RIP privacy: Thousands of apps are now recording your phone screen without permission

Emma Sims July 4, 2018

We’ve all been that poor sucker. One moment you’re chatting to a mate about how you quite fancy that crochet bikini/ironic t-shirt/new halloumi-based fare at Leon (pick your poison), and all of a sudden Facebook is plugging that very product to you. You didn’t Google it. Hell, you never ever wrote it down. It’s a chilling phenomenon, one that’s led a snowballing crew of conspiracy theorists to deduce that your smartphone is listening into your conversations, and selling the information to advertisers.

RIP privacy: Thousands of apps are now recording your phone screen without permission

It was only a matter of time until academics became involved to put this theory to the test. And test they did, with some startling results. A team of computer scientists at Northeastern University spent a year running an experiment on over 17,000 of the most popular Android apps in order to glean whether said apps were listening into users conversations, using smartphone mics to capture snippets of conversation. The apps put to the test included those belonging to Facebook, in addition to a staggering 8,000 of which send information to the social network.

Salacious gossipers among us will be gratified to know that the team found not a single instance of apps activating phones’ microphones and sending recorded information to third parties. Contradicting findings made only last month. Although, what they did find was altogether more disturbing…

The team discovered that some apps were capable of recording a phone’s screen and sending that information out to third parties. One winces at the thought; whether it’s nudes, or Googling simple phenomena you should know (capital of Australia, anyone?), or trawling through an ex-partner’s social media, the things you find splayed across your phone screen should be for your eyes – and those you choose to share them with – only.

app_record_phone_screens

Poring over 17,260 apps, researchers found that over 9,000 of them had permission to access the camera and microphone, and therefore the capacity to listen in on people. However, the listening in wasn’t the issue; the team found that screenshots and video recordings of what people were doing in apps were being forwarded to third parties. One prominent example is GoPuff, the junk food delivery service (not exactly off to a wholesome start). Interaction with the app in question was recorded and sent off to a domain affiliated with the brazenly named Appseel, a mobile analytics company. This included screen grabs of personal information; given that GoPuff is a delivery service, this necessarily meant postcode.

This practice – troubling in itself – becomes even more irksome when we learn that the recording was not made evident to users. While one can understand not emblazoning your app with “BEWARE: THIS PRODUCT HARVESTS YOUR PERSONAL DATA” (you’d need to be seriously lacking in business acumen), surely finding an appropriate way to disclose third-party interaction with users’ information is an ethical, if not legal, necessity.

Speaking to Gizmodo, Appsee’s CEO Zahi Boussiba put the blame squarely on GoPuff, contending that his firm’s terms of service “clearly state that our customers must disclose the use of a 3rd party technology, and our terms forbid customers from tracking any personal data with Appsee,” going on to clarify that users can protect sensitive parts of app usage to prevent Appsee from seeing such usage.

Meanwhile, it’s worth noting that the remarkable canniness of online advertising isn’t always down to pervasive practice (read: spying). Often it’s just the sum of our increasingly unwieldy online actions – what we buy, what profiles we create for ourselves, what we wantonly “like” or “upvote” – that gives ads the ostensibly telepathic insight they wield.

So perhaps when I get ads for pregnancy tests, it’s not because I discussed at great length my “food baby” with pals on WhatsApp. It might just be that I’m a 22-year-old woman – at the height of fertility – who’s in the twilight of her reckless, irresponsible university days. And that’s all information that’s deducible from my basic demographic (age, sex, location, education), which I’ve openly and willingly shared with Facebook.

At times like this, it’s important to remember what information you gave up, and when, and why. It’s important to remember that you’re not that dissimilar from everyone else, and advertisers can predict and project a lot about you from the bare minimum information. Continued vigilance is important, but so is remembering that what you share online can manifest in myriad other ways, no matter how innocuous. Wariness about your digital footprint is, as ever, the only way forward.