No, you’re not being paranoid, your phone really IS listening to you
We’ve all been there. You’re down the pub talking about some crazy niche interest of yours and then boom, there it is – one of your commonly used apps is showing you adverts for exactly what you were talking about the next time you open the app on your phone.
You shrug it off. You’re just being paranoid. You’ve inadvertently clicked on some link somewhere, probably the same link that planted the seed in your mind about the event in the first place.
It turns out, though, you really aren’t paranoid – your phone is listening to you, and Vice’s Sam Nichols has delved into how.
In fact, according to Dr Peter Henway, a senior security consultant for cybersecurity firm Asterix, your phone is always listening. Technically, your phone only records what’s being said when you issue trigger words like “Hey Siri” or “Okay Google” but, because it needs to listen out for said keywords, it always has its digital ear listening out.
To help process your requests, and understand those all-important keywords, it processes what you say on-device instead of via the cloud, like it would for genuine commands. This onboard data can then be accessed by any third-party application on your phone with the adequate permissions – such as Facebook, Twitter and Snapchat apps. It’s totally up to these apps if they want to use the data or not, and what they want to use it for.
“From time-to-time, snippets of audio do go back to [other apps like Facebook’s] servers but there’s no official understanding what the triggers are,” Henway explains to Vice’s Nichols. “Whether it’s timing or location-based or usage of certain functions, [apps] are certainly pulling those microphone permissions and using those periodically.”
It’s worth noting Facebook, and other such companies specifically deny ever listening to our conversations, and yet it spookily seems to be hitting topics that only come a cropper during real-life conversations.
“All the internals of the applications send this data in encrypted form,” Henway continues, “so it’s very difficult to define the exact trigger.”
Henway also explains there “could” be thousands of trigger words for each app as the information is encrypted and thus hard to untangle.
“Seeing as Google are open about it, I would personally assume the other companies are doing the same,” he reasons. “Really, there’s no reason they wouldn’t be. It makes good sense from a marketing standpoint and their end-user agreements and the law both allow it, so I would assume they’re doing it, but there’s no way to be sure.”
And that’s the trouble, there really is no way to be sure about what’s happening. But is this necessarily a cause for concern? With GDPR rules now active across Europe, it’s worth wondering if such actions break these new terms. Chances are, however, advertisers have absolutely no access to the data and companies like Facebook wouldn’t be selling the data, but simply using it to help target adverts at key markets advertisers had requested.
Henway argues that, while it’s certainly unnerving to see advertising change so dramatically based on what you’ve been saying, it’s not really any different to companies using our web browsing history to target ads. If you look at it from that perspective, it’s really hard to see how such data usage really poses too much of a threat to your ordinary Facebook, Twitter, Snapchat or any ad-driven app user.
We reached out to Facebook regarding the matter who’s spokesperson responded by highlighting its previous statements around actively listening to conversations, saying “it is not the case that Facebook uses a phone’s microphone to inform ads or to change what you see in News Feed”. We also reached out to Twitter to see if their ads targeting works in a similar way to the claims of the original Vice article and will update you with their comments accordingly.