No, your smartphone is not listening to your conversations

By Cal Jeffrey · 26 replies
Jul 3, 2018
Post New Reply
  1. As conspiracy theories go, the line of reason that we are carrying around a device that records our every conversation probably comes up more often in tech forums than it should. Some laugh it off, while others are entirely convinced that phone makers and third-party apps are spying on us through the microphone. There is even some evidence that companies are at least thinking about doing this.

    This belief is further fueled by the occasional non-scientific “study” put out by magazines like this one from Vice, which purports that purposely placed keywords over the course of five days produced Facebook ads for those keywords. Not to deny the author his hard work and research, but the methodology used was anything but scientific.

    With the overall lack of real proof through valid scientific inquiry, researchers at Northeastern University decided to conduct a study to determine if there was any evidence to validate this “live mic” theory. Their paper titled "Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications" details how for one year, Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson, and David Choffnes conducted an experiment using more than 17,000 popular Android apps including Facebook and about 8,000 other apps that send information to the mega-powerful social media platform.

    Their goal: To see if any apps quietly recorded audio and sent it off to third-party servers.

    Their conclusion: Not only did none of the apps send out any audio files, none of them even activated the microphone without first being prompted to do so.

    According to Gizmodo, “Like good scientists, they refuse to say that their study definitively proves that your phone isn’t secretly listening to you, but they didn’t find a single instance of it happening.”

    Even though none of the apps used the microphone without prompting, over 9,000 of the 17,260 apps had permission to access the cameras and mics of the devices.

    "They found no evidence of an app unexpectedly activating the microphone or sending audio out when not prompted to do so."

    What was even more astonishing, however, was that some apps were found to be taking screenshots and screen recordings and sending them out from the device to third-party domains. The researchers gave an example using an app called GoPuff, which is a snack delivery service.

    When their automated systems used GoPuff, the screen interactions were captured and sent to a mobile analytics firm called Appsee. They said that the video that was sent out “included a screen where you could enter personal information —in this case, [the] zip code.”

    This feature of recording screen sessions is one that Appsee brags about on its website. Many apps use this feature for marketing purposes, and the researchers didn’t really find fault with that in and of itself. What bothered them was that the app did not make clear that it was doing this and that it happened to be recording personally identifiable information (PII).

    The scientists contacted GoPuff about it, which immediately changed its privacy disclosure to say, “AppSee [sic] might receive users’ PII.”

    They also contacted Appsee, which claimed that their SDK can “blacklist sensitive parts of the app to prevent [the SDK] from recording it.” Appsee insisted that GoPuff was at fault in this matter in that it did not blacklist that screen nor did it disclose the use of screen recording. Company CEO Zahi Boussiba told the researchers that this was a violation of its ToS.

    “[Appsee’s terms of service] clearly state that our customers must disclose the use of a 3rd party technology, and our terms forbid customers from tracking any personal data with Appsee,” he said.

    Boussiba claims that once they were notified of the violation, they disabled tracking from the GoPuff app and “purged” its servers of the recorded data.

    "We always appreciate the research community’s hard work to help improve online privacy and security practices." — Google

    The researchers also reached out to Google regarding GoPuff and Appsee. After reviewing the study, Google has decided that Appsee’s technology may be causing some developers to inadvertently violate Play policies, which state that developers must disclose when and how user data is collected.

    “We’re working closely with [Appsee] to help ensure developers appropriately communicate the SDK’s functionality with their apps’ end-users,” said the spokesperson.

    The long and the short of the study is that while we are not necessarily being listened to, it doesn’t mean we are not still being spied on — something which we all have been made well aware of in the last year.

    Permalink to story.

     
    Last edited by a moderator: Jul 3, 2018
  2. psycros

    psycros TS Evangelist Posts: 2,181   +1,714

    "Even though none of the apps used the microphone without prompting, over 9,000 of the 17,260 apps had permission to access the cameras and mics of the devices."

    Over 9000??!!!
     
