Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Android Privacy Software

Study Finds That a Large Number of Popular Android Apps Secretly Cast the Screen To Third Parties, But They Don't Listen To Conversations (gizmodo.com) 97

Kasmir Hill, reporting for Gizmodo: It's the smartphone conspiracy theory that just won't go away: Many, many people are convinced that their phones are listening to their conversations to target them with ads. [...] Some computer science academics at Northeastern University had heard enough people talking about this technological myth that they decided to do a rigorous study to tackle it. For the last year, Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson, and David Choffnes ran an experiment involving more than 17,000 of the most popular apps on Android to find out whether any of them were secretly using the phone's mic to capture audio. The apps included those belonging to Facebook, as well as over 8,000 apps that send information to Facebook. Sorry, conspiracy theorists: They found no evidence of an app unexpectedly activating the microphone or sending audio out when not prompted to do so. Like good scientists, they refuse to say that their study definitively proves that your phone isn't secretly listening to you, but they didn't find a single instance of it happening. Instead, they discovered a different disturbing practice: apps recording a phone's screen and sending that information out to third parties.
This discussion has been archived. No new comments can be posted.

Study Finds That a Large Number of Popular Android Apps Secretly Cast the Screen To Third Parties, But They Don't Listen To Conv

Comments Filter:
  • by alvinrod ( 889928 ) on Tuesday July 03, 2018 @01:28PM (#56887734)
    Good news residents, thieves aren't coming to plunder your document safes. Instead, they're only going to rummage through your jewelry boxes.

    May as well have led with a bit on no conclusive evidence that the apps were trying to give you cancer.
  • I suspect... (Score:5, Informative)

    by thegreatbob ( 693104 ) on Tuesday July 03, 2018 @01:35PM (#56887780) Journal
    ... that the following may be true:

    People are far more forgetful of the actions they've taken online and how they could be used by data/ad companies.

    People aren't entirely likely to notice ads without having some reason (e.g. just having talked about it)

    Data/ad companies are far better about targeting their results than they were in the past.

    People love a good conspiracy. I know I do.
    • by Luthair ( 847766 )

      People aren't entirely likely to notice ads without having some reason (e.g. just having talked about it)

      Pretty much this, people are wired to look for coincidences. Another possibility is that people you know are talking about similar topics via Facebook and FB's advertising considers the social network.

    • by SumDog ( 466607 )

      I think it's more than that. The algorithms Facebook and Google use are pretty damn powerful. Google analytics and Facebook like widgets are everywhere. One of two things are happening:

      1) The algorithms they train are so good, they can predict what you're going to desire and place an ad for it before you know it yourself. You think your phone is listening to you, but it's simply an analysis of all your other data. What you say with your friends about a thing you desire is just something it can predict.

      2) Ad

      • 1) The algorithms they train are so good, they can predict what you're going to desire and place an ad for it before you know it yourself.

        For some bizarre reason I keep getting ads for women's clothing. Does this mean I'm going to desire a sex change in the future? Google knows it now- but I haven't figured it out for myself yet.

        • That's the weird thing about it, the ads are so bad so often, but then you have the stuff that gives you mind reading/spying on my conversations feeling, and it's uncanny. It makes you think: what if they're actually REALLY good at manipulating us? What if the woman's clothes ads they're showing the guy are to modify his behavior around a woman at work who buys those clothes so she'll buy more? I mean you have to wonder. ANY analytics would show I'm a pickup/Jeep guy, but I constantly get ads for urban uppe

      • by Sique ( 173459 )
        Actually, the algorithms are pretty dumb. Just recently, I was discussing wooden panels for redecoration with someone, and now I see exactly the wooden panels I was looking for online to check for prices, in the ads. So either my profile with the analytics machines is quite thin so every thing I do online totally changes it, or the analytics machine is just throwing more of the same on me until I look for something else.
    • Comment removed based on user account deletion
    • by Hentes ( 2461350 )

      Or data companies share far more of your personal info with each other than they admit.

  • On my Android, quite frequently, Firefox asks for permission to use the microphone. I deny it every time.

    But why is it doing this? Is it malicious ads that are trying to record me?

