Hundreds of smartphone apps are monitoring users through their microphones
Hundreds of smartphone apps are monitoring users through their microphones
www.the-independent.com
Your smartphone is listening to you
96 comments
-
This might just push my fear of targeted ads enough to give in to my idea of a nearly soundproof box for my phone when I'm not using it. :(
-
Just install an OS that allows per-app microphone permissions. I'm running LineageOS and I can tell it for example to only allow Whatsapp mic access when I actively open the app. Actually according to the article, the same can be done on plain Android too.
-
-
Beer pong
Yeah that sounds like an app user who would be okay with his audio being recorded...
-
yeah, alphonso appeared on my mibox, eset called it a trojan right after the update. had to delete it through adb, cause its a "system app"
-
Reading this made me wonder if I was having a stroke, because it seems like English but I don't recognize so many of the words. 👴
-
-
I used to work for a mobile advertiser, and we installed hella bloatware on phones.
This idea was floated a couple times but was deemed not very effective cause you'd have to store and process hours and hours of audio data that didn't tell us much more than just having a week or so of GPS data, your Facebook profile, and your phone IMEI.
It's pretty easy to see if you're near a Popeyes and what other IMEIs are connecting to the same tower, extrapolate that to you being near your wife and you and your wife thinking about shit on the Popeyes menu.
Boom targeted ad/video for fried chicken.
The rest is general tech paranoia leading to Apophenia.
There's no microphones or cameras, it's just the already gigantic mountain of data anyone who uses a smartphone is constantly broadcasting getting ground through the big data machine that has been the pillar of all tech since the last recession.
-
you'd have to store and process hours and hours of audio data that didn't tell us much
I mean that could be solved as simply as a local transcription service...
-
And do what? Sentiment analysis on the conversation you were having?
Remember semantically aware models are still fairly new and even they lack the context for a particular field of text. That's something even the new fancy LLMs struggle with.
Unnecessary when there's way better targeted models trained on years of data that people willingly send as part of everyday smartphone use.
-
-
But wouldnt it be a moot point if I restrict access to GPS for all apps?
How much of that data is from Google/Apple (e.g. Google Maps)?-
If you use android google grabs your GPS data regardless, you have to root and disable it.
Apple does the same thing but they didn't have their pants occupied by third-party network's fingers like google did until the pixel came out.
Google maps is basically a beacon for AdMob to target you nearly perfectly.
Also using "fine location" in any app grabs the nearby wifi list and sends it to Google/apple if it's not cached.
Also most ad providers these days have made deals with major networks that let them tell what tower your IMEI pinged off of.
It's why google tried to push android/ad IDs, way less info for the networks to advertise over, and it also put the tracking in their hands instead.
-
-
-
Right around the confinement my sister and I were talking about getting some seeds for my mom. Neither of us searched for seeds. From that point we both started to get ads for seeds, many for the ones we had talked about in particular. This thing was so unequivocal that it proved to me that our phones listen. Maybe they don't analyze, but they definitely listen for words actionable for an advertising purposes.
-
More likely, your late'ish habits and searches combined with age and another mountain of data correlated with people that have the same thought. We are no snowflakes.
Edit: I should say, if this example is true. I'm not saying you are lying, just that if you are, it's not a "gotcha". This thread is making me paranoid! :)
-
That's why i always forbid access to my microphones by apps. Many AI apps will also remember what you discussed long ago.
-
OS doesn't need permissions to access hardware
-
-
-
Use NextDNS with strong filters and the DDG app with App Tracking Protection turned on. While no filter is 100% perfect, this combo stops the vast majority of privacy-invading shit from getting to 3rd parties.
-
I use shizuku for hidden api/shell access..the devs of that have an app called appops which, you guessed it, allow you to change any appops permission for any app. Allows denying/ignoring clipboard access, device identifiers, location, microphone, etc.
::: spoiler appops screenshots
:::-
App Ops still works? I haven't used it in over a decade.
-
-
-
ok thanks, but where's the list of these apps?
-
These type of articles never list the apps they're discussing.
