
Hopefully this shows people how deep it is.
If all that is claim in here isn't conspiracy, how can it stay a secret? Isn't it the reason wikileaks was created in the first place?
4 replies →