this post was submitted on 25 Apr 2023
18 points (100.0% liked)

Technology

37730 readers
760 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Affected smart phones are Sony Xperia XA2 and likely the Fairphone and many more Android phones which use popular Qualcomm chips. The data is sent without user consent, unencrypted, and even when using a Google-free Android distribution. This is possible because the Qualcomm chipset itself sends the data, circumventing any potential Android operating system setting and protection mechanisms.

you are viewing a single comment's thread
view the rest of the comments
[–] Hirom@beehaw.org 9 points 2 years ago* (last edited 2 years ago) (2 children)

Has anyone ~~else replicated it? or~~ have more specific information on affected phone&chips?

I tested with an Android phone that has a Qualcomm chip, but didn't see any DNS query for izatcloud.net. My test involved monitoring wifi traffic using a separate device, rebooting the android device, and disabling/enabling wifi a couple times.

This post include a few plugs for the NitroPhone (which is unaffected), and appear on the NitroPhone's vendor website. I wonder if they're overstating how widespread the issue is, which would benefit their device's marketing.

Update: found a couple fairphone forum threads that confirm the issue, and give more details.

[–] rysiek@szmer.info 12 points 2 years ago (1 children)

Looks like it's less suspicious (but still crap):
https://mstdn.social/@larma@mastodon.social/110260142005927299

  • IZAT/XTRA is Qualcomm's alternative to Google's network location system. It's entirely running in userspace, not in firmware. Its configuration and proprietary client library can be found on the /vendor partition of many qualcomm devices that run LineageOS or derivatives and is considered by LineageOS to be part of the device specific proprietary vendor blobs that need to be included for a fully functional system (even if it's typically possible to run without it).
[–] Hirom@beehaw.org 6 points 2 years ago

Good to know. Userspace means there's some hope of disabling this, possibly without root.