-
iOS and Android. If you have one of those people are listening.
-
Comments like this try to make you give up on privacy by making it look like all is lost from the get to.
They are lying, don't believe them, there is a lot you can do to protect your privacy.
-
Both of these apps have device-level notifications to let you know when an app is listening. I promise they're not. There was a service a while back that was claiming this in their advertising and it went public and their partners all scattered like flies. No one wants to be associated with that sort of thing. It's unnecessary anyway.
-
Eh, you can be reasonably sure that GrapheneOS or other Android ROMs without any Google Play apps is private.
-
-
-
And people wonder why I keep rooting my Android phones.
Without advanced permission denial and file access restrictions, phones will spy on anything and anyone.
-
That helps with other dangers, but in this case all you need to do is not give "Pool 3D" access to the microphone, no rooting required.
-
Rooting is no longer required and is a security risk
Or do you mean flashing custom privacy respecting rom
-
No, I exactly mean rooting, and it is a hard requirement for me when choosing phones.
If you know what you're doing, there is no security risk involved, since every app requesting for root access needs to be granted individually, and you can opt to do so for a limited time or permanently. Or not grant it at all, obviously.
Tools like AppOps (advanced permission management), Storage Isolation (prevent access to certain folders even if "file access" permission is granted to some app), Ice Box (keep certain apps in a permanent state of hibernation unless you explicitly launch them) are absolute core essentials.
Other apps that enable you to fully remove system apps, system level adblockers, VPN sharing etc. might be optional, and there are no-root workarounds, but they all come with serious limitations.
-
Granting blanket root to all programs on an android phone sure that's a risk; but who the fuck does that on any system...
From memory individual apps would be able to request root which could be denied, approved once, approved always or ignored.
-
-
-
Article is from 2018. Someone must have pasted the url from hacker news where the same story was dug up recently.
-
Is that to say that it's no longer valid? Or just that it's old news? The list of apps associated with the software is still pretty extensive; Google Assistant even showed up.
-
Well these days Android asks for more permissions so I guess it would prevent it in many cases by preventing access to the microphone for apps where you don't want to allow it...
-
7 years is a long time in tech.
Google Assistant is supposed to listen for the "Hey Google" trigger word. How else do you expect to use your device hand-free.
-
Old news. It was old news in 2018
-
-
-
Wasn't there just a storey a couple days ago that apps where not doing this but taking screenshots and videos on the screen and sending that. And both iOS and Android have the microphone notification now.
-
https://nvd.nist.gov/vuln/detail/CVE-2023-21083
I guarantee you that the green privacy dot means diddly squat.
-
This link proves how robust the security research is and how quickly bugs like that are patched.
-
Past vulnerabilities doesn't mean there is active mpdern vulnerabilities especially ones in widely tested operating systems that's exploited by as many apps as people claim are listening when security researchers also regularly reverse engineer and analyze the source code of popular apps to figure out what they're doing. You can decompile Android apps pretty easily to see what they're doing. Some are obfuscated so it takes some effort.
Its one thing to claim there's some a system level bypass for the icon that the NSA uses to spy on its enemies, it's another thing to claim that it's being exploited on a wide scale by a tech companies on different apps, iOS and Android, multiple versions/devices.
The reality is that we leak tons of info through other mediums that are easier and cheaper to collect than through microphones.
-
-
I know I'm usually on the more paranoid side, but I've always assumed everything I do on a smartphone is potentially being monitored via camera or mics.
If the apps are just taking screenshots, or recording a few seconds of data via mic, it would be almost guaranteed that certain corrupt (and also paranoid) governments that are dismissive of privacy rights could force or bribe those apps to allow them to also access screens, mics, and cameras anyway, right?
I'm in the U.S., and especially with how glitchy my phone has suddenly become over the last few months, I'm just at the point where I just assume that's what's going on.
I had the same android for like 4 years without many issues, then suddenly around February it just became almost impossible to use. Weird glitchy things with the size of the tool bar at the bottom of my screen and the popup keyboard. Redirect notifications all the time for certain websites, and my VPN connection is just constantly interrupted and having to be reset.