  3. seeprime

    seeprime TS Maniac Posts: 233   +210

    It's not listening ....but it may be WATCHING YOU! Stop scaring me!!
     
  4. davislane1

    davislane1 TS Grand Inquisitor Posts: 5,208   +4,319

    Calling BS. I've had face-to-face conversations with people only to have related ads served literal minutes or hours later, absent any other indication I'd be interested in those products (no search history, previous purchases, etc).

    They listen and they watch. Everyone knows this.
     
    Abraka, Branoli, Agnomen and 6 others like this.
  5. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 10,489   +4,353

    And we are to take this as truth? Where is my grain of salt!
     
    SirChocula likes this.
  6. pawel04

    pawel04 TS Booster Posts: 70   +83

    Yep im with you on that one. Me and my friend did a similar 'non-scientific' test with his phone regarding a trip to a random place hed never think of going to, later that day he was receiving adds on where to stay there.
     
    Last edited: Jul 4, 2018
    SirChocula, Branoli, FPSChris and 4 others like this.
  7. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 10,489   +4,353

    That is location which is not relevant to mic and camera misuse.
     
  8. BSim500

    BSim500 TS Evangelist Posts: 483   +856

    Thing is, so many people are reporting the same pattern that "quantity starts to become a quality in itself". I also think some people are missing the point with "burden of proof". "Innocent until proven guilty" works for justice systems, but for serious security audits it's more about "assume non-trust until trust can be verified then white-list" rather than relying on a laughable "faith based permissions + black-list" when the bad apps that need blacklisting run into literally tens of thousands with hundreds springing up per day - such a scale that realistically entire smartphone app stores are virtually compromised by design. In short - it's not up to us or IT "studies" to prove apps are doing something nefarious, it's up to app devs to guarantee that they aren't before they should even be allowed on any app store. Of course the obvious sticky issue is Google is an advertising company, so...
     
    Cal Jeffrey, Reachable and Reehahs like this.
  9. Jamlad

    Jamlad TS Addict Posts: 163   +140

    When I read the headline my first thought was: interesting! I wonder how they're doing it? Leads attached to the microphone terminals? No, mics are passive devices that are always converting sound into voltage. Maybe they're tapping the ADC channels?

    I'll admit I only skimmed the paper methodology but it seems they're using software to analyze software.

    I'm less concerned about scummy app devs farming my data for few extra cents and more about alphabet soup agencies and a creeping Staasi state. Yes, I like my windows to have curtains, my mail to have envelopes, and my conversations to be private.
     
    Cal Jeffrey and JaredTheDragon like this.
  10. pawel04

    pawel04 TS Booster Posts: 70   +83

    Sorry I thought given the topic, it was obvious I was referring to the microphone. What I meant though is that we only spoke about the location between ourselves and then the adverts were served.
     
  11. Uncle Al

    Uncle Al TS Evangelist Posts: 4,164   +2,637

    And let's not forget the Stingray technology that law enforcement is illegally using in every state in the union. Why the ACLU had not pushed this case to the Supreme Court is baffling but the practice is purely a tactic directly out of the KBG ..... thank you comrade's Bush, Obama, & Trump!
     
  12. Kibaruk

    Kibaruk TechSpot Paladin Posts: 3,544   +1,069

    If you read further, you would see how they are getting much more information than just if a mic is open or not, they are looking into the logs of the phone itself, connections and so on, there is not much point of recording something if it's not going anywhere, right?

    What you are suggesting on the other hand, is that somehow the mobile phone converts into an analog phone when connected to the AC and sending "fax" messages over to other instances? Don't you think it's too much lol (Although not completely unfeasible...).
     
  13. Edito

    Edito TS Booster Posts: 82   +19

    I think sometimes the smartphone listens to our conversations, I experienced first hand...

    I went to Amsterdam with my wife, our annual vacation :) and we were searching for laundry services near by because our hotel didn't have it... we were talking about it like "Ok tomorrow we will go search for it and this and that...""

    and believe me I started seeing laundry service ads on the pages I usually visit I commented with my wife like yo check this out...

