Algorithmic Accountability Reporting
Is your phone listening to your conversations?
How we used software analytics to find (some) answers
Despite many articles claiming otherwise, there is no doubtless answer to this question so far. We used reverse engineering techniques to gain more clarity and discovered some disturbing details.
(All tests were carried out in cooperation with PULS Reportage. You can watch the resulting film here [in German].)
Do you know this feeling? You’re sitting at dinner with friends and you’re talking about a topic you’re sure you’ve never looked up online. Short time later, you’re seeing ads everywhere for products that match the topic.
The internet is full of stories of people swearing that rather unusual or niche conversation topics led to very specific ads — e.g. talks about cat food or the sudden intentions to start a new university degree.
Others even report that every topic of their conversation, no matter how far-fetched, led directly to matching social media ads.
As convincing as these experiences may sound, they are purely anecdotal and do not have the capacity to confirm anything for sure. A valid scientific proof would look different.
Therefore, it’s hardly surprising that app manufacturers and especially the major social networks vehemently deny that they are eavesdropping on us for advertising.
Facebook founder Mark Zuckerberg even denied these allegations before the U.S. Congress in 2018.
We analyzed the technology to find out what is actually possible
But which is true? The fact is that although the question is simple, the answer seems to be rather complicated. This is the reason why we started to read patents and scientific publications related to the topic, and of course, we talked about specific products near our phones.
However, our actual objective was to use technical means to find out whether apps are secretly listening to us or are at least theoretically capable of doing so. We soon realized that much more was possible than we had expected.
- Are smartphone apps capable to secretly turning on our microphones?
We were able to investigate this question because of the special, interdisciplinary structure of our team: At BR AI + Automation Lab, both journalists and programmers work on journalistic topics and software products.
For our first test, our colleague Sebastian Bayerl programmed two apps — one for our Apple test device iPhone 12 with iOS version 14.7.1 and one for our Android test devices Samsung Galaxy A22 5 G and Redmi Note 8 pro both with Android version 11 — , which should try to listen for as long as possible.
The reason why we have chosen these two operating systems is that they are the most popular ones.
This first test was necessary because apps don’t work in a vacuum, but have to adapt to the rules of the operating systems they run on.
Android and iOS have their own rules
On both iOS and Android, apps often have different permissions depending on whether they are running in the foreground or background.
Put simply, an app has more permissions when it is actively open, that is, when it is directly in front of you on the screen and you can interact with it. If it is still open but not visible, the app is running in the background and should — at least in theory — have less ability to do things unnoticed.
It is also possible to close the app entirely and thus prevent it from continuing to run certain processes in the background. Here you can see how to close an Android app and an iOS app properly.
In addition, apps on iOS and in newer Android versions have to ask for permission first if they want to access the microphone. On iOS, there are only two options: Either you allow the app to access the microphone — or you don’t.
Newer Android versions, including the latest version 12, offer users three permission options for the microphone: “While using the app”, “Only this time”/”Ask every time” and “Don’t allow”.
At first glance, none of these options sounds like they would give apps uncontrolled, surreptitious access to the microphone. But is that really the case?
Our test app was able to record conversations
To test this, we gave our test app running on the Android 11 devices the “While using the app” microphone permission. This gave us the capability to…
- … continuously listen to our test users while they were actively using the test app, i.e. while the app is running in the foreground and they were only scrolling through the app
- … continue to listen for at least one minute after the app was moved to the background and the screen was not switched off (e.g., while our test subjects were actively using another app) — without users being able to notice it
- And most importantly, with a very simple trick, we were able to eavesdrop on our test users for over an hour while their screen was switched off, and secretly send the recorded audio files to our own servers
Up to and including version 11, Android does not show a notification to users in any of the described cases. Thus, users cannot perceive the microphone access in any way.
Our test showed: Normally, if you use an app and then turn off the screen when the app is open, it can record all ambient sounds unnoticed for 30 seconds despite the black screen. After these 30 seconds, Android interrupts the recording.
This limitation however can be outsmarted with a few lines of code.
Android specifies that apps running in the background must show the user a notification when they want to use the microphone (or the camera, for example). In most cases, this makes perfect sense: When you see the screen, you also see the notification.
Invisible messages enable extensive audio recordings
Our app only displayed this notification when the screen was switched off and therefore users could not see it. When the test users turned on the smartphone screen, the notification disappeared immediately and the audio recording stopped as well.
Thus, we could secretly listen in for over an hour, even though the smartphone was seemingly innocently lying on the table with a black screen. We interrupted the recording after more than one hour and assume it would be highly possible, that we could have listened for much longer without the operating system preventing it. Similar to our app, any Android app could silently turn on the mic.
Does this work for iOS, too?
In theory, yes, but not so well in practice.
- In newer iOS versions, apps that are running in the foreground can be recognized by a small yellow dot in the status bar — this does not make permanent listening technically impossible, but users are more likely to notice it.
