Home > News content

Research says your phone doesn't overhear you but may monitor you

via:网易科技     time:2018/7/4 23:31:35     readed:253

Some computer scientists at Northeastern University were so tired of people talking about this that they decided to do a rigorous study to solve the problem. Over the past year, Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson and David A. Nuis have conducted an experiment to study more than 17000 popular applications on Android. To determine if there is an application in secretly using the phone's microphone to obtain audio. The apps include both Facebook apps and more than 8000 applications that send messages to Facebook.

Sorry, conspiracy theorists: They did not find any evidence that the app suddenly activated the microphone or sent audio without prompting. Like good scientists, they refuse to say that their research is unmistakably proof that your phone is not listening to you, but they have not found any such an example. Instead, they found another disturbing practice: the app records the phone's screen and sends the relevant information to a third party.

Of the 17,260 applications studied by researchers, more than 9,000 have access to cameras and microphones, so it's possible to inadvertently hear mobile users talking about how they need cat litter, or how much they like a certain brand of ice cream. The researchers used 10 Android phones simultaneously to interact with these applications using an automated program and then analyze the resulting traffic. (One of the limitations of this study is that automated programs on mobile phones can't do what humans can do, such as creating a username and password, and then logging into an account on the app.) They specifically watched if a media file was sent. Especially if it has been sent to an unexpected third party.

The researchers asked these phones to run thousands of applications to see if there was an application secret to activate the microphone for eavesdropping.

The strange thing they started to see was a screenshot of what people did in the app andvideoThe video was sent to a third partydomain name. For example, one of the phones uses the GoPuff app (a person who wants to suddenly eat junk food)DevelopmentThe distribution application, the interaction with the app was recorded and sent to a domain associated with the mobile analytics company Appsee. This video contains a screen that allows you to enter your personal information on it - this example is to enter the zip code number.

This is not entirely unexpected: Appsee is in itwebsiteProudly boasting that it can record what users are doing in the app. What bothers researchers is that users don't know their behavior is recorded, and GoPuff's privacy policy does not disclose this. After the researchers contacted GoPuff, the company added a disclosure to the policy, acknowledging that Appsee might receive user personally identifiable information (PII). “As an added precaution, we also withdrew the Appsee Software Development Kit (SDK) from the latest Android and iOS versions.” A spokesperson for GoPuff was emailed.

Meanwhile, Zahi Boussiba, chief executive of Appsee, which claims GoPuff's problem. Appsee, said his company's terms of service "explicitly require our customers to disclose the use of third-party technology." Our terms prohibit customers from using Appsee to track any personal data. " He says their customers can block sensitive parts of their applications to prevent Appsee from recording. He also noted that many Appsee competitors also offer "full session playback" for iOS and Android apps.

"In this case, Appsee's technology seems to have been abused by customers, and our terms of service have been violated." Bosba said in an email, "After noticing this issue, we immediately disabled the mention. Application tracking features and from ourserverAll the recorded data is clear. ”

However, a Google spokesperson said that Appsee is not completely without responsibility. "We have been very grateful to the research community for their efforts to help improve online privacy and security measures." A Google spokesperson said, "After reviewing the researchers' findings, we determined that part of the AppSee service may expose some developers to risk of violating Google Play policies. We are working closely with them to help developers properly explain the functionality of the SDK to the end users of their applications."

The Google Play policy says that you must disclose to users how their data will be collected.

GoPuff uses Appsee to help optimize the performance of its applications, so the latter's recording behavior is not unexpected, but the worry is that third parties can record your phone screen without notifying you. This means that criminals can easily steal information from your mobile phone. Screen shots or videos of the app interaction can capture private information, personal information, and even the password being entered, as many apps instantly display the entered letters before turning them into black asterisks.

Screen shots or videos of the app interaction can capture private information, personal information, and even the password being entered, as many apps instantly display the entered letters before turning them into black asterisks.

In other words, unless the smartphone manufacturer notifies you when your screen is recorded, or gives you the option to turn it off, you have another problem to worry about. Researchers will present their findings at the Privacy Enhancement Technology Conference in Barcelona next month.

Researchers can't guarantee that your phone doesn't sneak up on you, in part because their research doesn't cover some usage scenarios. Their phones are operated by an automated program, not by real people, so they may not trigger the app to turn on the camera like a flesh-and-blood user. In addition, the phone is in a controlled environment, not wandering in the outside world: in the first few months of the study, those phones were placed near students in the Northeastern University student lab, so they were surrounded by conversations around them, but the phone A lot of noise was created because the applications were continuously used and eventually they were transferred to a cupboard. (If the researchers do another experiment, they will play the podcast in the closet next to the phone.) There is also a possibility: the app will convert the conversation into text and then send it out, so the researcher may not see the conversation. recording. Therefore, the conspiracy theory has not been completely killed.

People's paranoia about their mobile phones is understandable. After all, we carry it with us almost at all times, and it has countless sensors that monitor our every move. However, the ads you see are terribly accurate, and it’s almost certainly not the result of the phone eavesdropping on you; it’s based on your online and offline behavioral information captured through the app, and you’re not as you think. unique. Advertisers know what you are talking about online, because other people like you are talking about the same thing and buying the same thing.

"We don't see any evidence that people's conversations are recorded in secret," said David Geoff nees, one of the authors of the paper. "And people don't seem to know that in everyday life, there are many other tracking activities that do not involve your mobile phone's camera or microphone, and these activities can also make the third party. Get to know you all over. "

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments