view the rest of the comments
Android
The new home of /r/Android on Lemmy and the Fediverse!
Android news, reviews, tips, and discussions about rooting, tutorials, and apps.
🔗Universal Link: !android@lemdro.id
💡Content Philosophy:
Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.
Support, technical, or app related questions belong in: !askandroid@lemdro.id
For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id
📰Our communities below
Rules
-
Stay on topic: All posts should be related to the Android OS or ecosystem.
-
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.
-
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.
-
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
-
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
-
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
-
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
-
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
-
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
-
No affiliate links: Posting affiliate links is not allowed.
Quick Links
Our Communities
- !askandroid@lemdro.id
- !androidmemes@lemdro.id
- !techkit@lemdro.id
- !google@lemdro.id
- !nothing@lemdro.id
- !googlepixel@lemdro.id
- !xiaomi@lemdro.id
- !sony@lemdro.id
- !samsung@lemdro.id
- !galaxywatch@lemdro.id
- !oneplus@lemdro.id
- !motorola@lemdro.id
- !meta@lemdro.id
- !apple@lemdro.id
- !microsoft@lemdro.id
- !chatgpt@lemdro.id
- !bing@lemdro.id
- !reddit@lemdro.id
Lemmy App List
Chat and More
In summary: Google, Amazon and Meta all deny that they directly access your microphone, and all three failed to actually deny purchasing voice data from third party apps that definitely do use your microphone and pair that with your ad targeting profile.
This is getting more attention because an internal slide deck from Cox Media Group was leaked. Based on the nature of leaks, it's safe to assume that Cox isn't the only organization up to this, they were just the least careful.
So yeah, they're listening to anyone who isn't incredibly careful what apps they install and what permissions they give those apps.
Exactly as we all have suspected for years, while they gaslight us promising that they definitely don't.
Notice that they're still denying it, and trust that as you will.
Someone back this up with proof. Security researchers would've noticed this. They'd've had to have hacked their way around the microphone permission systems and microphone use indicator (depending on OS) on your phone and upload that data without being caught by security analysts. That kind of bug would probably be worth a fairly decent bounty too.
The article talks about a slide in a PITCH to advertisers. But not a concrete system. Then it goes on to say advertisers bought a dataset from other sources. What dataset? From where? It doesn't say. Transcriptions from voice assistants? Maybe. But without hard evidence I don't believe random apps are just recording clandestinely in the background. But people want to believe this so writing shitty unsourced articles with click bait titles and tenuous-if-I'm-generous linking of weak facts lacking entirely in context generates lots of clicks.
They did notice. Malicious apps that use everything they can to spy on you are old news.
To your point - this isn't confirmation that any of the big players are listening directly. That would probably have been caught by security researchers, although it would be really difficult in Google's or Amazon's case, as they run proprietary software at a very low level.
The news here is two fold;
Cox got caught buying that data, and when confronted about it, Google, Amazon, and Meta all failed to deny that they also buy that data from those malicious app makers.
This is strong evidence that someone is routinely collecting that data. That's news. We've suspected for awhile that, at minimum, the malware apps do. Occam's razor says at minimum, we should now assume many malware apps are using microphone to collect speech and submit it elsewhere for analysis.
The unprovable part of this that smells much worse is: a kid in a basement writing malware does not have the computing power to turn tons of raw voice recordings into useful correlated data.
That kid needs an ally with a lot of computing power. Google, Meta, and Amazon all have a motive here and have the necessary computing power.
And all three worded their denials pretty carefully, I noticed.
But what is that based on? This paragraph?
I don't think that explicitly means they had datasets made up of clandestinely recorded conversations in the wild.
Really could describe ANY possible set of tracking data... Unless you put this quote into a clickbaitey article and strongly imply it's something sinister.
You're not wrong to give the benefit out the doubt and believe their PR person isn't lying.
