Our phones are listening to us, and then using our conversations to sell us adverts, or at least this is what everyone seems to believe at the moment. While permissions hidden in long, nefarious online contracts for almost every app seem to indicate that this is at least potentially the case, the hard evidence for such a thing is hard to come by.
Firstly onto the facts. We know that there are a number of apps that require access to a phone’s microphone to operate. Intelligent assistants such as Apple’s Siri, Google Assistant, and Microsoft’s Cortana all request and are granted, the ability to use the phone’s microphone as necessary and all are listening in, awaiting your command 24/7. We also know that companies like Google are definitely recording private information about us from our movements on Google maps to our searches on the internet, and using that data to compile huge databases of information on each and every person. If you doubt it, visit this link and see what they may have on you.
We know too that researchers have managed to develop powerful audio analysis systems that use Artifical Intelligence to sift through massive amounts of audio data for relevant information, and have the ability to sort that into useful packages.
Powerful AI audio-analysis
Just by listening to the audio of your voice researchers have already developed the capability of working out who you are, where you come from, your current location, your gender and age and what language you’re speaking. Meanwhile, other systems have been able to pick up such diverse information such as whether you’re lying, your current emotional state, a speakers’ attitude whether you are fighting with other speakers.
What we do not know, however, is whether Google and the like have tied their desire to gather more data with the increasing ability to do so. They swear they have not.
On June 8, 2018, Facebook responded to a question from Texas senator Ted Cruz asking if Facebook collected user’s audio or visual information for any reason, and Facebook responded that it did not, saying, “Facebook does not engage in practices or capture data from a microphone or camera without consent”. Through a cunning choice of words, and deft evasion of a question it is clear, however, that it did not promise that it would not do so in future.
Amazon and Google meanwhile have admitted that their Amazon Echo and Google Home devices are always listening, and do record information, but only “so Amazon and Google can analyze the responses of their virtual assistants and ‘manually review them’ to ‘help improve our services’.”
At present, security experts have advised that users have no reason to distrust these utterances, as in general all major companies have thus far been extremely open with regard to just how much information they are reaping from phones, and internet use, and have made this information available to the end-user, but they have also cautioned that this may change at any minute and there are other threats the average cellphone user should be cautious of.
People aren’t always aware
On a recent episode of the “Too Embarrassed to Ask” podcast, Northeastern University researcher David Choffnes explained that people aren’t always aware of just how much info they are giving away online, and this can sometimes make it seem like they are being listened to.
“It’s not just when you’re on Facebook looking at someone posting about Hawaii. You’re also probably being tracked by a Facebook like button when you go and visit a website about Hawaii,” he says. “And so if you’re thinking about that trip to Hawaii, you probably left some breadcrumbs that that’s the case, but you weren’t aware that it was happening. So, when you see that targeted ad, all of a sudden you think, ‘Ah! They must’ve been listening to me’.”
Despite this, there are still tens of thousands of people who swear that there are things their browsers could only know about them if they were being listened to.
The truth is that any kind of listening, photographing, or otherwise privacy reducing behaviour in phones is more likely to come from Malware – “software that is specifically designed to disrupt, damage, or gain unauthorised access to a computer system”.
The operating systems and virus protection on phones are, despite decades of research, still woefully far behind the PC, or laptop equivalents, making a mobile phone much easier to hack than the everyday computer.
Malware
This is bad news particularly given how important and connected our phones are to our everyday lives. For example, according to Forbes Malware exists which uses a phone’s camera to map the inside of specific buildings without the owner knowing, thereby allowing potential burglars to break-in to your home much more easily. Worse, there is little that the operating systems can do to stop it if you happen to be one of those people who are unlucky enough to have the Malware installed on their phones while using unprotected Wi-Fi at a coffee shop or airport, or who accidentally downloads suspect apps.
Many people assume that the apps they download from Google Play, or other stores are safe, doing only what they say in the description and in most cases they are right, but malicious software can still sneak through.
Recently, a malicious app called Virus Shield made it through Google’s review process and instantly became a hit on Play Store’s “Top New Paid Android Apps” page. Tens of thousands of people bought it despite the fact that Virus Shield was a fake with no anti-virus functions at all.
In just one day somewhere around 50 000 people bought Virus Shield at a cost of R60 a download – before Google caught on and removed it, but had the app been functional with malicious aspects, it may have taken longer for Google to notice and delete it and hundreds of thousands could have found their phones compromised.
In 2016 the CDT alerted the Federal Trade Commission (FTC) to a technology called SilverPush, which used audio beacons to track a downloader’s activities across devices.
When a user visited a website that used SilverPush tracking technology, the site caused their device to emit an inaudible ultrasonic sound. If any other devices were located close by which had an app installed that unknowingly included SilverPush code in its backend, then that device would ping back. SilverPush then knew that, due to the proximity of the devices, they most likely belonged to the same person.
Additionally, the malicious code also listened for a tone that TVs emit during a commercial break, which is inaudible to the TV’s owners, but that a phone could hear. This code then linked the TV and phone as belonging to the same person and fed back data on watching habits to SilverPush’s creators.
Malicious code that is hidden in more useful products and is tied to advertising is not a new phenomenon on the internet. “Adware” as it’s known is a multi-billion rand industry worldwide, and so it stands to reason that while the largest stock exchange-listed companies may currently be operating under codes or veneers of respectability, their unlicensed counterparts may just be prepared to make use of any technology that exists to get ahead.
What can you do about it?
So what can you do to ensure your phone remains as protected as possible from those who would listen in?
Be wary of third-party app stores.
Never allow the installation of apps from “unknown sources” unless you’re very confident in the source, and always check the permissions that the app is requesting. Seek out apps that require the minimum permissions necessary. You would be surprised just, which apps are tracking you, and what they are really doing.
In 2013 a simple app that appeared to simply turn a phone’s camera flash into a torch, “Brightest Flashlight Free” was found to be “transmitting users’ precise location and unique device identifier to third parties”. And Accuweather is known to sell information on your exact GPS locations as well as users’ wi-fi network information such as your router number and BSSIDs.
If you must have a particular app, control its permissions.
Protecting your privacy can be as simple as revoking permission you didn’t know you’d already allowed on apps you have downloaded. Just follow the steps below:
Open “Settings”
Select “Apps & Notifications”
Press “App Permissions”
Unselect the apps and information you wish to opt-out of
Don’t use unprotected Wi-Fi
Criminals and hackers have an easy way into your phone to do with it what they will, and this is unsecured Wi-Fi. Hotspots are considered to be “secured” if access to them requires users to input a password that conforms to the WPA or WPA2 standards for security codes. Always be extra wary if you do not have to submit a password, even if the network is called, “OR Thambo official WIFI”.
Entering an unprotected Wi-Fi hotspot allows others on it to steal your bandwidth, install programs on your phone, such as listening apps, intercept your passwords and data or even use your phone to commit crimes. Simply don’t do it.
