Is Your Phone Secretly Listening to You?

nivek

As Above So Below
These Academics Spent the Last Year Testing Whether Your Phone Is Secretly Listening to You

joo04fr24jnma45eq6vy.png


It’s the smartphone conspiracy theory that just won’t go away: Many, many people are convinced that their phones are listening to their conversations to target them with ads. Vice recently fueled the paranoia with an article that declared “Your phone is listening and it’s not paranoia,” a conclusion the author reached based on a 5-day experiment where he talked about “going back to uni” and “needing cheap shirts” in front of his phone and then saw ads for shirts and university classes on Facebook.

Some computer science academics at Northeastern University had heard enough people talking about this technological myth that they decided to do a rigorous study to tackle it.

For the last year, Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson, and David Choffnes ran an experiment involving more than 17,000 of the most popular apps on Android to find out whether any of them were secretly using the phone’s mic to capture audio. The apps included those belonging to Facebook, as well as over 8,000 apps that send information to Facebook.

Sorry, conspiracy theorists: They found no evidence of an app unexpectedly activating the microphone or sending audio out when not prompted to do so.

Like good scientists, they refuse to say that their study definitively proves that your phone isn’t secretly listening to you, but they didn’t find a single instance of it happening. Instead, they discovered a different disturbing practice: apps recording a phone’s screen and sending that information out to third parties.

Of the 17,260 apps the researchers looked at, over 9,000 had permission to access the camera and microphone and thus the potential to overhear the phone’s owner talking about their need for cat litter or about how much they love a certain brand of gelato. Using 10 Android phones, the researchers used an automated program to interact with each of those apps and then analyzed the traffic generated. (A limitation of the study is that the automated phone users couldn’t do things humans could, like creating usernames and passwords to sign into an account on an app.) They were looking specifically for any media files that were sent, particularly when they were sent to an unexpected party.

ujiegcavajw5tqazf4qi.jpg

These phones played with thousands of app to see if they could find one that would secretly activate their microphone

The strange practice they started to see was that screenshots and video recordings of what people were doing in apps were being sent to third party domains. For example, when one of the phones used an app from GoPuff, a delivery start-up for people who have sudden cravings for junk food, the interaction with the app was recorded and sent to a domain affiliated with Appsee, a mobile analytics company. The video included a screen where you could enter personal information—in this case, their zip code.

This wasn’t a total surprise: Appsee proudly touts its ability to record what users are doing in an app on its website. What bothered the researchers was that it wasn’t evident to the user that their behavior was being recorded, something which wasn’t disclosed in GoPuff’s privacy policy. After the researchers contacted GoPuff, it added a disclosure to the policy acknowledging that “ApSee” might receive users PII. “As an added precaution, we also pulled Appsee SDK from the latest Android and iOS builds,” said the start-up’s spokesperson by email.

Appsee meanwhile, claims that it was GoPuff that screwed up. Appsee’s CEO Zahi Boussiba told me that his company’s terms of service “clearly state that our customers must disclose the use of a 3rd party technology, and our terms forbid customers from tracking any personal data with Appsee.” He said their customers can blacklist sensitive parts of their app to prevent Appsee from recording it, and pointed out that a number of Appsee competitors also offer “full-session replay technology” for both iOS and Android apps.
In this case it appears that Appsee’s technology was misused by the customer and that our Terms of Service were violated,” said Boussiba in an email. “Once this issue was brought to our attention we’ve immediately disabled tracking capabilities for the mentioned app and purged all recordings data from our servers.
Appsee wasn’t entirely blameless, though, said a spokesperson for Google, who runs the Play Store through which people get Android apps.

A Google spokesperson said by email:
We always appreciate the research community’s hard work to help improve online privacy and security practices. After reviewing the researchers’ findings, we determined that a part of AppSee’s services may put some developers at risk of violating Play policy. We’re working closely with them to help ensure developers appropriately communicate the SDK’s functionality with their apps’ end-users.
The Google Play policy says you must disclose to users how their data will be collected.

GoPuff used Appsee to help optimize performance of its app, so the recording wasn’t unexpected on the company side, but it’s concerning that a third party can record your phone screen with no notice to you. It illustrates the ease with which a malicious actor could potentially steal information from your phone. A screenshot or video of app interaction could capture private messages, personal information, or even passwords being entered, as many apps show the letter inputted before changing it to a black asterisk.

In other words, until smartphone makers notify you when your screen is being recorded or give you the power to turn that ability off, you have a new thing to be paranoid about.

The researchers will be presenting their work at the Privacy Enhancing Technology Symposium Conference in Barcelona next month. (While in Spain, they might want to check out the country’s most popular soccer app, which has given itself permission to access users’ smartphone mics to listen for illegal broadcasts of games in bars.)

The researchers weren’t comfortable saying for sure that your phone isn’t secretly listening to you in part because there are some scenarios not covered by their study.

Their phones were being operated by an automated program, not by actual humans, so they might not have triggered apps the same way a flesh-and-blood user would. And the phones were in a controlled environment, not wandering the world in a way that might trigger them: For the first few months of the study the phones were near students in a lab at Northeastern University and thus surrounded by ambient conversation, but the phones made so much noise, as apps were constantly being played with on them, that they were eventually moved into a closet. (If the researchers did the experiment again, they would play a podcast on a loop in the closet next to the phones.)

It’s also possible that the researchers could have missed audio recordings of conversations if the app transcribed the conversation to text on the phone before sending it out. So the myth can’t be entirely killed yet.

The level of paranoia people feel about their phones is understandable.

