this was such a weird claim, and I never really understood how it could be true specifically for phones, where they aren't in control of system software. there's like a gradient of possibility here:
Android phones from major manufacturers, and Apple phones: doubt it. those things are too heavily scrutinized, someone would've found it, and the companies that make them don't have the impetus.
official "smart" voice devices from Amazon, Google, et al: doubt it, same reasoning as above
Android phones from small players, heavily subsidized models, etc.: sure, could be
smart TVs from major manufacturers: probably not? medium "maybe"? I bought one of these with a hardware mic switch so I guess that shows my paranoia
other smart TVs: I dunno, feels highly likely
so: I'm careful about what I use so my risk felt pretty low, but I also feel like if this were true security researchers would've discovered it. let alone the fact that what they describe is bandwidth and battery intensive (off-device or on-device respectively, I don't remember what they claimed as I read the 404 media report some weeks back) but it still makes me wonder: what led them to make these claims then? fascinating, pretty scary.
I've seen Android phones activate Google Assistant seemingly at random many many many times. They're only supposed to activate when called by a specific phrase like "okay Google", but there are plenty of false positives, and every time that happens, an audio recording gets sent to Google. Same deal with Alexa and Siri. This is, of course, allowed by the terms and conditions.
At least Android makes it visible to the user when this happens. I wouldn't bet on smart TVs doing the same.
At this point there's not much you can do about it. Even if I secure my own devices and my own home network, that all goes out the window the second anyone else walks in my door with their own smartphone.
That said, I agree that the claim is likely false with third-party apps on modern smartphones from major brands. It's not easy for background activities to access the camera or microphone without the user's knowledge on iOS or Android. First-party and second-party spying is hard to avoid, though.
They’re only supposed to activate when called by a specific phrase like “okay Google”, but there are plenty of false positives, and every time that happens, an audio recording gets sent to Google.
And you can even do Google takeout and see all the recordings they took of you. Many of which you'll notice doesn't have you asking or doing anything remotely related to a voice search.
It's especially weird when the existing targeting can be so effective for much cheaper.
For tvs for example, they can see what you watch, when, what ads you mute and which you don't, what you display over HDMI (content ID), the other devices on your network, your location, your accounts for every streaming service, what you search for. Then if you install their companion app they learn the other apps on your phone, your location habits, the media you play on your phone (looking at you Bose connect app...), bluetooth and network devices you are near (connecting you to other profiles they know), and probably a lot more.
content id is a wild one that I only discovered a year ago: I had always used my own Chromecast when traveling, and I plugged it into a Roku TV which kept saying "did you know you could watch [content that I was currently watching] on Roku" which really freaked me out, so I looked into it. honestly not sure why they tipped their hand like that: I found the setting and turned it off. otherwise I would've been none the wiser.
creepy af though. the amount of tracking you implicitly accept by using random devices out in the world is staggering. even if you read every privacy policy and opt out of everything (I do) you have no chance.
My take is two fold:
1- Marketing over selling their product (common practice)
2- The "always listening" devices are mainly their Smart Remotes that have a microphone built in.
#2 Seems the most likely as is a device fully in their control and can pull as much ad marketing / information gathering details from it as they want.
Android phones from major manufacturers, and Apple phones: doubt it.
Bold added for emphasis, Apple claims privacy as a feature and OS control of the mic to prevent this exact sort of thing. Not only would someone have found it, it would be a news cycle on the mainstream news, and basically just the wallpaper for any tech-centric website.
I mean, fucks sake, iFixIt alone would find mics in places they shouldn't be and this would be a story.
Unfortunately, the truth is more boring, and basically pretty much every app/website most of us use are tracking us in some way unless you really seek prevention. They don't need the mic.