Comment by pbasista
8 years ago
I do not understand.
Even if there was a separate OS running in parallel with Android, how could it access the wireless-networks-based and satellite-based location data? I thought that access to these things is controlled by Android.
In other words, when I turn off e.g. satellite location data in Android, can IZat (which, according to your post, runs outside of Android) or other similar spyware keep secretly using it anyway? That would be quite worrying.
I suppose that the location data can be collected by sniffing the low-level communication between the radio device and Android kernel, provided that it has been enabled in Android first. But even then, how could this location data be transferred out of the device? Are these "parallel-running" OSs also able to somehow "tap into" Android's network layer and send the collected data out?
Oh, sweet summer child ...
"Even if there was a separate OS running in parallel with Android, how could it access the wireless-networks-based and satellite-based location data? I thought that access to these things is controlled by Android."
There is a separate OS running in parallel with Android and it is running on the very hardware that makes the network connections to the cellular network that you are speaking of.
In fact there are two - the OS and software stack that run on the baseband processor and the OS and software (java apps) that run on your SIM card, which is a full blown computer with its own memory and processor, etc. In fact, your carrier can upload new java programs to your SIM card without your knowledge at any time.
Your final question is a good one - many (most ?) implementations give the baseband processor DMA to the main, application processor. So you are hopelessly owned. Deeply, profoundly, hopelessly owned.
True++ there are at least 4-5 OSes on Qualcomm with direct access to the Internet:
1. Linux Kernel / Android OS, running on main ARM CPU in "normal mode"
2. QSEE or Trustonic OS, running on main ARM CPU in "trusted execution environment" mode, in parallel with "normal mode"
3. OKL4 / REX Kernel + AMSS OS, running on the baseband CPU (modem)
4. SIM card processor, although it is very limited (typically 32k RAM) and acts only as a MITM for SMS's, not cellular data
5. The OS running on the Wi-Fi card
Do you happen to know if Apple phones are any better with regards to privacy?
Does anyone know of any smartphone projects where the circuits are designed to give the user's OS (usually GNU/Linux, but could be anything the user fancies if the bootloader's free) control over power to the baseband CPU, SIM card processor, and OS on the Wifi card? As far as I know, the Neo900 project is the only one attempting to allow the user's OS to control power to all those other ones.
1 reply →
Remember back when people got upset over Intel CPUs having a unique ID in them? Remember when people got upset over tracking pixels?
Since then, things went really bad, really fast, just no one noticed.
We noticed, but wailing and gnashing teeth doesn't achieve much. Unfortunately, without widespread education and outrage, nothing achieves much.
That's why I don't mind being "that guy" in social situations when these issues are brought up.
You seem flabbergasted so I wanted to directly answer your questions.
> how could it access the wireless-networks-based and satellite-based location data?
The OS is either running on the same hardware as Android or has the same direct hardware connections.
> I thought that access to these things is controlled by Android.
Only for things executing within Android. This is just a fancy UI - Android doesn't actually control the hardware.
> In other words, when I turn off e.g. satellite location data in Android, can IZat (which, according to your post, runs outside of Android) or other similar spyware keep secretly using it anyway?
Yes.
> I suppose that the location data can be collected by sniffing the low-level communication between the radio device and Android kernel, provided that it has been enabled in Android first.
You shouldn't think of it as between the radio device and Android but rather between the radio device and the CPU. A CPU that another OS can and is running on. Android is not special here.
> But even then, how could this location data be transferred out of the device?
The same way Android sends data out of the device. The OS asks the CPU asks the radio to transmit some data. Bog standard.
> Are these "parallel-running" OSs also able to somehow "tap into" Android's network layer and send the collected data out?
Yeah but like I said its not Android's network layer. Android is a guest on top of the system just like any other OS running.
Most cellular devices have a Baseband processor with RTOS or run a hypervisor that runs a RTOS and your phone's operating system.
These OS images are untouched by your custom ROM because they're black box.
https://en.wikipedia.org/wiki/Baseband_processor
The SIM card is a separate OS that gets underneath the SOC's OS. It can run its own applets without the knowledge or permission of the SOC OS.
https://www.youtube.com/watch?v=31D94QOo2gY
The baseband is a completely different RTOS as well. And then there's also TrustZone running in the SOC as well.