PAT PILCHER discovers that it’s not just conspiracy theorists accusing smartphone microphones of snooping – it really is happening!
For a very long time I’d dismissed stories of cyber-surveillance via smartphones as the delusional ranting of people who were either desperate for attention or who’d stopped taking their meds. The posts you’d see from such people usually screamed sensationally that the microphones on our phones are being used to record conversations. Now it turns out that there might be some truth to these rantings, and the snoopers are the usual collection of online marketers whose morals are shadier than a dog on a putting green.
According to XDA-Developers, the culprits are a firm called Alphonso. While that may sound like a character straight out of an episode of The Sopranos, their business model involves them selling media-consumption data. The clever (and oh-so-dodgy bit) is that they’re doing this via a software plugin that listens for audio signals in TV shows and movies. These embedded audio signals are ultra-sonic and above human hearing range, but can be detected by the mic on most smartphones. The Alphonso plugin is currently installed on over 250 mobile games and social applications downloaded from the Google Play store. A definitive list of affected apps has yet to surface.
Stuffing your phone under a cushion or in a bag won’t work either. The software is accurate enough to pick up the audio signal even when your phone’s in a pocket or bookbag. Alphonso say that they don’t record human speech, and that they disclose the software’s audio tracking capabilities in its app descriptions and terms of service (ToS) agreements.
I don’t know about you, but this strikes me as them hiding behind weasel speak and legalese. They know full well that no-one ever reads terms of service agreements in full. They’re often up to 5000 words long, written in a near indecipherable legal-speak and published in a 6-point font that requires an electron microscope to be viewable. Similarly, app descriptions are often vague to the point of being utterly useless. Being told that an app can use your phone’s mic is a lot different to the reality where your phone is using it snoop on your viewing habits. Most of us are in such a rush to install a specific app that we ignore app descriptions and grant permissions anyhow.
What is perhaps most alarming is the fact that the Alphonso code is in a large number of applications aimed at kids who are completely unaware of the risks involved. Exploitative much? I think so.
Getting accurate viewer demographic data for ratings is a hugely lucrative business. In the US alone, it is worth over $70 billion. Because of this, it is a fair bet that Alphonso’s code isn’t going to disappear anytime soon. Hopefully mobile security app vendors such as Symantec will start to detect, alert and optionally offer to remove Alphonso’s code soon.