Affected smart phones are Sony Xperia XA2 and likely the Fairphone and many more Android phones which use popular Qualcomm chips. The data is sent without user consent, unencrypted, and even when using a Google-free Android distribution. This is possible because the Qualcomm chipset itself sends the data, circumventing any potential Android operating system setting and protection mechanisms.

  • rysiek@szmer.info
    link
    fedilink
    arrow-up
    12
    ·
    2 years ago

    Looks like it’s less suspicious (but still crap):
    https://mstdn.social/@larma@mastodon.social/110260142005927299

    • IZAT/XTRA is Qualcomm’s alternative to Google’s network location system. It’s entirely running in userspace, not in firmware. Its configuration and proprietary client library can be found on the /vendor partition of many qualcomm devices that run LineageOS or derivatives and is considered by LineageOS to be part of the device specific proprietary vendor blobs that need to be included for a fully functional system (even if it’s typically possible to run without it).
    • Hirom@beehaw.org
      link
      fedilink
      arrow-up
      6
      ·
      2 years ago

      Good to know. Userspace means there’s some hope of disabling this, possibly without root.