But I'm not inclined to give that benefit of the doubt. I don't trust these folks farther than I can throw them. I don't, myself, need proof, to believe they would try this crap.
And this is definitely evidence.
What bug? It's super easy to do this in an app that already has access to your microphone, like Whatsapp, then extract only keywords from conversations and send them to Meta packed as innocuous numeric codes piggybacking on the overhead of encrypted connections.
A single byte here and there is all you need to know people were talking about cats, or perfume, or shoes etc.
Whatsapp protocol, app and servers are closed source, and Meta apps will download and compile native code upon installation, which escapes normal JVM restrictions and does God knows what.
On certain brands of phones (like Samsung) Meta apps come with a manufacturer-preinstalled system stub that can do pretty much whatever it wants, but is typically used to elevate the rights of Meta apps that were installed via normal means and to collect information from them as well as any app that's running ads from Meta.
And this is a company that's a third party to the Android ecosystem — it's a lot easier for Google themselves, who are datamining the shit out of everything you do on a phone, from second-by-second location to email. And Meta is datamining the shit out of absolutely everything you put on Facebook and Instagram, in spite of any fines and sanctions. And Microsoft are datamining the shit out of everything you do on your PC and they're openly pushing Recall and Copilot and have been pushing Cortana for so long.
What do you think Cortana and OK Google were listening for?.Hell, Amazon and Google were both caught storing recordings of people's conversations in the beginning, before they started hiding it better.
So you're being watched in every way possible in every single thing you do that touches any technology from these companies, we have countless documented instances of them breaking privacy in heinous ways like giving up people to authoritarian governments and to anti-abortion governments in the US and so on...
...and you're seriously wondering if they're snooping on your conversations? They have every means at their disposal, they're using it every second, and you're wondering if they're doing that too?
Why wouldn't they? It's obvious that we live in a world where it's ok to ask forgiveness (and you'll get a slap on the wrist, if that) rather than permission. What would possibly compel them to not do it?
Consequences? What consequences? We already know for a fact they spy on so much stuff and we keep using their tech. There are no consequences.
I'm not interested in conjecture I'm interested in facts. Get me some research papers. Get me some court docs. Something.
Even a tweet from a security professional with a screenshot of Wireshark would be nice for a start.
I certainly do. Malware attempts to record you is old news.
We have always assumed voice was off the table for practical reasons - voice recordings are expensive to decode and correlated usefully.
Cox has particularly deep pockets, which makes this interesting.
I do actually agree, this really could just have been a vendor bullshitting. Normally I would say Occam's razor points there. But Occam's razor points the other way, to me, when I consider that basically everyone I know has experienced a voice targeted ad.
The big ugly question is which apps are recording voices?
It might just be name squatting spyware. I haven't seen confirmation that any do this, and I always assumed it was too expensive. Maybe it still is, but my guess is Cox isn't the only ones who got that sale offer.
The creepy part is, if you're not inclined to take Google, Amazon, and Meta at their word, then one wonders what other apps are recording voices...
Here's the conspiracy part:
The conspiracy emerges when we look at these data points and squint a little.
Edit: I think many of y'all are in denial about how much you shouldn't trust Meta apps on your phones.
We know Meta wants to use things you say to build an ad profile. We have evidence they don't have any moral qualms about doing it. We know they have unfathomable terms of service and closed source apps.
And now we know there's been at least one closed door conversation about buying the recordings that supposedly don't exist.
I don't have proof but I also don't have any apps by Meta on my phone.
This is nearly a year old news, and noone ever could prove it.
https://arstechnica.com/gadgets/2023/12/no-a-marketing-firm-isnt-tapping-your-device-to-hear-private-conversations/
CMG is simply lying. Also originally it was not "leaked" it was published on their website, it's just the same bullshit from different source.
At least I want to see some proofs my voice data being transmitted over some medium. Those slides are ads created by ad company to potential ad clients.
Google said "Apps using Android Private Core will not show a mic indicator" or something like that
Thanks for the info.