- Permanent listening would be even more noticeable if the app is in the background. Depending on the iOS version, this is indicated by a much larger microphone sign or a completely red colored status bar
- Secret listening when the screen is turned off is impossible, because iOS, unlike Android, does not provide a way for apps to respond to a turned-off screen by turning on the microphone
However, in the meantime, Android has followed suit. The described eavesdropping mechanisms only work for versions up to and including Android 11. The latest version Android 12 has introduced similar privacy measures as iOS.
You now see a small dot in the status bar when an app accesses the microphone. In addition, you can also track which apps have used the microphone in the past few days in the so-called Privacy Dashboard. Not all Android phones are likely to receive this update, though.
Can I protect myself from secret microphone recordings?
We think you can protect yourself from this rather simple type of attack by not allowing apps to access the microphone or at least selecting the “ask every time” option.
Also, unwanted microphone access can be prevented by not turning off the screen when an app is open and always closing all apps properly after use.
2. Are there other ways my phone can secretly listen to me?
The truth could be much more complex — and quite disturbing. After all, whether the microphone is even necessary to secretly eavesdrop on us is anything but clear.
In addition to our microphone test, we also conducted another test whose practicality is disputed among scientists.
The idea is that whole conversations or key words (product names or even significant parts of sentences like “I like…”, “I want to buy…”) can be recorded not only using the microphone, but also with other smartphone sensors.
Namely, with the motion sensors: the accelerometer, which enables the smartphone to count steps by measuring acceleration, and the gyroscope, which determines the smartphone’s orientation in space (e.g. landscape or portrait mode).
If the data generated by these sensors could be used to record spoken language that would be somehow dangerous, since apps do not have to ask users for permission to process motion sensor data.
Is it possible to record words via motions?
Both accelerometers and gyroscopes in smartphones are tiny components only a few millimeters in size. For the most part, they essentially consist of a miniature weight suspended between springs that can move back and forth between them.
The sensors are capable to measure the change in position of this weight. This change in position occurs, for example, when the smartphone suddenly moves.
The measuring parts of the motion sensors are so tiny that they could theoretically be moved by speech. This is conceivable, because sounds are nothing more than moving air particles — also called sound waves.
Whether these sensors are sensitive enough to measure sound waves produced by speech is disputed among scientists.
That’s why we tried it out ourselves
Our colleague Sebastian programmed two apps that permanently read the motion data generated by the sensors on both iOS and Android and visualize the data stream.
We tested the apps and quickly realized that we couldn’t see anything. At least when we simply spoke next to our smartphones, it was impossible to see any significant data changes. This doesn’t necessarily mean that it’s impossible to reconstruct speech from very small changes in the recorded data using certain AI algorithms. However, it’s probably a rather speculative assumption.
For conversations played back over the built-in speakers, the situation appeared to be quite different. When we used the smartphone speaker to make phone calls, listen to voice messages and play music, the data suddenly showed significant changes.
Motion data is not only poorly restricted, but also dangerous
To reconstruct words or entire sentences from this type of data, AI algorithms would need to be trained to recognize the specific data patterns of individual words. We haven’t tried this ourselves, although U.S. researchers have already successfully shown that it is possible to extract words from motion data.
This means that if apps can access motion data without permission, it is theoretically possible for any app to eavesdrop on our phone calls and voice messages — at least when we turn on our speakers.
How meaningful this data is appears to depend on the hardware and the operating system. The Redmi 8 Android smartphone we used showed very noticeable data changes, while we could detect almost nothing on the iPhone. That is because iPhones seem to limit the data rate of their motion sensors to 100 Hz, a frequency range that is most likely too narrow to record speech in an effective way.
Sensitive health and location data can be derived from motion sensors
Whether an app uses motion data to secretly spy on us is completely unclear. Nevertheless, there are reports on the Internet that apps use the accelerometer for no apparent reason.
This is definitely worrisome, because “[a]ccelerometer data alone can be enough to provide information about a device owner’s location, activities, health status, body characteristics, gender, age, personality traits, and emotional state.”
The simple explanation for this is that motion sensors can register even the smallest movement at any time. At least in theory, apps like Facebook or YouTube can compare your movements with the data of all their users.
If you are on the same train or car as someone else, they might know based on synchronized braking, acceleration, etc. And if you’re sick, they might know based on a significant change in your movement characteristics.
All companies vehemently denied our allegations
We confronted some of the biggest social media advertising platform operators with our findings.
Meta, the parent company of Instagram, wrote: “Facebook, Instagram or WhatsApp do not listen in or use the cell phone microphone to influence advertising in any way.”
From Google we received a similar response to our request, which referred to both Android and YouTube: “Google, and therefore YouTube, do not use ambient noise from devices to serve ads.” Google also wrote that apps that misuse sensitive data are prohibited: “We review every app and developer in Google Play and block those that violate our policies.”