    So yeah sometimes it happens I experienced it myself.
     
    treetops and MaXtor like this.
  14. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 10,489   +4,353

    Ahh.
     
    pawel04 likes this.
  15. hood6558

    hood6558 TS Evangelist Posts: 352   +109

    With all our lives on video/audio logs, targeted advertising is small potatoes. The real money will be in targeted blackmail. Anyone doing wrong would have to pay a monthly fee for silence, with size of fee depending on severity of crime. Try the new Google Bmail, the convenient app for all your hush money payments.
     
    Edito likes this.
  16. thelatestmodel

    thelatestmodel TS Addict Posts: 141   +59

    100% BS. Couldn't find it doesn't mean it isn't happening. It does happen, we can all see it happening.
     
    JaredTheDragon likes this.
  17. treetops

    treetops TS Evangelist Posts: 2,219   +337

    I saw a Unicorn in a dream a few years ago, I told my girlfriend and some family about it. Sure enough Unicorn based games showed up as ads on my phone. My girlfriend used to have a facebook app called bitstrip, one night we were talking about what to have for dinner, we decided on spaghetti, I was going to be the cook. Bitstrips new comic suggestion showed me cooking spaghetti while my gf watched tv. Another night we had an argument, the top suggested strip showed me in a big boiling witches cauldron, my gf was stirring it, with a caption "looks like (my name) is in hot water". We deleted the creepy app.

    Could be all coincidence, but I doubt it. Snowden showed us the NSA has a record of every email, text and web search we have ever conducted. The NSA can also listen to your phone calls without a court order. All the experts of time said it wasn't happening then Snowden proved it......
     
  18. JaredTheDragon

    JaredTheDragon TS Guru Posts: 402   +267

    Alphabet and Apple and even Microsoft developed these devices ultimately to gather information and track everyone - all the benefits and usefulness and camera fun are basically marketing ploys. These companies are not interested in selling products, despite their (alleged) profits. They exist to spy on us first and foremost, just like Facebook and other apps and sites do. Allegations that agencies such as the FBI don't have access to all our stuff already (such as the San Bernardino situation) are just marketing spin. All they had to do was call over to Virginia to get access, at the very most.
     
    Edito likes this.
  19. iamcts

    iamcts TS Member Posts: 60   +22

    Holy moly. This thread is amazing. Don't forget to put your tinfoil hats and suits on when you leave the house today!
     
    Cal Jeffrey likes this.
  20. p51d007

    p51d007 TS Evangelist Posts: 1,563   +889

    What's hard for me to believe, is that people are JUST NOW figuring out, that the phone "might"
    be spying on you.
    You think a free OS, free apps are free just because of the good heart of the developers?
    The minute you turn these things on, and agree to the TOS (or they won't work), you give
    them pretty much all your rights to privacy.
    Now, people are getting upset?
     
    Berty Boy, JaredTheDragon and Branoli like this.
  21. JaredTheDragon

    JaredTheDragon TS Guru Posts: 402   +267

    The neat thing about tin foil hats - they always fit.
     
    Cal Jeffrey likes this.
  22. Abraka

    Abraka TS Booster Posts: 151   +44

    Did the author of the article just delete my comment? Wow. Censorship is strong in him. Will you delete all the other comments that call BS on this article?
     
  23. Cal Jeffrey

    Cal Jeffrey TS Evangelist Topic Starter Posts: 1,168   +303

    I did not delete any comments from this thread. Perhaps a moderator did, but I'm not seeing record of that either. TS will not delete comments usually unless they are inflammatory ad hominem attacks that add nothing to the discussion. Even in those instances, I can see a record of the deletion. In this thread there have been no deleted comments, so perhaps you just forgot to hit Post.
     
  24. mailpup

    mailpup TS Special Forces Posts: 7,240   +535

    I did for ad hominem comments.
     
  25. sasat

    sasat TS Enthusiast Posts: 35   +20

    100% BS
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...