Security Researchers Find that Android Apps Don’t Record Conversation Data

Many users of the Google Android mobile platform have become convinced that their phones record their conversations in order to perform analytics on what they say and thus in turn target ads to them. Computer science researchers working with a project at Northeastern University recently conducted a rigorous study and find that these claims are untrue. They did, however, uncover other Android security and privacy issues in the process.

Experiments were conducted on over 17,000 popular Android apps to test whether or not any of them captured microphone audio without express permission from the user. These included those issued by Facebook’s developers as well as some 8,000 other apps that have the capability to transmit information to their remote servers.

Facebook-related Android software particularly interested security experts because of the ongoing controversy surrounding whether social networking sites monitored audio data. However, the research suggests that none of the apps actually activated the microphone or sent out audio without prompting the user to do so. Comments made by Facebook in fact seem to be vindicated by this research, though the scientists did say that this doesn’t necessarily mean there’s never been an app that tried to do so.

It’s likely that people remember something they recently talked about and thus feel advertisers are listening to them while ignoring ads that aren’t immediately relevant. Apps also use other methods to profile users if given appropriate permission, and these techniques have improved. This could give the false appearance of monitoring conversations.

Scientists did find that some apps do violate privacy guidelines in a completely different fashion that’s begun to concern some security advocates. Certain pieces of software monitor what’s currently displayed on the phone’s screen without notifying the user.

That information then gets sent to a remote server for distribution to other parties, thus making these screenshots more useful for anyone who wanted to illicitly profile a user.

Ads might also be targeted to owners based on their IP addresses. If a particular brand or service was promoting itself in one geographical area, then it might target these users. This could give the appearance of targeting based on what was said in a conversation when it really doesn’t work quite that way.

Kamil Anwar
Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.