If anyone here is wanting a guide on how to disable 'computrace agent' the rootkit that appears on all high end EE supplied devices, let me know and I will post a guide.

Before I disabled it, it was causing high battery drain, reverting some settings and slowing down my access to "usage data" stats in android.

Users on XDA have also reported it sending encrypted sms messages to carriers.

Rootkit? Really!? Really!?

Custom firmware maybe but are you accusing EE of putting malware on your phone?

*black helicopters whoosh overhead*

It wouldn't be unheard of, the US networks were caught out with "carrierIQ" and special means to restrict tethering on their phones without payment

Yes to deliver the service, because as we know from people here, they cheat and don't stick to the terms they signed up to. People want to have unlimited handset data and the carriers know it is popular, but some try and get data for all their services without paying for it. Installing firmware that prevents tethering is understandable and again isn't malware.

Making allegations about carriers putting in a rootkit? Really?

carrierIQ wasn't about tethering restriction though - it was more about being able to snoop on a handset's user.

You may have a point, but tethering restriction should be something that is enforced at network level, not by modifying a user's phone


http://www.engadget.com/2011/12/01/c...t-you-need-to/ for Carrier IQ - I think something that can track keystrokes, intercept messages, and more is pretty bad, don't you?

I'm not saying that this is what EE are doing, I'm simply saying that the idea is not so farfetched and that the US networks seem to have done it

Computrace appears to be some sort of anti-theft software. http://forum.xda-developers.com/note...nsent-t3113309 suggests that it is installed by Samsung, not EE though. Worrying either way, and makes me glad I stick to Nexus devices

I'm not saying bad things never happen, just that this is quite a claim to make.

OP - do you have a screenshot showing this using battery or any evidence of it doing anything harmful or unwanted, all SMS is encrypted by the way and without knowing more information I think we're jumping to conclusions calling it Rootkit.

I classify it as a rootkit.

Anyway its the computrace agent they activate which they can use to block phones that are stolen or sold within the first 6 months (whilst EE still own the phone).

My phone has never been blocked, but I didnt like the behaviour so I disabled it.

Its not hard to do a bit of googling to find out more before deciding to post sarcastic comments, there is even discussions on the EE forum about it.

Well yeah, basically all I did was check the battery data in android, and computrace agent was at the top. It wasnt always draining battery, it seemed to occur on and off for me personally. Did I make a screenshot, I dont think so but I will check and post it if I did. You see on other forums such as XDA, people arent loyal to companies and dont accuse posters of lieing, they take your word for it.

Here is a thread of evidence of the encrypted sms messages.

http://forum.xda-developers.com/note...nsent-t3113309

Also the weird behaviour when I was checking my data usage (weird 30 sec lag) and my "restrict background usage" kept been reverted to the allowed state until I disabled computrace agent.

Yeah the service that controls it is on all modern touchwiz firmwares, but EE is the only EU carrier I am aware of that activates it. Users from other EU carriers have reported computrace agent been activated after installing EE firmware's. Computrace agent is seperate to the hidden samsung service.

When the device is booted the hidden samsung service will protect and restore missing files in the /persdata/absolute/ folder.

I am not loyal to EE, not even a customer, to claim Rootkit are being put into your phone is a bit mad when it seems a single legitimate process has been put in by the manufacturer and enabled by your carrier.

Definition of a rootkit is something designed to preserve itself and be hidden from the user with root privileges. It doesnt matter who put it there.

Flashing network supplied phones with either the UK or European generic firmware is an absolute must for me. My G3 had a Vodafone splash screen that drove me crazy.

http://dictionary.reference.com/browse/rootkit?s=t

and? .

I think he is agreeing with you as that is exactly the definition of what you described.

No I'm not agreeing if you looks at most definitions of its malware backdoors or malicious. Just Google it.

As this is legitimate and installed by a reputable company (all be it the OP doesn't want it ) I don't class it as a rootkit.

Agreed. The two words there are "malicious" and "unauthorised".
The software on the phone is not malicious nor it is unauthorised.
Therefore it cannot be a rootkit.

if you are one of those who doesn't like this kind of thing then that's fine. It's your right to not like it. Not taking sides. Everyone is different. But just because you don't like it doesn't make it a rootkit.

You find Computrace in many BIOSes on corporate grade laptops from Dell, Lenovo and HP.

This is actually useful to know. Thanks.