    • An app that frequently asks for permission to use the mic despite being denied every time would not live long on my phone.
      • by apoc.famine ( 621563 ) <apoc DOT famine AT gmail DOT com> on Tuesday July 03, 2018 @02:46PM (#56888244) Journal

        You don't have an android then, do you?

        Because Google Play needs access to everything or it pops up complaints all of the time if you limit it. On a pretty regular basis I get a notice that Google Play is having issues because I haven't allowed it to use my phone, access my contacts, and whatever else stupid shit it wants access to. Instead of failing gracefully it's a constant nag, and they've been ignoring bug reports on this "feature" for 3-4 years now.

        • by Anonymous Coward

          Yeah, that's called nagware -- and it was supposed to have died in the fucking 90s. Unfortunately, Google didn't get the memo, and if you don't opt-in to all of their tracking shit on their 'track-everything-you-do' OS, you get hounded every. fucking. time. you. load. something.

          Android is shit.

          • I strongly prefer the Android user interface over iOS. But Google has kinda jumped the shark. They're just pure evil now. And their software quality is declining fast - almost like they fired all their talented engineers.

            I have hated Apple for a long time. I don't like their shitty software, I don't like their ugly design, I don't like their gay marketing image. But Google has gotten so bad that my next phone may be an iPhone. Sad.

        • by Anonymous Coward

          Because Google Play needs access to everything or it pops up complaints all of the time if you limit it. On a pretty regular basis I get a notice that Google Play is having issues because I haven't allowed it to use my phone, access my contacts, and whatever else stupid shit it wants access to. Instead of failing gracefully it's a constant nag, and they've been ignoring bug reports on this "feature" for 3-4 years now.

          You just described Dark Pattern design at work (darkpatterns.org for more info). The idea is that you get annoyed and as a result give the apps full rights without thinking the consequences. If it was possible to deny permanently certain rights without the annoyance of constant reminders very few users would grant the apps free access to data on the phone.

          You pay for the "free" apps by giving up your privacy. What you described is an intentional feature and will not be listed as a bug.

    • I've had adservers ask for that permission to use mic from ads embedded in page, but I haven't seen that for a long time.

    • It could be malicious ads, or pages that just ask for permissions without thinking, or a dozen other reasons. If you go into your settings (maybe the advanced one by visiting the URL about:config) you should be able to set it to "always no" (Or "never ask" or similar)

    • by AHuxley ( 892839 )
      Dont use a computer with a live mic. Connect a mic when its needed for the app thats trusted.
  • I believe one thing that is happening is targeting ads based on the client IP address. If the IP address is that in the range of a typical ISP, then there is a very good chance that all of the devices with that IP address are in the same household, and targeting ads across devices would be profitable. About a week ago my girlfriend and I were talking about my old camper, and the work we did towards restoring it. She googled "vintage campers" on her cell phone, and on my laptop I had googled for my exact

    • Seems less likely a question of IP address range than Facebook cookies linking activity across devices.

    • I have the same thing happen to me a lot, only with Amazon instead of Facebook. For a recent example, I do the cooking in the household and enjoy doing so. I believe I was letting youtube run on its own in the background, and eventually it played some video on how to do sous-vide at home. I didn't know what sous-vide was so I did a some research on the technique on my iphone while it was running.

      That was the full extent of it, a video played on my workstation, some wikipedia research on my iphone.

      Despite us

    • I doubt it's via IP address, there is so much NATting going on that it would be less than useful. However since you googled on your PC while logged into your google account, do you really think it surprising that when you used your phone, which is also logged into your google account, that something linked the two? I wanted to look up the price of a wood chipper while watching a movie, after that all the ads on my PC changed to wood chippers. I spent some time visiting family, and they have a teenage son
  • ... or interception have specific coverage under recording and wiretapping laws. Grabbing a copy of your screen, not so much.

    • by AHuxley ( 892839 )
      The NSA, GCHQ and the ads get around that by saying no real human is listening in real time.
      No human listening in so thats not really "wiretapping". A computer collects all the images, looks for all words used, sounds, spoken works and creates a data set.
      No human can listen into a dataset so thats still legal.

