For those paranoid that their phones are recording them secretly, fear not. A team from Northeastern University found no evidence that your phone is responsible for serving up targeted ads.
These findings were published in a study conducted over a year, and the researchers specifically tested the widespread theory that phones record their users. The theory became so popular that Facebook's Mark Zuckerberg had to debunk the myth during his appearance before Congress several months ago.
While the phone itself might not be recording everything going on, the Northeastern University team did find something disturbing: in certain cases, phones can record a user's screen and send that data to interested third parties.
In order to make their discoveries, the researchers watched 17,260 of the most popular Android apps. This included any app sending information to social media behemoth Facebook. The team used an automated program that worked with the apps, and they noted what particular media files were being sent to these third-party groups.
The team also figured out which apps had permission to access the camera and microphone. Those apps would be the ones being able to overhear a user's need for a new pair of shoes or how much they want to see a particular movie.
There wasn't a single instance in the 17,260 apps that one of them sent audio files and turned on the microphone. Howevever, the study explicitly noted its limitations and doesn't definitively state that phones never record its users. The researchers simply said they could not find evidence of the activities taking place.
As for the more disturbing find of screen sharing, the researchers identified a few apps that sent screenshots to third party domains. One app in particular sent quite a bit of information to an analytics company. GoPuff is a delivery app for people who really want junk food fast. Using an automated program to interact with the app, they discovered GoPuff would send the interaction to mobile analytics company Appsee. The video sent from one app to another included a customer's zip code.
“We always appreciate the research community’s hard work to help improve online privacy and security practices,” a Google spokesperson told Gizmodo's Kashmir Hill. “After reviewing the researchers’ findings, we determined that a part of AppSee’s services may put some developers at risk of violating Play policy. We’re working closely with them to help ensure developers appropriately communicate the SDK’s functionality with their apps’ end-users.”
In short, the safest thing a phone owner can do is limit the number of third-party apps that can access their microphone. Users should also read through privacy policies as often as they can for sneaky statements about what data is gathered.
The Northeastern University team will present their work at a privacy symposium in Barcelona next month.