Righthaven Tells Judge Handling All Its Colorado Cases That He's Wrong
Wisconsin County That 'Found' Lost Votes Apparently Has Major Voting Irregularities For Years…

Smartphone Apps Quietly Using Phone Microphones And Cameras To Gather Data

Privacy

from the hush-now dept

Mon, Apr 18th 2011 09:41am -

With the rise of smartphone apps, users don’t always know what features and functionality those apps may be using. Reports are coming out about various apps that use the phone’s microphone (and, sometimes, camera) in somewhat surreptitious ways to gather data. Now, of course, there are certain apps that people expect to use the microphone or a camera — such as music or TV show identification products. But it’s a bit of a surprise that apps such as the massively hyped (and then quickly panned) Color (which is a sort of photo sharing/location-based info service) is making use of your microphone and camera without most users realizing it:

Color uses your iPhone’s or Android phone’s microphone to detect when people are in the same room. The data on ambient noise is combined with color and lighting information from the camera to figure out who’s inside, who’s outside, who’s in one room, and who’s in another, so the app can auto-generate spontaneous temporary social networks of people who are sharing the same experience.

Another app discussed is, Shopkick, which gives people rewards for walking into certain stores. While you might think it could accomplish what it needs with GPS, apparently the stores in question have special devices that emit sounds that you can’t hear, the microphone on your phone can pick up, thus “confirming” that you really entered the store.

While the reasoning behind these may be benign, my guess is that most people would feel pretty creeped out about apps turning on either the microphone or camera, without explicitly warning the user and making it clear what’s going on (or letting them choose to turn on those features directly). Mike Elgan, who wrote the article linked above, notes (obviously) that surreptitiously turning on your microphone can provide marketers with all sorts of useful data (ya think?), so we should expect it to happen more and more often. Of course, all this is making me think that my Android phone needs an app that warns me whenever the microphone is turned on and lets me block it… Anyone writing that app?

Filed Under: , , ,
Companies: color

111 CommentsLeave a Comment
If you liked this post, you may also be interested in...
Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Smartphone Apps Quietly Using Phone Microphones And Cameras To Gather Data”

Subscribe: RSS Leave a comment
111 Comments
fogbugzd (profile) says:

Re: Re:

>>Android applications have to declare what access permissions they have on installation, so any app wanting to do this on Android will state that it can use the camera and microphone. If it’s not obvious why it wants access to those, don’t install it.

Good advice, but based on experience with my own family I think that page gets about as much attention from the average user as the click-thru EULA.

Chris Rhodes (profile) says:

Re: Re:

The problem is that a lot of the feature requests are general, and even if the feature is obviously required for functionality, there’s no way to limit how it’s used afterwards.

As an example, ShopSavvy just required a manual update for me. It requests access to the camera. Obviously, it needs access to read barcodes and such. But who’s to say what else it uses the camera for?

Steven (profile) says:

Re: Re: Re:

So your solution is what?

All people to sue when they don’t like something they were actively told about? At some point the consumer has to take some responsibility. Assuming the app in question isn’t misleading in it’s function I don’t see a major problem here.

The permissions for an app may not be very fine detailed, but they do give a good overview. If they were more detailed people would be complaining that the notice is too long and hard to read.

aldestrawk says:

Re: Re:

A person would downloaded an application and was informed about the application’s use of the microphone has given permission to be recorded. However, unless there is a feature which periodically blasts out a message from your cellphone’s speaker, other parties have not been so informed. That is a violation is many states. I don’t think an application writer could afford to overlook that.
The Shopkick application could process sound locally to identify when you’ve entered the store. Alternatively, if they are also identifying which store you entered from the sound, that would get sent to a server. A single sample could be used to determine this so I don’t believe they are transmitting conversations.
I don’t believe Color is recording conversations either. Look to my explanation down further in the comments.

Steven (profile) says:

To be fair...

For the most part the use of these items is legit. Using the GPS is great, but it’s not as accurate as most people think. It can often be off by quite a bit and it’s not reliable.

For that reason some apps (such as color) need additional information to identify your location. In the case of color (which I’m not associated with and don’t use, but have looked into) it basically hashes the ambient noise on a few specific levels to match people together. It’s not recording your conversations so all the developers can sit around and listen in.

