If you’re afraid that your smartphone is spying on you…well, you’re right. But that’s kind of a non-optional part of modern living: amassing huge amounts of consumer data is how companies like Google operate. But recently some third-party apps have been found taking a few more liberties than they should, like a HAL 9000 in your pocket.
The New York Times reported in late December that hundreds of Android apps have been found snooping on their users with the built-in microphones on smartphones. Specifically, these apps are listening for TV show broadcasts, commercials, and even movies you watch in the theater, amassing information on what kind of things you like to watch. The third-party software, from a company called Alphonso, has been embedded in many Android apps available for free on the Play Store. Some of the apps are also available on the iPhone, and their App Store entries claim to use the same technology and snooping habits.
Why Listen to TV Broadcasts?
Alphonso’s software uses the same technology that Shazam and similar services employ to automatically detect the song you’re listening to. It samples small bits of audio, creating a digital “fingerprint” of it, and comparing it against a a database on their server to identify the show or movie. In fact, Alphonso’s CEO says they have a deal with Shazam, and use their specific technology to do this. But this embedded software can even be listening even when your phone’s screen is turned off and it’s ostensibly idle.
Why? It’s all about the advertising. Marketing firms know that people who watch certain TV shows are more likely to buy certain products. For example, if you’re binge-watching the latest Marvel Comics show on Netflix, it’s reasonable to assume you’d click on an ad for an Avengers Blu-ray sale the next time you’re browsing Amazon. If you watch Hawaii Five-0 on CBS, you might be a little more interested in a cruise line package vacation than, say, airfare to New York City. If you watch NBC Nightly News, you might be more likely to want a subscription to the Wall Street Journal.
These minor connections and thousands more like them build up a profile of you as a consumer, connected to your digital identities on Google, Amazon, Apple, Windows, Facebook, Twitter, and more or less every major mobile and web hub out there. It’s not exactly insidious—you’re not being forced to do anything you don’t want to—but every piece of data and every connection made in these profiles serves a single purpose. That purpose is to make you more likely to buy stuff, and that makes the data collected incredibly valuable.
Hence the somewhat sneaky methods companies like Alphonso are reaching for to get even more data about your life and your desires. The more data they collect, the more complete the picture they can form of you as a consumer, and the more advertisers will pay them. It’s not illegal, and some of them are toeing some very thin lines to keep it that way. Alphonso claims it never records the voice data of human speech from people, only the audio coming from TVs and other electronic devices. But there’s no denying that the idea of your phone listening to what’s going on around you is creepy, especially if you haven’t specifically asked it to do so.
Ironically, Facebook has been repeatedly accused of this same snooping behavior, despite zero evidence that it was actually going on. Security researchers still haven’t found any evidence that the Facebook app activates your phone’s microphones without telling you…but it’s entirely possible that Facebook’s advertising partners are using data collected by other apps that use Alphonso and other data collection companies to serve you relevant ads.
How Do They Listen In?
You let them. No, seriously: these apps have to ask your permission to listen to you. But they’re not entirely honest about when they’re listening, what they’re listening to, why they’re listening at all, and what they do with the data they collect.
Let’s have a practical demonstration. I’ve downloaded one of the applications identified in the New York Times article on my Android phone. It’s a free-to-play darts game known as Darts Ultimate. After running the app for the first time, it asks for permission to access your location and microphone. This one actually explicitly tells you it’s listening to your TV as well.
Think about it: what possible need could a simple game about darts need to have access to your phone’s location? Why would it need to listen to the microphone for anything? It doesn’t: this is information it passes along to marketing and advertising firms. And now, through the Android permissions system and a single pop-up—those things that the vast majority of users will simply tap “OK” on without thinking—it has your permission to do so.
What the app isn’t telling you is that it’s using software embedded in the game and APIs in Android’s operating system to listen in to television and streaming broadcasts even when the phone isn’t on. In addition to being unsettling, the app’s developer is making money off of you and your phone without you even playing the game, not to mention using your phone’s processing power and battery on things you’d probably prefer it wasn’t.
How Can You Stop Them?
The easiest way to stop these apps from snooping in on your TV binging is simply to uninstall them, or never install them in the first place. Keeping a ton of unnecessary apps on your phone, especially from the kind of unscrupulous developers who’d take a kickback for putting extra advertising software in their ad, is a good way to kill its performance.
The next best thing is to keep an eye on those permissions as you use apps. In Android 6.0 and above, an app has to manually request permission from the user to access hardware like the microphone, and ask it at the first point of use. iOS now works the same way. Simply tap “Don’t Allow” in the permission pop-up for anything that you don’t think the app really needs to use. This is a good general policy, in fact, and games and other simple apps shouldn’t be asking for these permissions in the first place. Here are few of the more risky ones to look out for:
- Cellular Data
Some apps might have a legitimate use for a permission that isn’t immediately obvious. For example, plenty of apps request access to the Phone permission just so they can save or pause if you get an incoming call. But there’s rarely reason for a simple game to need access to your SMS texting capability. Some apps might cease working altogether if one or more permissions are denied—for example, Pokemon GO can’t work without knowing your location. You’ll have to decide for yourself how much access is appropriate based on the app.
If you want to remove permission from any apps, here’s how to do it.
If you have an Android device, go to the main Settings menu, then tap Apps. Tap the specific app you want to adjust.
Tap “Permissions.” This will show you a list of permissions that the app has requested, and which ones are currently enabled. Simply tap the slider on the right side of the screen to enable or disable permissions individually.
For more details about handling Android app permissions, check out this guide.
On the iPhone and iPad
On iOS, the Settings menu allows access to a master list of which apps have access to specific permissions (called “Access” in the interface). These are broken up into different sections, though. In the main Settings menu, tap “Privacy.” Each of the sub-sections in this screen will list all of the apps using their respective permissions, allowing you to selectively disable them one by one.
If you’re more concerned about a single app, go back to the main Settings menu and scroll down until the app appears in the list. Tap it and you’ll see all the permissions it’s requested and been granted under “Allow [app] To Access.” You can tap each individual permission to enable or disable it.
You can read up on managing permission access in iOS here.
Again, the best way to retain your privacy from apps like this is to not use them in the first place. Pay attention to every popup you see, think about why an app may be requesting the permissions it does, and if anything seems fishy, look it up on the app’s store page or website—or ignore it entirely.
Image credit: William Potter/Shutterstock.com.