I finally was like fuck it, this is an old phone so maybe that's it. Brand new phone, but most of the same issues.
I use signal instead of text most of the time, and switched a lot of things to proton mail, but if someone is potentially recording your screen, does it really matter if what you're doing is encrypted?
-
Which VPN provider are you using? How do you know they are not the one monitoring your phone?
Did you obtained your phone from a trusted source, such as an official seller. Some phones purchased from overseas might have "International ROM" installed by the seller, which compromises the integrity of the device.
Consider having a trusted tech friend look over your phone to see if the device has malware installed.
-
-
i used to think this as well (i have never used any facebook apps), but last night something happened that made me question it.
My wife and i were going through a chipotlane that was right next to a Popeye’s. As we were waiting i looked over to popeyes and saw some posters for their new pickle chicken stuff and asked my wife “the fuck is a pickle ‘glaze’?”
she said “i have no idea but i kinda want some fried pickles now.”
literally a few seconds later she opens instagram on her phone and is shown a video of a person making pickle brined chicken.
yes yes it could be a coincidence, but i am a lot less certain of that now.
-
The way I've heard it is that it's not just coincidence nor microphone scanning, but just the effectiveness of targeted ads in general. You could be within wifi range of other users who are searching for pickle stuff or you yourselves have a history of pickle purchases, etc. This stuff is scary specific already.
-
-
-
me to my phone right now
-
I keep my phone in a chip bag and only pull it out to LARP the preparation for the assassination Franz Ferdinand in general terms without naming actual places or names.
-
That's a good way to always keep chips on hand.
-
-
But… they can't access the microphone without the user explicitly allowing
-
Tell that to Facebook. Shit, I'll talk about something with my wife and see ads about it ten minutes later. Been happening for years.
-
I tested this with my Facebook app in 2013. Found a Spanish radio station, set my phone down next to it overnight, and for several weeks I was seeing ads exclusively in Spanish. Deleted the app the first day I saw them in Spanish, and deleted my account not long after that.
My wife still uses them after 5 years together and me pointing out all the times it's obviously eavesdropping on us, and she's even been creeped out by it before. Still uses it...
Unless my microphone and camera have physical switches, I will assume they are being used. Those little "your camera and microphone are off" icons in the corner of the screen don't reassure me.
-
That's monitoring you and your closests' other behavior, as well as monitoring then nudging you towards wanting certain things. The ad itself is the last nudge in that chain that tries to go "you wanted this, don't you?" after all of the other thinking it's making a case for your life being better with it.
-
It's more likely that your wife or someone nearby was further researching the same topic you were talking about.
Facebook and other ad companies use your location, relationships, and other data they already had on you to serve you relevant ads.
At this stage, they know more about you than the government, or your wife.
-
-
Only on iOS. Also a lot of apps can present valid uses for microphone access, which prompts users to allow unlimited malicious use
-
I can be absolutely certain no apps can access my mic in the background. Even when in the foreground, there is a hot-mic indicator.
-
Not only on iOS. I use Android and my microphone is always off unless I allow a specific app to use it, and even then, I have the option of only allowing it for that one time. Including the phone app.
Mic and camera are always off.
-
Because it is software-based access control, it is impossible to guarantee that access really has been disabled. Thanks to Apple's design, we now live in a world where users are not supposed to detach batteries or physically turn off microphones and cameras; it's all software-controlled. The problem is that software can be hacked and have backdoors. Also, thanks to Apple's smart design, users can no longer upgrade the memory sticks on their Mac Minis and MacBooks. Why do I say it is all Apple's fault? Unfortunately, other manufacturers copy these design ideas...
-
-
-
How can they tell I'm popping?.... Oh....what if I stopped flushing? So is that why some people don't flush? They're trying to be stealthy!
-
Instagram at least listens thru your mic, for sure. At least on my wife’s phone, she gets targeted ads based on conversations we have in the car with no music playing
-
About things the other person has searched for and visited and when their networks touch it spreads. It's easy to do without a mic
-
96 comments