Are Your Apps Secretly Recording You?

Have you ever spoken with a friend about buying shoes, then had an advertisement for shoes show up in your YouTube feed? Or perhaps there’s construction outside your house, and Facebook delivered you an ad for earplugs.

Everybody has their own story like this. Major content platforms are capable of delivering suspiciously timely, on-the-nose ads, based on things we didn’t even search for on the internet, or click “add to cart” for on a shopping site. How do they know? 

This mystery has led to widespread conspiracy: that our favorite apps are listening to and recording our voices through our smartphone microphones. More and more people now believe they’re being surveilled not (necessarily/only) by the government, but by Silicon Valley companies.

Last year a group of researchers from Northeastern University decided to answer this mystery, once and for all. Over the course of a year, they tracked over 17,000 Android apps–including Facebook, Facebook-owned apps, and over 8,000 apps that send data directly to Facebook–to see whether they were covertly activating and recording data from smartphone microphones. With software designed to automatically operate the apps, the researchers recorded and analyzed what flowed in and out of these apps: what kind of data was being trafficked, where it was going, and to whom. Was any of it sourced from the microphone? Or sent to third parties unknown to the user?

We find that several apps leak content recorded from the camera and the screen over the internet, and in ways that are either undisclosed or un-expected given the purpose of the app. Importantly, we find that third-party libraries record a video of a user’s interaction with an app, including at times sensitive in-put fields, without any permissions or notification to the user. Further, several apps share users’ photos and other media over the internet without explicitly indicating this to the user.

The study found widespread instances of privacy intrusion, including “content recorded from the camera and the screen over the internet” and “third-party libraries record a video of a user’s interaction with an app, including at times sensitive in-put fields, without any permissions or notification to the user” Ultimately, though, none of the apps covertly accessed or recorded data from their smartphone’s microphone.

(There is one way that tech companies use your voice recordings, though: quality assurance. AI virtual assistants, like Siri, regularly log voice interactions without informing customers. But these recordings are single events–collected from random customers, without any tie-in with the ads those users are served.)

The results of the Northeastern study provide strong evidence that unconsentual microphone recordings are not occurring. But they don’t explain what exactly is happening. How is it possible that just talking about something, out loud, can lead to that thing being advertised on your phone?

The answer, most likely, is not as satisfying as we’d wish.

We feed a lot of information into our phones, between the contacts we interact with, the apps we use, the videos we watch, the social media accounts we interact with, the internet searches and downloads and the locations from which we do all of these things. The data that Google and Facebook algorithms manage is massive, and thorough. And all of it is useful, in some small way.

The algorithms are designed to cast a wide net, tracking you into most every corner of the internet, absorbing information and adding it to your digital footprint just about every time you do anything. Even the little information they don’t have can be approximated, by cross-referencing your data with those of millions of other people like you. It’s how your apps can infer your sexual preferences, your pregnancy, your family, and more.

In short: Facebook, Google and the other big data companies already have all the information they need to keep your attention, and serve you ultra-relevant advertisements, through more conventional means than recording your voice.

There are a series of reasons why it wouldn’t make sense for tech companies to record you secretly, even if they wanted to. For one thing, doing so would be legally perilous, opening the door to major lawsuits should anybody actually find out this was going on. (Side note: one would imagine, this many years in, that a whistleblower would have leaked information on a company practice like this, through some sort of bombshell news story, if it were, in fact, occurring.) There’s also the fact that recording and storing audio from millions of individuals would be prohibitively costly to carry out.

In summary: we don’t know that Facebook isn’t recording you. It’s just that doing so would be totally unnecessary, and probably harmful to the interests of the corporation.

Rather than “Is my phone secretly recording me?” the more interesting question, at this point, might be: “If they already know everything about me, does it even really matter how they got it?”


About the author: 
Nathaniel Nelson writes the internationally top-ranked “Malicious Life” podcast on iTunes, hosts programs on blockchain and SCADA security, and contributes to AI and emerging tech blogs.