FUD. Apps cannot listen to the microphone without going through the OS first. I call FUD or share with me this magical OS-bypassing code. Compromising the OS at such a fundamental level on a recent Android version is almost certainly beyond their capabilities. I am more likely to believe the content that inspired this article is more aimed at investors and is blatantly making false claims, and that such claims from the privacy policy are generic disclaimers.
Further, have you ever tried to get an app to consistently run in the background on purpose? It’s an enormous PITA when you actually want this to happen. Android apps do not typically run in the background at all unless they have again special permissions to bypass background restrictions. The OS strongly prefers to pause and eventually kill apps to save battery rather than permit background activities to occur unless they fall into specific categories and then only at specific times to optimize the battery usage.
If an app asks to run in the background all the time, bypass battery restrictions, and you grant it microphone access explicitly, the problem is no longer Android. The problem is the user being stupid by granting access against their own interests. And even then, it’ll still trip the microphone indicator.
No one said they were bypassing the OS. Have you seen the permissions some apps ask for ? Messenger used to straight up refuse to work if it couldn’t access your contacts and what your screen is showing at all times (allegedly to allow their shitty app widget to always display on top of whatever you’re doing). Don’t need a microphone to spy on anyone with that.
To be fair, the Android permission system is crap. I have an app to automate certain things. It requests only the exact permissions required for the actions I have configured. All I want to do is enable auto-rotate if a certain app is in the foreground and set portrait mode otherwise. In order to do that, the app needs full screen reader access and can theoretically see everything that’s on the screen. That said, I personally don’t believe the Messenger app was well intentioned. But if it were, it may not have a choice but to request these permissisions for legitimate use cases.
True, and the applications are targeting children. Perhaps they’re praying on a user who will grant permissions without asking questions, of which there are many.
100% correct. There’s a whole field of mobile cybersecurity researchers who would be able to name names and show code if this was true.
The rest of the comment field here saddens me immensely.
Man, I hear you on the persistent background operation. I can’t get my third party watch to stay connected to its home app for a day at a time and at this point I’ve given it all the permissions I’m allowed to give. If it asked for nudes I’d have sent them a portfolio. Doesn’t matter, you need to manually reopen it and resync it multiple times a day.
Problem is that lots of kids have smartphones and dont understand what they are allowing by enabling those permissions.
All recent OSes even visually make it obvious that the microphone is used, after asking the user if they should allow it at all. I don’t think they can actually to more far than this. Maybe regularly ask the user if they really want the microphone to be used all the time.
Agreed on all of that. But, see it from a different perspective, maybe the news need to misinform this way to get people to finally be privacy conscious on their phones. I mean, probably not and it is certainly a terrible way to do so, but maybe it might help that a broader population reevaluates how much they want to share online.
PLEASE SKIM THE ARTICLE BEFORE COMMENTING
Here’s the part that most people seemed to miss:
With your permission provided at the time of downloading the app, the ACR software receives short duration audio samples from the microphone on your device.
Help, I installed a microphone app on my phone and it’s working as a microphone, what should I do?
Article from 2018. Not worth recycling. Mostly FUD.
The apps need permission to the microphone for that and in background it would drain the battery and constantly show the microphone is accessed unless you are using an old android version. It is likely easy though to eavesdrop when the app is opened and using microphone is an expected functionality, and to pick up keywords and the sounds emitted from other sources to better know location and social graphs without GPS access.
While Alphonso hasn’t revealed the names of these apps, Pool 3D, Beer Pong: Trickshot, Real Bowling Strike 10 Pin and Honey Quest all feature the technology.
Oh look, they’re all shitty games that hook people like gambling sites. Whoever would have thought!
Fuck that. Facebook, Amazon, Google, Instagram, TikTok, etc., are all spying on everyone.
But those apps don’t use the microphone, or have a plausible excuse to use the microphone, so it’s okay!
(This is sarcasm. It’s not okay.)
Who didn’t know this?
“Yeah, me and my wife were talking about a new driveway, the next we knew we were both getting ads for driveway paving companies. The news says it’s just a coincidence…”
Bullshit.
Useful response, well done.
