Technology

37716 readers

392 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

alyaza@beehaw.org

TheRtRevKaiser@beehaw.org

gyrfalcon@beehaw.org

rs5th@beehaw.org

Los@beehaw.org

coldredlight@beehaw.org

SemioticStandard@beehaw.org

TheRtRevKaiser@kbin.social

remington@beehaw.org

Smartphones With Popular Qualcomm Chip Secretly Share Private Information [LOW QUALITY ARTICLE - PLE (www.nitrokey.com)

submitted 2 years ago* (last edited 2 years ago) by tardigrada@beehaw.org to c/technology@beehaw.org

16 comments fedilink hide all child comments

Affected smart phones are Sony Xperia XA2 and likely the Fairphone and many more Android phones which use popular Qualcomm chips. The data is sent without user consent, unencrypted, and even when using a Google-free Android distribution. This is possible because the Qualcomm chipset itself sends the data, circumventing any potential Android operating system setting and protection mechanisms.

you are viewing a single comment's thread
view the rest of the comments

[–] Hirom@beehaw.org 9 points 2 years ago* (last edited 2 years ago) (1 children)

Has anyone ~~else replicated it? or~~ have more specific information on affected phone&chips?

I tested with an Android phone that has a Qualcomm chip, but didn't see any DNS query for izatcloud.net. My test involved monitoring wifi traffic using a separate device, rebooting the android device, and disabling/enabling wifi a couple times.

This post include a few plugs for the NitroPhone (which is unaffected), and appear on the NitroPhone's vendor website. I wonder if they're overstating how widespread the issue is, which would benefit their device's marketing.

Update: found a couple fairphone forum threads that confirm the issue, and give more details.

Forum post “Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker” on April 25 2023 where an user notice queries for izatcloud.net in his pihole logs "at night". This would explain why my short test during the day didn't catch this.
Forum post "Telemetry, Spyware, list of privacy threats on FP3 Android 9" on Dec 19 2019, that links izatcloud.net to a GPS system app.

[–] rysiek@szmer.info 12 points 2 years ago (1 children)

Looks like it's less suspicious (but still crap):
https://mstdn.social/@larma@mastodon.social/110260142005927299

IZAT/XTRA is Qualcomm's alternative to Google's network location system. It's entirely running in userspace, not in firmware. Its configuration and proprietary client library can be found on the /vendor partition of many qualcomm devices that run LineageOS or derivatives and is considered by LineageOS to be part of the device specific proprietary vendor blobs that need to be included for a fully functional system (even if it's typically possible to run without it).

[–] Hirom@beehaw.org 6 points 2 years ago

Good to know. Userspace means there's some hope of disabling this, possibly without root.