50
What is xtrapath3.izatcloud.net, why does my phone connect to it? (endlesstalk.org)
submitted 1 year ago* (last edited 1 year ago) by AlbinJose1001@endlesstalk.org to c/privacyguides@lemmy.one
17 comments fedilink hide all child comments
top 17 comments
sorted by: hot top controversial new old
[-] Darkassassin07@lemmy.ca 31 points 1 year ago

https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker

[-] scarilog@lemmy.world 16 points 1 year ago

Tldr it's used to make initial GPS fix faster by getting satellite positioning information.

[-] FutileRecipe@lemmy.world 12 points 1 year ago

Not a fan of how they say "we didn't say it's a backdoor," but have "secretly share" in the URL and article title.

[-] Darkassassin07@lemmy.ca 11 points 1 year ago

A backdoor would imply some sort of external control I'd think, a much broader potential for harm.

Being able to command a device to send you info or perform tasks is different than the device sending info of its own accord.

[-] FutileRecipe@lemmy.world 7 points 1 year ago* (last edited 1 year ago)

A backdoor would imply some sort of external control I'd think...

Yes, technically a backdoor listens: https://csrc.nist.gov/glossary/term/backdoor

Being able to command a device to send you info or perform tasks is different than the device sending info of its own accord.

In this context, where it's implied to send without the owner's knowledge (ignoring the fact it's documented), not really. The article screams "gotcha!" when in reality it didn't, so they're trying to backtrack and downplay their initial response. But I do appreciate their update, it's just got a PR spin to it.

Edit: if the article was initially written as more of a "did you know" and/or expanding on existing documentation, wouldn't be an issue. It's the "it's secretly stealing" that implies malice which is part of the definition of malware... that'shares a category with backdoor. So splitting hairs in the name of PR.

[-] FiskFisk33@startrek.website 5 points 1 year ago

there is an important difference between sending data and accepting remote control

[-] macattack@lemmy.world 8 points 1 year ago

That's a good read, especially the additional context at the bottom of the article.

[-] supernicepojo@lemmy.world 21 points 1 year ago

After a quick search: Izatcloud is qualcomm extended satellite positioning, which may be a different version of GPS. But not entirely sure, here is a privacy related article about it. https://restoreprivacy.com/qualcomm-denies-unlawful-user-location-data-collection-on-phones/

[-] sduvick@mastodon.social 6 points 1 year ago

@AlbinJose1001 base host appears to be some location provider from Qualcomm? http://izatcloud.net/

[-] AlbinJose1001@endlesstalk.org 6 points 1 year ago* (last edited 1 year ago)

I don't know. My xiaomi device is making crazy amount of connections to.... Xiaomi.net, Xiaomi.com, Miui.com, idmb-app-chat-global-xiaomi10-407281533.ap-south-1.elb.amazonaws.com And now... xtrapath1.izatcloud.net

[-] bbbhltz@beehaw.org 6 points 1 year ago

As mentioned, this is a Qualcomm thing. Not exactly spyware, but probably not necessary either.

https://www.qualcomm.com/site/privacy/services

Qualcomm Location Service (formerly “IZat Location Services” or “IZat”) is technology offered by Qualcomm Technologies, Inc. in the U.S., QT Technologies Ireland Limited in countries within the European Economic Area, and Qualcomm CDMA Technologies (Korea) YH in the Republic of Korea (a.k.a. South Korea). Qualcomm Location Service may enable your device to determine its location more quickly and accurately – even when your device is unable to get a strong GPS signal.

Something like the UAD could disable it, or you could use Tracker Control to block it, or straight up use adb to disable it... But, it will run even if disabled.

The package is com.qualcomm.location so,

adb shell pm uninstall --user 0 com.qualcomm.location

will disable it, but it will always come back...

[-] lemann@lemmy.one 2 points 1 year ago

Removing it can cause a bootloop in some cases, likely something in the boot process is looking for it and reinstalling that app if missing. Google's play services recently started doing that with permissions that are revoked with root

Should be removable on a non-stock ROM though

[-] Cossty@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

I asked very similar question here.

https://lemmy.world/post/7424307

The address is diffrent because you have older phone.

[-] db2@sopuli.xyz 3 points 1 year ago

Is *.xtracloud.net related? I found it in my logs.

[-] asbestos@lemmy.world 7 points 1 year ago

Yes it absolutely is. It’s also Qualcomms.

[-] lemann@lemmy.one 3 points 1 year ago

Yes, it's the newer version of the two. OP has an older device

[-] AlbinJose1001@endlesstalk.org 2 points 1 year ago* (last edited 1 year ago)

Yeah, It's izatcloud.net related.

this post was submitted on 05 Nov 2023
50 points (100.0% liked)

Privacy Guides

16749 readers
1 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...

Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
jonah@lemmy.one
dngray@lemmy.one
freddy@lemmy.one
ninchuka@lemmy.one
jonah@lemmy.jonaharagon.net