For years, conspiracy theories about smart phones listening to users without their permission to show them advertisements have abounded. While some researchers have shown this could happen, a first of its kind study just found something far more insidious. Academics at Northeastern University have just proven that your phone is recording your screen—as in taking video—and uploading it to third parties.
For the last year, Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson, and David Choffnes ran an experiment involving more than 17,000 of the most popular Android apps using ten different phones. Their findings were alarming, to say the least.
As Gizmodo points out, during the study, the researchers started to see that screenshots and video recordings of what people were doing in apps were being sent to third-party domains. For example, when one of the phones used an app from GoPuff, a delivery start-up for people who have sudden cravings for junk food, the interaction with the app was recorded and sent to a domain affiliated with Appsee, a mobile analytics company. The video included a screen where you could enter personal information—in this case, their zip code.
The fact that these apps can record your screen without you knowing and use this data is chilling. It illustrates how easy it would be for a malicious actor to be able to look at your private messages, personal information, passwords, photos, and videos. None of this is stopped by your phone’s security either as it is a function built into the apps and you don’t have an option to disallow it.
According to Gizmodo, the researchers will be presenting their work at the Privacy Enhancing Technology Symposium Conference in Barcelona next month. (While in Spain, they might want to check out the country’s most popular soccer app, which has given itself permission to access users’ smartphone mics to listen for illegal broadcasts of games in bars.)
As for the theory that your phone is listening through your mic, the researchers could not debunk it. Due to the nature of the study — using automated programs to interact with apps — the spying apps may have not been triggered the same way they would if a human was using them.
Although they didn’t find evidence your phone was listening to you, this does not mean it doesn’t still happen.
“We didn’t see any evidence that people’s conversations are being recorded secretly,” said David Choffnes, one of the authors of the paper. “What people don’t seem to understand is that there’s a lot of other tracking in daily life that doesn’t involve your phone’s camera or microphone that give a third party just as comprehensive a view of you.”
The authors of the study, titled Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications, concluded:
Our study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent. We also identify a previously unreported privacy risk that arises from third party libraries that record and upload screenshots and videos of the screen without informing the user. This can occur without needing any permissions from the user.
In the age of technology, privacy and security are the only things that separate us from a total surveillance grid. Unfortunately, as this study illustrates, we have very little of both.