      The way out is not to have a live mic in the room.
      To not use a smartphone with ad supported apps.
      Never trust a free big brand OS. Never trust a browser that offers more supports to ads than
      • by PPH ( 736903 )

        no real human is listening in real time.

        Doesn't matter. Wiretapping laws have applied to recording conversations since the days of wire recorders [wikipedia.org]. Makes no difference if a human listens now or at some time in the future.

        • by AHuxley ( 892839 )
          That would make domestic collection all over the USA illegal. Some color of law must exists to make it all legal.
          No human will listen in the future. Thats the way around the laws. The data set is the word spoken converted into text. The text transcript is searched and thats not illegal as no humans listened.
          Other data sets get the same transforming real time collection.
          OCR the screen image for words. Keep the maths of every face in the image for recognition. Maths that can be turned back into
  • https://www.wsj.com/articles/t... [wsj.com]

    The WSJ reports:

    Google said a year ago it would stop its computers from scanning the inboxes of Gmail users for information to personalize advertisements, saying it wanted users to âoeremain confident that Google will keep privacy and security paramount.â

    But the internet giant continues to let hundreds of outside software developers scan the inboxes of millions of Gmail users who signed up for email-based services offering shopping price comparisons, automated trav

  • > 17,000 of the most popular apps

    "popular" more like.

    Apps fucking idiots install also a possiblity.

    This is what people asked for anyway. With free apps they get what they pay for.

  • by DMJC ( 682799 )
    Just another reason for the librem by purism. Can't wait to have a phone with adblock. No more garbage web experience on my phone!
    • by Anonymous Coward

      You can already have this. Wipe your phone and install LineageOS ( https://www.lineageos.org/ [lineageos.org]) so that your device is free of all the nasty stock Google shit. Additional software can be found from F-Droid (https://f-droid.org/ [f-droid.org]). There's nowhere near as much as you'd get in the "normal" Google store, but that's one of the prices you pay for safety.

      Combine Firefox Mobile (https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/ [f-droid.org]) with either uBlock Origin (https://addons.mozilla.org/en-US/firefox/addon/ublock [mozilla.org]

  • internet in general is the most complex, detailed conversation in most internet users' lives today. It is definitely being "listened to" and contains far more information than most realize - not just information pertaining to conversations you had but also your thoughts and opinions if they invoked a question in your mind that caused you to make a query. Simple information like what if any reviews you looked at while purchasing a product can speak volumes about the way you think.

    Without legislation to ban a

    • by AHuxley ( 892839 )
      Governments like thats for their security services and police.
      Buying every users voice patterns in bulk.
      The math of every image with a face a user is looking at.
      Every word gets OCR and every link collected on.
      Voice and sound is just another data set to collect on and sell.
      Only the user can ensure they don't have a webcam, a live mic, an OS and apps that collect.
      User installed security software to block mic use is not going to last long as OS get more secure for their ads and mic collection.
  • but I thought you needed the "Apps that can appear on top" permission to record what a user is doing in other apps. Without it, the only thing that can be recorded is the developer's own app. This makes the privacy implications much smaller for most apps, since the developer will always have access to know what it is showing you (along with what you tap/type/press) as that is inherent in its ability to be interactive. That's not to say privacy couldn't be improved. In particular, "Apps that can appear on t
  • at Gizmodo is so much higher than here. This comment included.
  • From what I read skimming through the paper they used software to analyze software.

    I'd initially hoped they'd done it on the hardware level; monitoring the mic voltage and tapped the ADC channels.

    I'm not surprised that shitty app devs are monetizing their users' data for a few extra cents. My particular concern is alphabet soup agencies and a creeping Staasi state doing it on some sort of fundamental level that bypasses permissions (and morality). Yes, I like my windows to have curtains, my mail to have

  • by dcw3 ( 649211 ) on Wednesday July 04, 2018 @04:22AM (#56890974) Journal

    It's not a conspiracy theory when articles like this refute your study.
    https://www.nytimes.com/2017/1... [nytimes.com]

The goal of Computer Science is to build something that will last at least until we've finished building it.

Working...