Is your smartphone secretly listening to you?
Technically possible, but researchers, security experts say likely no
We’ve all been there. You talk on the phone with a friend about something, say sneakers, and then a little later see an ad for the latest Nike shoes in your Facebook feed.
It’s almost like your phone, or one of the apps installed on it, is listening to everything you say.
Could that be true? Or is it just a modern myth?
Well, it’s technically possible for phones and apps to secretly record what you say. And lots of people sure seem to think they do.
According to a nationally representative phone survey of 1,006 U.S. adults conducted by Consumer Reports in May 2019, 43% of Americans who own a smartphone believe their phone is recording conversations without their permission.
But, to date, researchers have failed to find any evidence of such snooping.
The scary thing, according to security experts, is that there are much more efficient ways to learn all about you without ever having to eavesdrop on that never-ending conversation with your mom.
Possible, but not practical
During the 2017-18 school year, researchers led by Northeastern University computer science professor David Choffnes set out to see whether they could catch a smartphone spying on what they said.
Using an automated test program, they analyzed more than 17,000 popular apps on the Android operating system and did not find a single instance where an app activated a phone’s microphone and leaked audio data.
Michael Covington, a vice president at Wandera, a mobile security company, says his researchers performed a similar study, focusing on high-profile apps known for large-scale data collection, including Amazon, Chrome, Facebook, Instagram, and YouTube.
They too found no evidence of secret recordings.
In the end, given current technology, Choffnes explains, recording audio just isn’t a very practical way to gather market intelligence, because accurately translating that audio into text for analysis would require massive amounts of computing power, especially if done on a large scale.
If snooping of that volume was going on, undetected by researchers, he adds, it would probably involve state-sponsored hackers, who hunt for fish much bigger than the average consumer.
While that all makes perfect sense, it still doesn’t explain why so many people believe they're getting ads inspired by private conversations, Covington says.
“What we’ve done is provide some insight into what advertising platforms aren’t doing,” he argues. “But, they clearly are doing something that’s allowing them to target those ads so well.”
If not with a microphone, how?
When it comes to collecting data on consumers, there’s no shortage of effective options. Companies from Google on down to the tiniest developer of time-wasting games routinely record personal info --names, birthdates, credit card info -- simply by asking for it.
Many also track your location throughout the day using your phone's GPS and nearby cell towers or web beacons.
And Facebook monitors your browsing habits beyond the confines of its own platform, thanks to a tiny, transparent image file known as a Facebook Pixel that's placed on websites across the internet to track what you watch and read and place in your shopping cart.
In Choffnes’ study, the researchers also found that 9,000 Android apps were secretly taking screenshots or recording videos of smartphone activity and sending them to third parties. In one case, a food-delivery app recorded video of the user’s activity and shared it with a data-analytics firm.
One screenshot captured ZIP codes. Imagine if others revealed usernames, passwords, or credit card information.
Clay Miller, chief technology officer for the mobile security firm SyncDog, says that while apps are designed to be "sandboxed," meaning they withold user data from other apps, data can sometimes cross over through a phone’s operating system.
Still, it's more likely that, at some point, you paused to admire those sneakers you were discussing with your friend online, Miller notes. And perhaps didn't realize -- as few people do -- that companies like Google combine data from their many free apps, creating a profile for ad targeting purposes.
So, if you were to do a Google search for a particular kind of sneaker and use Google Maps to drive to a shoe store and your Gmail account to sign up for a shoe store’s mailing list, you can bet you’re going to get ads for sneakers in your Chrome browser.
And, thanks to all that data-tracking software tied to Facebook, you'll probably see the same ads in your Facebook feed, too.
If that weirds you out, try to limit the access those companies have to your browsing history by not using the universal sign-on features offered by Google and Facebook and by not signing into the Chrome browser, Miller says.
Keep an eye on the permissions granted to your apps, too, Covington adds. If you don’t think that gaming app needs access to the camera or microphone on your phone, revoke it.
To see exactly what permissions you've given to each app on an iPhone, go to Settings > Privacy > and then scroll down to a category such as Camera. There you'll find a list of apps with permission to use your camera along with toggle switches to withdraw that access.
On an Android phone, go to Settings > Apps > and scroll down and click on a specific app. The next screen will show you what permissions that app has and allow you to turn them on or off.
“A lot of people might not connect the dots and realize that they’re trading their data and privacy for a free service, but that’s the world we live in,” Covington says.
All Consumer Reports material Copyright 2019 Consumer Reports, Inc. ALL RIGHTS RESERVED. Consumer Reports is a not-for-profit organization which accepts no advertising. It has no commercial relationship with any advertiser or sponsor on this site. For more information visit consumer.org.