• Apps Aren't Hijacking Your Mic (but may be recording your screen)



    What we're looking at here is a bunch of Android phones being tested by researchers at Northeastern University, seeking to prove or disprove the popular conspiracy theory that apps like Facebook passively spy on you through your phone's microphone to show you ads based on your conversations with others.

    The researchers analyzed Internet traffic generated from 10 Android phones and 17,260 apps, and found no unauthorized transmission of audio. They did, however, find evidence of apps recording screen activity and sending those recordings on to third parties.

    Gizmodo's reporting of this story cites the specific example of goPuff, an app that enables the delivery of junk food to college students. Researchers found that this app was surreptitiously sending screen recordings to an analytics company called Appsee, which has an entire page devoted to their screen recording technology:

    Every tap, swipe, and action of every screen is recorded, allowing you to gain instant insights of your appís user experience [...] Even one video can illustrate an obstacle that many of your users are grappling with. Thatís why you have complete control in terms of the ratio of recorded users. You can even choose to record sessions based on parameters such as which screens they visit, their demographics, or their mobile device OS.
    There's even a video demo of a recorded screen:



    According to Appsee's CEO, the offending app violated his company's terms of service, as any screen recordings must be disclosed to users. The developers of goPuff have since added a disclosure to their privacy policy. Google itself has also weighed in on the matter; in an email to Gizmodo a spokesperson said that Appsee's screen recordings may put developers at risk of violating Google's Play Store policy.

    Source: Gizmodo

    ---------
    This article was originally published in forum thread: Apps Aren't Hijacking Your Mic (but they may be recording your screen) started by acurrie View original post
    Comments 2 Comments
    1. thetam's Avatar
      thetam -
      Thanks Mr Accurie for a great articles, i totally agree withyou about researchers and you.
      --------------
    1. below20's Avatar
      below20 -
      So I went to Play Store's goPuff app page. Its most recent version is updated Jun 15.

      https://play.google.com/store/apps/d...om.main.gopuff

      I don't see the permission to read screen. So how is it doing it?

      Also, I really doubt the test is conclusive. Just because an App is not listening does not mean it won't be listening. It may just take a single command from the mothership to turn all installed apps into a massive spying platform. A static analysis of the code would be a lot more reliable.