We have on our persons at almost all times a little device with myriad sensors that can potentially monitor our behavior. The uncanny accuracy of the ads you see, though, almost certainly isn’t the result of the phone literally eavesdropping on you; it’s a combination of good targeting based on the amount of your digital and real world behavior that is captured via apps, along with the fact that you aren’t as unique as you think you are.

Advertisers know what you’re talking about because other people like you are talking about the same things and buying the same things.

.
 

Black Angus

Honorable
We had a news presenter here recount his experience, and it would seem his phone did use geolocation to target him for adverts. And it would seem it also knew he had a young child about to enter school age.

He suddenly started getting ads for a boys school that was on his daily drive to work, just as his son got to the age he might need a school.

He seemed to think it was targeted and was a little freaked out by it
 

Black Angus

Honorable
Your Phone Is Listening and it's Not Paranoia

With this in mind, I decided to try an experiment. Twice a day for five days, I tried saying a bunch of phrases that could theoretically be used as triggers. Phrases like I’m thinking about going back to uni and I need some cheap shirts for work. Then I carefully monitored the sponsored posts on Facebook for any changes.

The changes came literally overnight. Suddenly I was being told mid-semester courses at various universities, and how certain brands were offering cheap clothing. A private conversation with a friend about how I’d run out of data led to an ad about cheap 20 GB data plans. And although they were all good deals, the whole thing was eye-opening and utterly terrifying.

The phones do listen, they are listening for keywords like Hey siri or OK google. so yes they are listening.

And it seems that sometimes they do act on what they hear to target you with ads.

What i find funny is Apple's clever trick to use facial recognition to unlock a phone.
Remember a few years back when they had this stoush with law enforcement refusing to unlock a criminals phone ?
They refused because violating a customers privacy was bad for their image. Law enforcement wasnt happy.

Unlocking the new ones is now as easy as holding up the phone and saying is this yours ? Bingo its unlocked.
 

nivek

As Above So Below
We had a news presenter here recount his experience, and it would seem his phone did use geolocation to target him for adverts. And it would seem it also knew he had a young child about to enter school age.

He suddenly started getting ads for a boys school that was on his daily drive to work, just as his son got to the age he might need a school.

He seemed to think it was targeted and was a little freaked out by it

A friend once told me he thought his phone was turning on the location service on its own without his permission, he said when he took a picture it would upload his picture to the google map service...

...
 

Black Angus

Honorable
A friend once told me he thought his phone was turning on the location service on its own without his permission, he said when he took a picture it would upload his picture to the google map service...

...

Yeah they are insidious things, and they have the potential to be even worse.

Its rather funny, years ago there was a public outcry over the "Australia card"

The Australia Card was a controversial proposal for a national identification card for Australian citizens and resident foreigners. The proposal was made in 1985, and abandoned in 1987.
Australia Card - Wikipedia

Civil rights groups were outraged, they protested in the street," this is a gross invasion of our privacy."

Years later people are camping out overnight in lines that go around the block to buy the newest phones, that track their every move, and listen in on them......

Genius.
 

nivek

As Above So Below
The phones do listen, they are listening for keywords like Hey siri or OK google. so yes they are listening.

Well to be fair phones are not always listening like that, my phone does not listen for me to say OK Google because I have that feature turned off but all I have to do is hit one button and the voice activation comes on... I do not keep voice activation on all the time on my phone and the same goes for my tablet...

...
 

nivek

As Above So Below
I've stopped carrying it around all times. I'm detached... and cannot be reached, lol

I don't carry mine all the time when I'm out hiking and working around the house, it sits in one place until I decide to get it lol...If I go drive anywhere I take it or going in to town on business...

...
 

Black Angus

Honorable
Well to be fair phones are not always listening like that, my phone does not listen for me to say OK Google because I have that feature turned off but all I have to do is hit one button and the voice activation comes on... I do not keep voice activation on all the time on my phone and the same goes for my tablet...

...

Law enforcement can activate it if they need to.

Even if you power off your cell phone, the U.S. government can turn it back on.
That's what ex-spy Edward Snowden revealed in last week's interview with NBC's Brian Williams. It sounds like sorcery. Can someone truly bring your phone back to life without touching it?


No. But government spies can get your phone to play dead.

It's a crafty hack. You press the button. The device buzzes. You see the usual power-off animation. The screen goes black. But it'll secretly stay on -- microphone listening and camera recording.

The average citizen has little to fear, and you can get around this if you are really worried about it.

Queensland parliament has passed new terror laws which would give police the power to remotely turn your phone, computer or even your smart fridge into a surveillance device.
QLD Passes Laws To Turn Your Fridge Into Police Surveillance Device

At the end of the day the function to listen in on you is built into these devices, Its nothing new.
The old fashioned land line phones could also be turned into listening devices if the Police wanted to.


Even back in the 80's Australian Telecom had the ability to listen for keywords on land lines and flag the numbers at either end of that conversation for the Australian federal Police.
 

Black Angus

Honorable
Your devices' latest feature? They can spy on your every move

And it’s not just law enforcement overreach we have to worry about. Technologies like Finspy are commercially available today to install malware on your computer or phone and “recruit” it to spy on you. Such technologies could be used by anyone, including the “bad actors,” without the cooperation of your device manufacturer or service provider.

The FBI was already using a cellphone microphone to eavesdrop on organized crime as long as a decade ago. Commercial interests are not too far behind in doing much the same, with the purpose of targeting a better sales pitch.

The company is warning people as part of its privacy policy that anything they say around their new television will be "among the data captured and transmitted to a third party" because of a voice recognition feature.

Viewers warned new Samsung TVs 'listen in' on users

It’s Not Just Your TV Listening In To Your Conversation
 
Top