My wife and I were driving down the highway and I saw an old Cadillac, and I said, “hey, I like that old Cadillac.” Not even an hour later I got a facebook marketplace notification about a Cadillac for sale near me. I have NEVER searched for Cadillacs for sale.
Yeah, crazy thing is it’s never things I just think about but never tell anyone. Ads don’t come until I mention it out loud near my phone.
I’ve had things like this happen, and I always suspected it was Facebook itself doing it, but now I think it’s also likely its something else feeding info into an ad system that then shows the ad on Facebook.
Every now and then I’ll just blurt out random things I want that I’d never want to see if I can trigger getting ads for it. Hasn’t happened in quite awhile now, probably because restrictions on doing it are getting better.
All of the discourse around “we can’t prove they are listening” feels like gaslighting, to me.
I don’t need proof. We have all have had this experience, and “it’s just tracking absolutely everything else so well that it guesses really accurately” isn’t in any way better, anyway.
It isn’t better, it’s even worse IMO. But it’s just the truth. It is verifiable enough that apps cannot just spy via your microphone in any reasonably modern OS, not even the old versions. What has never been verified though is that there are non-zero-day-exploit-ways to spy through your microphone.
It can be proven, very easily. All it takes is a little bit of IT skills and a basic understanding of networking. There are also immense amounts of incentive to prove it. Your information would be spread across every news network, and you’d be able to use it to sue any business that does it.
So, the only reason it can’t be proven is because it’s not happening.
Your information would be spread across every news network, and you’d be able to use it to sue any business that does it.
Oh, I wish that were so.
Any data breaches in the news, today? Of course there is..
The odds are good that whenever you (or anyone) read this comment, there’s a verified data breach that hit the news this week and isn’t getting any serious national coverage, or any television coverage at all. Even odds are that it’s actually from today, regardless of when someone reads this.
I don’t know what your pocketbooks look like, but I don’t have the finances to hold any of these companies accountable.
I do have a half-dozen different legal settlements worth of (3 years each of) identity fraud protection service offers.
Edit: Oh, you maybe mean specifically if a voice recording was leaked. If so, you’re right, that would be huge news.
My legal recourse would remain exactly what it currently is, though. Three more years of low quality identify theft insurance.
Data breaches are already commonplace, though. People don’t really care about that, so news outlets don’t care to cover it.
This is vastly different and would be a new thing that everyone would be interested in hearing about. So many people think that this is happening, but have no proof. They would love to be able to say “See! There’s finally proof! I told everyone!”
The news should have called it Confirmation Bias.
No, it’s should be called just plain “Confirmation.” Anyone not a complete idiot has known this has been going on.
People are dumb enough to put Amazon Echos and the Google thing I can’t remember the name of in their homes. Even smartphones spy. If it’s listening for “Cue Words,” it’s listening all the time.
Can’t say about Amazon and Google because I don’t have their devices, but if you read up on how Siri’s cue word works, you’ll see how it doesn’t “listen” to you all the time. It has 2 mechanisms in play, one that’s always ready to hear you call it, and the other that actually transmits the data it collects. Those 2 are decoupled to ensure the one waiting for the trigger/cue word is isolated and only works locally and does not collect or transmit what it’s hearing. Once you trigger it, the second mechanism comes in and then it’s fair game as whatever it hears can be collected and shared.
Having your phone listen to you all the time and transmit the info will cause an obvious drain on your battery and data. If that truly was the case, mobile security professionals would’ve sounded the alarm by now.
Bro, they don’t. The OS manages microphone access. If you allow it, yes, they may spy. But even then, the OS visible tells you via an icon that the microphone is used. It is the plain written truth, that we can not argue around. There has been a lot security research around this, stuff has been audited, Android is even open source, and no one has ever found even a hint of this being possible.
Echos and Google Homes are an entirely different story because they operate their microphones by design, their entire system works on always listening, and they don’t hide that.
Yeah, they actually do. But keep dickriding for a corporation that couldn’t care less if you, or anyone else, lives or dies.
Unless you work for them…
Do you have a mechanism to work around the OS permissions model that broadly works across handsets?
I can find you a buyer for that info and we’ll split 40/60. Dead serious. Cash, and no questions. Just prove that it works.
Yeah, I do:
Don’t buy the fucking things.
