Announcement

Collapse
No announcement yet.

Motorola smartphone users beware.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Motorola smartphone users beware.

    If you have a Motorola Android device, there is a good chance it is silently sending a great deal of your personal information (including email addresses and passwords) to Motorola.



    In June of 2013, I made an interesting discovery about the Android phone (a Motorola Droid X2) which I was using at the time: it was silently sending a considerable amount of sensitive information to Motorola, and to compound the problem, a great deal of it was over an unencrypted HTTP channel.
    Update 1 (2013-07-02 @ 05:30) - Android, the Droid X2, and Blur

    This article has gotten a lot more attention than I expected.

    A clarification I'd like to make (because there seems to be a lot of confusion about this) is that the Droid X2 does not use Motorola's "Blur"/"MotoBlur" user interface. That's one of the reasons I picked that model specifically back in 2011 - it seemed to be running something very close to the stock version of Android.

    The email client, web browser, text-messaging app, and so on look like the ones that were included on the G1 I had previously, which is about as close to "stock Android" as you can get with a carrier-installed OS. Based on my research, it seems that they've all been modified to silently send data to and/or through the Blur web-service back-end, but there's no indication to the user that this is the case unless they do the sort of network capture that I did. There is no prompt to create or use a Blur user ID - the phone uses a randomly-generated Blur account for all of the behind-the-scenes activity described below.

    I would be very interested in trying this same test with more recent Motorola phones, because there's definitely the perception out there that Blur has been phased out, and I think it's much more likely that it's just the UI on their phones that's been changed, as opposed to removing the underlying Blur functionality.

    If you're still unsure why I think this is a problem, ask yourself this: if you bought a desktop PC running Windows, then discovered two years later that the hardware manufacturer had installed modified versions of standard Windows software like Outlook Express and Internet Explorer which - without any indication to the user - sent your passwords to, and routed other traffic through servers owned by the PC manufacturer instead of connecting directly to the actual websites and mail servers, would you be OK with it? If not, then why are you when it's a phone instead of a desktop PC?
    Please read on from the link, but the short of it is, the vast majority of your user acct(s) info(login name/email, password,what you view....) is all passed through Motorola's servers w/out your explicit consent.

    It'd be nice if one of the more knowledgable folks, Ratt, Ceyko, Sgt Beavis... would comment on this and dumb it down more because a large portion of it is well beyond my knowledge.
    Last edited by Tx Redneck; 07-04-2013, 04:49 PM. Reason: Forgot part of the title.

  • #2
    None of the smart guys have any thoughts on this?

    Saved and Texan by the Grace of God, Redneck by choice.

    Comment


    • #3
      i have a motorola sitting at the house i want to get rid of, especially now.

      Comment


      • #4
        Originally posted by Tx Redneck View Post
        None of the smart guys have any thoughts on this?

        Saved and Texan by the Grace of God, Redneck by choice.
        I was given a Droid RAZR MAXX for work, I didn't get to pick it. I would have gone with Samsung or HTC if I had the option, but in the mean time there's nothing I can do about it right now.

        Comment


        • #5
          I wouldn't be surprised if it was more than Motorola doing this. They want to see what people do with their phones for marketing purposes, as well as who knows what other private information that I'd rather not think about.

          Comment


          • #6
            Originally posted by 90GT50 View Post
            I wouldn't be surprised if it was more than Motorola doing this. They want to see what people do with their phones for marketing purposes, as well as who knows what other private information that I'd rather not think about.
            Porn porn porn porn porn.

            Comment


            • #7
              Originally posted by Unicorn Jeff View Post
              Porn porn porn porn porn.
              This. It's not a smart phone, it's a mobile porn device.

              Comment


              • #8
                Wouldn't rooting and adding that IP to the hosts file eliminate the communication?

                Saved and Texan by the Grace of God, Redneck by choice.

                Comment


                • #9
                  Originally posted by Ratt View Post
                  This. It's not a smart phone, it's a mobile porn device.
                  I have an HTC sensation you can have. Its give or take two years old.

                  Comment


                  • #10
                    can i have it if he doesnt take it?
                    THE BAD HOMBRE

                    Comment


                    • #11
                      Originally posted by Craizie View Post
                      I have an HTC sensation you can have. Its give or take two years old.
                      That's the biggest POS phone that HTC has ever made. This is a work phone, they pay for it, so I'm keeping it. Thanks, though.

                      Comment


                      • #12
                        Yea, pretty concerning. Makes a case the you should never use their stock email or web clients. I'm fairly certain that Moto isn't the only one doing this. The fact that they do a lot of this unencrypted is even more bothersome.

                        In reality, the only way to avoid this is to get a old dumb phone with no GPS or with the real ability to switch GPS off. Sandboxing your apps with some sort of MDM or MAM might help but you need to insure your apps are encrypted.

                        Comment


                        • #13
                          Semi off topic. Apple users. Has anyone just randomly lost their contacts? Then call apple and they blame icloud? Mom and a friend so far has lost there shit.

                          Comment


                          • #14
                            Originally posted by Tannerm View Post
                            Semi off topic. Apple users. Has anyone just randomly lost their contacts? Then call apple and they blame icloud? Mom and a friend so far has lost there shit.
                            Don has had this happen on his ip4, but it's not due to icloud.

                            Saved and Texan by the Grace of God, Redneck by choice.

                            Comment


                            • #15
                              Originally posted by Tannerm View Post
                              Semi off topic. Apple users. Has anyone just randomly lost their contacts? Then call apple and they blame icloud? Mom and a friend so far has lost there shit.
                              This is why my backups remain on my computer and not the cloud.

                              Comment

                              Working...
                              X