Let’s be honest here, we’re talking about apps that openly inform us that they are going to collect our location and use that as part of the app experience. If this was some phone flashlight app that did this that is a whole different story.

I agree it’s important to know about these things (and I do like the idea about an alert app, although I’m not sure if you’d be able to identify the application using the resource) this is an area ripe for hyperbole that really just needs some care taken by users as to who you trust.

Steven (profile) says:

Re: Re: To be fair...

Like I said, it’s all about who do you trust.

You’re installing an app that tells you it’s going to use the mic. You have to make a judgment call, do I trust this app/company to use that mic access in an appropriate manner.

The app/company has it’s reputation to consider. It’s non-trivial, but certainly possible to figure out just what an app is doing and what information it’s sending. Bad behavior by high visibility apps will come to light.

herpderp says:

Re: Re: To be fair...

Well, luckily, it only takes one person bringing this up for people to start flipping out, and here all the examples are actually pretty legitimate, so now consider the public outcry when such an app were found out. While most people may be incompetent, there are some people out there who still read contracts before they sign them, or check which permissions they are approving before they install something on their phone.

In fact, the application which gives rewards for visiting stores and validates that the visit actually occurred using more than just simple GPS is incredibly reasonable when you consider that (it sounds like) they are offering tangible rewards for doing this and would leave themselves open to serious exploitation if simply using GPS. If you are using an android phone, you can use the standard operating system to mock a GPS location. It’s a feature mostly for developers, but is easy enough for anyone to do.

John Doe says:

What scares me...

I don’t mind apps using various bits of data within the app within my phone. What scares me is what data is it collecting and sending back to a central server somewhere? Not that I have anything to hide, I am quite boring by most people’s standards. But my info/location/etc is mine and nobody else needs to see it.

I love my Motorola Droid X, but I do worry about what info is being gathered. For example, a Bible app actually requests about every bit of access a phone has. Why does a bible app need any access rights at all? It can’t be using that info for just the app, it must be sending it back to the app creator.

Steven (profile) says:

Re: Re:

Apps can run in the background to some extent, but their lifecycle is controlled by the Android OS and they are subject to be killed at any time for any reason (you can even force kill an app in the settings).

Apps can also create/start ‘services’ which only run in the background. These are a bit different (and are shown in a separate section in the settings). Services have no UI, but are meant to run long term in the background. They can still be killed, but have different lifecycles.

Christina (profile) says:

to go a little further about color...

Just as most people never spend the time to read T&C’s (particularly online), another thing to note about COLOR is that the company is going in not as just another app, but as a data-mining research tool. This alone should have people really pay attention to what they’re signing up for.

We wrote a quick refresher on what Color is on our marketing website but we are very intriqued and been reading into what Color’s progress has been and can potentially become…
Looking through this on a pure marketing/advertising lens will prove that more information = more ways to seed new products/services to a very willing and voluntary mass.

Always a plus in an increasingly segmented, (fractured for others) media consumption’d world.

Christina

Anonymous Coward says:

Hardwired LEDs

If I recall correctly, the OLPC has a hardwired led which turns on whenever the camera is turned on (it is done on hardware, so there is no way any software can prevent the led from turning on whenever the camera is on).

Perhaps that should be done with smartphones too, for both the camera(s) and the microphone(s). Each has a separate led, and when the corresponding input device is turned on, the led turns on. It would not use too much power, since these devices (microphone and camera) are not meant to be on all the time, and at least the camera should use much more power than a small low-power led.

Mark Murphy (profile) says:

Detecting microphone usage, lighting up an LED

Of course, all this is making me think that my Android phone needs an app that warns me whenever the microphone is turned on and lets me block it… Anyone writing that app?

I do not believe that there is a way for an app to be notified that another app is using the microphone, sorry. Blocking it is even more out of the question — any app that could do that could just as easily permanently block the microphone. The problem is that most “user defense” apps like this would need capabilities that could be exploited by malware, causing problems worse than what we started with.

Perhaps [lighting up a hardwired LED] should be done with smartphones too, for both the camera(s) and the microphone(s).

