Researchers from Northeastern University in Boston decided to test out the popular consumer paranoia that smartphones secretly listen to your conversations. While they didn’t find evidence of smartphones recording your audio, they did find that that apps secretly take screenshots of user’s phone activity, and record videos of their screen. These smartphone apps can capture the device’s screen without the user’s knowledge and consent and then send the data to third-party receivers.

To test the long-held belief that mobile devices eavesdrop on the conversations of users when wake-words activate microphones, the researchers tested 17,260 mobile Android apps. More than 9,000 of these apps had permission to use a phone’s camera and microphone and thus could potentially eavesdrop on your conversations.

Ultimately, they found no evidence that mobile devices eavesdrop and pass audio data to larger corporations,  but the researchers clarified that doesn’t mean it’s not happening. What they did find is evidence that several smartphone apps periodically capture screens and record videos of the user’s activity, sending the data to third-parties. One of the guilty apps is goPuff, a food delivery app found to record user’s interaction with the app and sending resulting data to Appsee, a mobile analytics firm, ZDNet wrote.

Predictably, goPuff’s privacy policy did not inform users that their screen could be recorded while interacting with the smartphone app. But as soon as the researchers contacted goPuff over their findings, the company updated its terms of service to indicate that they could collect “personally identifiable information.” Appsee said the fault laid with goPuff and goPuff said the fault was with Appsee. The researchers then notified Google of their findings.

“We always appreciate the research community’s hard work to help improve online privacy and security practices,” a Google spokesperson told Gizmodo by email. “After reviewing the researchers’ findings, we determined that a part of AppSee’s services may put some developers at risk of violating Play policy. We’re working closely with them to help ensure developers appropriately communicate the SDK’s functionality with their apps’ end-users.”

The researchers tested the thousands of apps on ten Android phones to see how they interact with a given software that analyzes their privacy data properties. The testing was all done through automated software, and the researchers emphasized that their testing may not have tested the full user experience as their software couldn’t fully replicate a human using the app. Thus, it’s possible the testing software didn’t hit a triggering event that would have prompted the phone to record audio.

The researchers have announced that they will present their findings at the Privacy Enhancing Technology Symposium Conference in Barcelona next month.

Is Digital Security Really Being Enhanced Post Cambridge Analytica?

Comments

Join Our List

Subscribe to our mailing list and get all the news corporate media won't give you.

Thank you for subscribing.

Something went wrong.