Comment by dude123456
8 years ago
some of crapware can be avoided by using custom ROMs, but not all of it. For example: Qualcomm IZat location services and other location-based trustzone applets remain running even on custom ROMs.
8 years ago
some of crapware can be avoided by using custom ROMs, but not all of it. For example: Qualcomm IZat location services and other location-based trustzone applets remain running even on custom ROMs.
You seem to be quite familiar with Qualcomm, but do you know if there's anything similar in Mediatek SoCs? They do have assisted GPS ("A-GPS"/"EPO") but from the info I can find (including leaked very thorough datasheets and programming manuals), it does nothing more than downloading already-public ephemeris data from an FTP server periodically. I've also inspected the firmware, and there doesn't appear to be any traces of the TrustZone/Trustonic stuff that you mention is present for Qualcomm; AFAICS the only thing running on the main CPU cores is Android itself, the modem runs its own baseband firmware, and the GPS/WiFi/BT/FM combo chip (which is a physically separate part, accessed over a serial interface with no direct DMA capabilities) runs a third firmware. Any "secure boot" features in MTK SoCs are (fortunately?) not very secure, so it's all quite easy to inspect.
There's some bits of interesting info here:
https://github.com/cyrozap/mediatek-lte-baseband-re
https://postmarketos.org/blog/2018/04/14/lowlevel/
How is it sending the data though? if it's using mobile plans, wouldn't it be noticeable on the data usage plan? (or is it that manufacturers have agreements with carriers to not charge for it?)
> IZat location technologies use a network of cloud-based assistance servers that provide industry-leading location performance for any mobile device, on any network, in any environment.
https://www.qualcomm.com/products/izat
Location data is what, maybe 1kB per sample, including lots of overhead? 100 samples/day is 3MB/month. It's not going to affect your mobile data budget.
Some people do not have a mobile data plan. Using mobile data in such case would typically be rather expensive. Unexplained mobile data charges, however small, would raise questions.
1 reply →
This is my question too... nobody has explained this part.
>Qualcomm IZat location services
did a quick check, it's not on my phone (SD 820 SoC).
>other location-based trustzone applets remain running even on custom ROMs.
I have no doubt some proprietary blobs still remain on custom ROMs, but do those actually send back location data to the OEM?
You have a Qualcomm Snapdragon 820? Oh yes, IZat is definitively there, along with other interesting trustzone applets :)
It is running under QSEE (Qualcomm) and/or MobiCore (Trustonic) OS, which is separate from your Android OS. It is left untouched by custom ROMs.
While most of the terms there aren't Google-able (QSEE, MobiCore, trustzone applets, etc) the IZat page seems to almost boast about the core argument:
https://www.qualcomm.com/products/izat
Scroll down to "Cloud-Based Assistance" and "Built Right In."
I do not understand.
Even if there was a separate OS running in parallel with Android, how could it access the wireless-networks-based and satellite-based location data? I thought that access to these things is controlled by Android.
In other words, when I turn off e.g. satellite location data in Android, can IZat (which, according to your post, runs outside of Android) or other similar spyware keep secretly using it anyway? That would be quite worrying.
I suppose that the location data can be collected by sniffing the low-level communication between the radio device and Android kernel, provided that it has been enabled in Android first. But even then, how could this location data be transferred out of the device? Are these "parallel-running" OSs also able to somehow "tap into" Android's network layer and send the collected data out?
10 replies →
Are you sure? According to https://forum.xda-developers.com/android/software-hacking/ar..., they have corresponding apps running in the main OS as well.
what about exynos chips?
It uses these domains:
http://xtrapath1.izatcloud.net
http://xtrapath2.izatcloud.net
http://xtrapath3.izatcloud.net
I'm not sure what part of the OS is sending it, but it's definitely happening (and is block-able!)
> did a quick check
How? Thanks.
searched up the package name, and according to https://forum.xda-developers.com/android/software-hacking/ar..., it's installed at /system/priv-app/xtra_t_app, which was not on my phone.
Also noticed that most posts had mentions of IZat in their location settings, which my phone did not have (in lineageos or stock)
2 replies →
Hopefully this shows people how deep it is.
If all that is claim in here isn't conspiracy, how can it stay a secret? Isn't it the reason wikileaks was created in the first place?
It isn't a conspiracy, it is just unnoticed, I'd argue due to news fatigue.
Heck, it has a hompage. https://www.trustonic.com/solutions/trustonic-secured-platfo...
How is it a secret? We're talking about it right now.
1 reply →
I think the issue is that most people end up just thinking "so what? What can they do with it?" and only think "I'm not doing anything wrong" (hate that phrase and origin). The consequences of this type of thing may be apparent to tech people, but not most of the public.