In context: Does your smartphone listen to your conversations via the microphone? Whether it is by the government or advertisers, it is a conspiracy theory that many people believe is true - that our phones are always on and always on the go. According to a new study, this theory is false, but it found another concern.
With regard to conspiracy theories, the line of reason we carry around a device that records all of our conversations probably appears more often in technical forums than it should. Some laugh, while others are quite convinced that phone manufacturers and third party applications are spying on us through the microphone. There is even evidence that companies are thinking at least about doing it.
This belief is further fueled by the occasional unscientific "study" published by magazines such as Vice's, which claims that the express keywords placed over the course of five days produced Facebook ads for those words -clés. Do not deny the author his hard work and his research, but the methodology used was anything but scientific.
Due to the lack of real evidence by a valid scientific investigation, researchers at Northeastern University decided to conduct a study to determine if there was evidence to validate this theory of "micro life". Their article titled "Panoptispy: Characterizing the Audio and Video Exfiltration of Android Apps" details how for a year, Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson and David Choffnes have conducted an experiment using more than 17,000 popular Android apps, including Facebook and 8,000 other apps that send information to the mega-powerful social media platform.
Their goal: to see if applications were quietly recording audio and sending it to third-party servers.
Their conclusion: not only did no application send audio files, but none of them even activated the microphone without first being asked to do so.
According to Gizmodo, "Like good scientists, they refuse to say that their study definitely proves that your phone does not secretly listen to you, but they have not found a single example."
Although none of the apps used the microphone without prompting, over 9,000 of the 17,260 apps had permission to access cameras and device microphones.
"They found no evidence of an application activating the microphone unexpectedly or sending audio when it was not invited to do so."
What was even more surprising, however, was that some applications were taking screenshots and screen recordings and sending them from the device to third-party domains. The researchers gave an example using an app called GoPuff, which is a snack delivery service.
When their automated systems used GoPuff, on-screen interactions were captured and sent to a mobile analytics company called Appsee. They said that the video that was sent "included a screen where you could enter personal information - in this case, the postal code [the]."
This screen recording feature is the one on which Appsee boasts on its website. Many applications use this feature for marketing purposes, and researchers have not really found fault with this in itself. What bothered them was that the application did not specify that she was doing this and that it was about the recording of personally identifiable information (IIP).
Scientists contacted GoPuff about this, which immediately changed its privacy disclosure to say, "AppSee [sic] could receive users' IPs."
They also contacted Appsee, who claimed that their SDK could "blacklist sensitive parts of the application to prevent [the SDK] from recording it." Appsee insisted that GoPuff was at fault in this case because it did not blacklist this screen. did he disclose the use of the screen recording? The company's CEO, Zahi Boussiba, told the researchers that this constituted a violation of his terms of use.
"[Appsee’s terms of service] clearly states that our customers must disclose the use of third-party technology, and our terms prohibit customers from tracking any personal data with Appsee," he said.
Boussiba claims that once he was informed of the violation, he deactivated GoPuff's application tracking and "purged" his servers of recorded data.
"We always appreciate the hard work of the research community to help improve online privacy and security practices." - Google
The researchers also contacted Google about GoPuff and Appsee. After reviewing the study, Google decided that Appsee's technology could lead some developers to inadvertently violate Play policies, which state that developers must disclose when and how user data is collected.
"We are working closely with [Appsee] to help developers appropriately communicate the functionality of the SDK to the end-users of their applications," said the spokesperson.
The long and short of the study is that even though we are not necessarily listened to, that does not mean that we are not yet being spied on - something we were all well aware of during the last year.