For the camera, preview mode needs to be active for the camera to work. While there is a fairly arcane way to get around this, the net is that the vast majority of Android camera-using apps will have an on-screen preview of what’s coming in the camera lens. This will be more visible than an LED. There is no equivalent for the microphone, though.

aldestrawk says:

Re: from the horses' mouth...

Color isn’t necessarily using a hash function. What they need to do, according to their stated purpose, is to characterize the ambient sound of a place so they can identify that some group of more than one person is at a particular place. So, what they need is a fingerprint of sound which does not need to include any particular person’s actual speech. The fingerprint could be the result of a hash function, or not. I am making a distinction between a hash and a fingerprint because a hash cannot be reversed. More precisely, a cryptographic hash cannot be reversed, but any old hash may be rather difficult to reverse. One way of fingerprinting a waveform is with a Fourier transform. A Fourier transform can be reversed. The question is are they sampling often enough to be able to reconstruct a conversation? I doubt it, as the point of Color’s application is to identify a room and people don’t move from room to room that quickly.

Gracey (user link) says:

...feeling creeped out

Yes indeed, I believe I would feel very creeped out if I didn’t know the app was doing something like that.

Thankfully, I don’t use a smartphone, and I don’t use apps. Basic mobile that lets me call someone when I need to.

Trying to keep track of where my computer is sending stuff is bad enough, never mind having to worry about a mobile device.

All of this is making me feel very old, but at least I know enough to stay away from my son-in-law while he’s got his iphone on 🙂

Carter1984 says:

FCC been doing this for years

This is old news. Haven’t you read the Patriot Act or FCC regulations which have required all cell phones the ability to be remotely tapped into and their microphones or cameras activated even if the phone is turned off? No warrants necessary. The FBI loves spying on all 300 million American terrorists.

http://www.dailytech.com/article.aspx?newsid=5184
http://news.cnet.com/2100-1029_3-6140191.html

Freedom says:

Pet Peeve about Security Warnings...

This highlights one of the things that has always bugged me about the Security Approval Process on Android Phones/Apps.

You are told what the APP wants access to, but the developer isn’t forced to provide an explanation of why it needs access to XYZ part of the phone/OS.

It would also be nice to see a 3rd party privacy certification process that actually reviews the source code and provides an executive summary of what data is sent home, etc.

Freedom

Spirit_machine says:

re: Creepy Indeed

Bongo Bern

I would not be so sure about only giving away tracking information when you dial a number.
They track you every time your mobile connects to a tower for signal, so unless you keep your phone off all the time (and to be safe, wrap it in a Faraday cage.)

http://communications-media.lawyers.com/privacy-law/Cell-Phone-Privacy.html

http://thenextweb.com/asia/2011/03/03/beijing-to-track-citizens-with-their-cell-phones

Math says:

Big Brother is looking at you

Im maniac about new techno, i like everything in my galaxy s Android, its just a swiss knife with all the apps. Sometime i just get paranoid, if big brother want, its see me, know where i am, i call someone they know it too, my location, my search page, all my habit of consumer

, its all so personal.

Every phone so unique.

tired of technology (user link) says:

camera snooping

I’ve read that my cameras and mike on my note 2 can be remotely activated even when phone turned off. I have ab otter case that covers the back camera and I’ve noticed that whenever I remove the outer shell, exposing the rear camera lense, the camera flashes and takes a picture without my using camera option. Creepy. I keep front camera lense covered with piece of black electrical tape or masking tape. Not very high tech but keeps me from being surreptitiously viewed or photographed. Why would rear camera go off everytime I remove outer protective cover?

Corporate Office says:

necessary evil

I hear a lot of garbage from people such as “only criminals dont want to be tracked” and “If you got nothing to hide…” Or “If you’re not doing anything wrong…”. Ok I get that. But what about giving away trade secrets? Discussions on corporate operations? Lets say you’re discussing granny’s finances

AEV Vochten (user link) says:

Camera Surveillance

The best option is to turn off your phone when you are about to discus important things. Recently I saw a news item on this subject, where people were blackmailed with a picture of them in their own livingroom. This case was a security breach on the persons laptop camera, the hacker was caught and convicted, apparently he hacked about 400 camera’s just for fun. Camerabewaking

Anonymous Coward says:

Response to: Anonymous Coward on Apr 18th, 2011 @ 9:59am

It is illegal! Now if it is your phone noone should be accessing your apps settings camera etc from their own remote location! You sign something maybe releasing the carrier or maker if anything is hacked but I’m sure it is not worded that way! And then what your hacker does what? Maybe a spouse it doesn’t seem it would hold up in court if the pic or audio contained something bad! If Allstate has to tell you verbatim that the call ”may’ be recorded for quality assurance then i should have the right to block this hack!

