If you think your phone is spying on you, well, you’re probably right. From sleazy political apps gobbling up your social media data to apps illegally tracking children, there are all sorts of ways your phone can rat you out. But there’s one way that it’s not doing so — namely, listening to your conversations. The bad news? In disproving one conspiracy theory, the researchers uncovered an equally invasive method of spying.
It all starts with the commonly held belief that tech companies are turning on your phone to listen to your conversations, and like any good conspiracy theory, there’s a solid kernel of truth. It’s never been hard to turn on the microphone, and if you look at app permissions, you even will see “enabling microphone” on some apps. Usually, the proof is that you talked about something with a friend and then suddenly there’s an ad for it. Of course, no app developer would be dumb, or arrogant, enough to admit this, so a team at Northeastern University spent a year downloading and testing thousands of apps to see just what information they sent out.
They didn’t find a single instance of an app recording your voice without your direct consent. That’s the good news. The bad news? They found apps are recording your screen without your knowledge:
We find a previously unreported privacy risk from third-party libraries. Namely, they can record the screen from the app in which they are embedded without requiring any permissions. Apps often display sensitive information, so this exposes users to stealthy, undisclosed monitoring by third parties.
This might even be happening without the developer’s knowledge. The team found many app developers were simply using third-party code with little understanding of what it might do. If that weren’t bad enough, they also found that many apps were asking for access to sensors that they didn’t use, creating a sort of backdoor. If, for example, a developer hands off its app to a less ethical company, that company can use those permissions without informing you. It also noted a lot of apps sent your information to third parties without disclosing it, such as using cloud processing to handle data, which could expose your information to pretty much anybody with the skills to take a look.
In short, the conspiracy theory was wrong, not because it had too little faith in the competence and decency of app developers, but not way too little. Your phone may not be listening to you, but it’s snitching on you in a host of other ways. So before you download an app, take a look at what it wants from you. Free apps may cost a little too much when it comes to your privacy.