We uploaded our test app to the Google Play Store
To verify this claim, we uploaded our test app to the Play Store. We were able to do so without any problems. The app was not blocked by the Play Store, although it is capable of secretly recording audio files in the fore- and background.
We deleted the app from the Play Store right after the successful upload. Then we asked Google again about the Play Store review process, but got no answer.
In addition to Meta and Google, we asked other social media companies about their use of recorded audio data. Twitter wrote, “Protecting the safety and privacy of everyone who uses Twitter is our top priority.” The company also cites its own privacy policies. TikTok did not respond to our inquiry and multiple requests for comment.
When asked if they were aware of apps using motion sensor data to infer conversation content, we did not receive a response from Google. Apple told us that they are not aware of this approach being tried by any app in the App Store.
Do we know for sure now that apps are eavesdropping on us for ads?
No. Our tests are only providing some circumstantial evidence that we still don’t know enough to rule this possibility out for sure. Therefore, we should take into account that other theories could also explain why we see ads that match our conversations.
- One of these theories is called “frequency illusion”. It describes the phenomenon that once you’ve learned something new, you suddenly start seeing it everywhere
- Another explanation could be related to ad targeting groups: Advertisers tend to group people with similar interests. If you see a certain ad, there might be a chance that people “similar” to you did already search for it online (while you are still only talking about it)
- Another theory relates to the idea that social networks like Facebook, Instagram or TikTok are constantly monitoring where you are and with whom. Tracking who logs into which Wi-Fi, or detecting nearby devices via Bluetooth or Bluetooth Low Energy, is theoretically conceivable. This could explain why you see ads for a product a friend has been searching for online (and that you also talked about)
Audio data could be particularly valuable for companies
That said, it must still be taken into account that companies may have a vested interest in collecting audio data.
For example, TikTok changed its privacy policy last year, stating that from now on it would collect and store so-called “voiceprints” of its U.S. users. In short, voiceprints are used to uniquely identify users by their specific voice patterns.
The company did not answer our question as to why TikTok collects this data and whether European users are also affected. Other companies such as Meta have already published patents for this technology as well.
Another value of conversational data is to find out how many different people are involved in a conversation via so-called AI speaker recognition.
Moreover, hidden audio recordings have already been used by apps to analyze users’ television consumption using inaudible ultrasound signals. These examples are only a small selection of many conceivable analysis possibilities that are only given by audio data.
Apps don’t need to send audio files to their servers
Another assumption that is often made is that eavesdropping apps would generate too much data. In very trivial technical scenarios, this can be the case. If applications were to send unedited audio recordings to a server, the recordings could be detected in the data stream (which has also been tested several times).
Although, this approach does not correspond at all to state-of-the-art technology — many companies now use on-device speech recognition. Such models are no longer particularly large compared to the entire file sizes of many apps and can translate speech into text data directly on the device.
In an encrypted or distributed form, this small text data would be very difficult to spot in a data traffic analysis — if at all.
Under certain circumstances, it is therefore possible for apps to eavesdrop on us. But do they actually use this possibility? To find out, we used various technical analysis approaches.
Apps can always know if their behavior is being monitored
To observe the behavior of an app, you have to do a few things, such as put the phone in a special state called developer mode. Apps can “ask” the operating system if these suspicious conditions exist. Therefore, they can know if they are being watched — or not.
In many cases, this is a security feature that is supposed to protect banking apps from being taken apart and analyzed by hackers, for example. In some cases, however, this also becomes a potential transparency issue, which we referred to internally (in reference to the diesel emissions scandal) as the “test stand theory”.
Whether this is more than a mere theory, though, is completely unclear. We only have found that it is possible for apps to know at any point in time if they are being monitored.
Since many apps encrypt their program code elaborately and only load code parts from their servers during runtime, it is conceivable that such behavior could go unnoticed for a long time.
We carry a black box around with us — and that’s a problem
The fact that apps protect themselves from hackers and probably also from curious analysts is indeed widespread: “Such anti-analysis techniques are very common”, says Ulf Kargén, who investigates such and similar questions at Linköping University in Sweden. He and his colleagues recently found that 95% of the most popular apps on Google Play use one or more techniques to protect themselves from being analyzed.
Often this analysis protection could be bypassed and only a very small percentage of apps would protect themselves with the strongest available means.
“These more advanced measures represent a significant step-up in terms of both the expertise and time required to reverse engineer an app, but given enough time it is still possible.”
We heard similar statements from several security researchers: With a lot of time and resources, any app can be analyzed. Who undertakes these efforts and whether the results are subsequently made available to the public is another question.
Are our phones listening in? At the moment we — like many others — cannot give a final answer to this question.
Nevertheless, our job as programming journalists working in tech-savvy, interdisciplinary teams like the BR AI + Automation Lab is to use analyses like this to point out where transparency is lacking in technical systems and why it’s a problem:
Because in cases like this, we have to trust software manufacturers to handle our data responsibly and not use it against us.
