years, conspiracy theories about smart phones listening to users
without their permission to show them advertisements have
abounded. While some researchers have shown
this could happen, a first of its kind study just found
something far more insidious. Academics at Northeastern University
have just proven that your phone is recording your screen—as in
taking video—and uploading it to third parties.
the last year, Elleen Pan, Jingjing Ren, Martina Lindorfer,
Christo Wilson, and David Choffnes ran an experiment involving
more than 17,000 of the most popular Android apps using ten
different phones. Their findings were alarming, to say the least.
out, during the study, the researchers
started to see that screenshots and video recordings of what
people were doing in apps were being sent to third party domains.
For example, when one of the phones used an app from GoPuff,
a delivery start-up for people who have sudden cravings for junk
food, the interaction with the app was recorded and sent to a
domain affiliated with Appsee, a mobile analytics company. The
video included a screen where you could enter personal
information—in this case, their zip code.
users screens and uploading this data to a third party. What’s
more, when they were contacted by the researchers GoPuff merely
added a disclosure to their policy acknowledging that “ApSee”
might receive users PII.
fact that these apps can record your screen without you knowing
and use this data is chilling. It illustrates how easy it would be
for a malicious actor to be able to look at your private messages,
personal information, passwords, photos, and videos. None of this
is stopped by your phone’s security either as it is a function
built into the apps and you don’t have an option to disallow it.
to Gizmodo, the researchers will be presenting their
work at the Privacy
Enhancing Technology Symposium Conference in Barcelona
next month. (While in Spain, they might want to check out the
country’s most popular soccer app, which has given itself
permission to access
users’ smartphone mics to listen for illegal broadcasts of games
for the theory that your phone is listening through your mic, the
researchers could not debunk it. Due to the nature of the study —
using automated programs to interact with apps — the spying apps
may have not been triggered the same way they would if a human was
they didn’t find evidence your phone was listening to you, this
does not mean it doesn’t still happen.
didn’t see any evidence that people’s conversations are being
recorded secretly,” said David Choffnes, one of the authors of the
paper. “What people don’t seem to understand is that there’s a lot of other
tracking in daily life that doesn’t involve your phone’s camera
or microphone that give a third party just as comprehensive a
view of you.”
authors of the
study, titled Panoptispy:
Characterizing Audio and Video Exfiltration from Android
Applications, concluded: “Our study reveals several
alarming privacy risks in the Android app ecosystem, including
apps that over-provision their media permissions and apps that
share image and video data with other parties in unexpected ways,
without user knowledge or consent. We also identify a previously
unreported privacy risk that arises from third party libraries
that record and upload screenshots and videos of the screen
without informing the user. This can occur without needing any
permissions from the user.”
the age of technology, privacy and security are the only things
that separate us from a total surveillance grid. Unfortunately, as
this study illustrates, we have very little of both.