Shubham (user link) says:

best smartphone in india

Advanced students in college or even high school can come up with many ideas for developing software applications for mobile devices. They can pass their ideas or suggestions on to others that are more advanced. Also, some students may develop their own applications with guidance from their instructors and friends.
best smartphone in india

MrEthiopian says:

Not allways true

so what do you do about Pre installed applications from your phone vendor? Good example is AT&T Family Map its an application that can track you and monitor and record from both Microphone and Camera. This is why you need to root your phone and take back control, if you truly want to be save put a third party open source ROM in-place of original from vendor.

John says:

Privacy

That app has already been written actually there are several, two of the best ones are “Dcentral” by John McAfee, and the Privacy Manager that is built in to the premium version of “Lookout” Internet Security. These programs will tell you what apps are able to access what on your phone, and I am not sure about Dcentral but Lookout has a feature in the Privacy Manager that will alert you whenever an application tries to access something on your phone, and give you the option to either trust it or uninstall it.

harga tv led terbaru says:

Welcome to proprietary protocols and walled in gardens. Your corporate masters enjoy selling their crap to idiots… because there’s plenty of idiots to go around.
To take it a step farther also by John McAfee’s company is a program called the “Dvasive”. This app allows you to lock your camera, microphone, bluetooth, and WiFi so that nothing can access it unless you yourself are using it. Very necessary in today’s world.
harga tv led samsung
harga tv led lg
harga tv led sony
harga tv led toshiba
harga tv led philips
harga tv led changhong

Anonymous Coward says:

Apps using microphones, cameras personal pictures, texts mdia Location without MY Consent JUST to use info for looking up info on stores etc. ?????

THIS IS A TOTAL form of invasion if privacy and a form of spying on innocent people, I have ffamily photos, and private conversations between my family and friends! How it Why is Any if that needed for a store appnor yelo ETC..? Simple it isn’t!!!!!! So makes me wonder the REAL reason????? GET OUT OF my. Life. Google. Do the. business. You originally set out to do
!
Funny. All the Google users info out there. But I just watched Hillary BS her way through 11 hours ,maybe keep better tabs on those who NEED theMICRO. MANMANAGING. For our safety!!!!!!

CIQ says:

A friend of mine owns a Samsung phone. Him and his wife have private conservations in their home or car… Phone present but not being used,,, just laying there… Very shortly after discussing a topic or item, they get ads related to what they were just talking about it. Again they were not talking on the phone to each other… The phone just happened to be nearby and on. She even gets emailed adds with the subject matter they were discussing! How messed up is that!

Alexi (profile) says:

I knew there was a good reason to wait on the iPad 2. A camera on my first gen iPad would have been nice, but I think I’ll wait a bit for that security app. I still get majorly creeped out by the mall scene in “Minority Report.” if you need to download any premium apps, just refer http://www.vshareappdownloads.com/uncategorized/vshare-for-ios-10-1-1on-iphoneipad/ vShare

Astrol App (profile) says:

Set Reminders to Help you Manage your Day

The Astrolapp best event app is a valuable tool for promoting an event management mobile app that engages and excites attendees, as well as keeps those who are not there in the loop on events organizer app what’s taking place.With best event app specific hashtags.

Everyone can follow along with the chatter surrounding the event management mobile app and feel more inclusive one of events organizer app goals, after all.Best event app to social media sites like Twitter, Facebook can really boost event management mobile app networking opportunities, especially when splashed across social media screens during events organizer app.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Righthaven Tells Judge Handling All Its Colorado Cases That He's Wrong
Wisconsin County That 'Found' Lost Votes Apparently Has Major Voting Irregularities For Years…
Follow Techdirt

Techdirt Daily Newsletter

Ctrl-Alt-Speech

A weekly news podcast from
Mike Masnick & Ben Whitelaw

Subscribe now to Ctrl-Alt-Speech »
Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...