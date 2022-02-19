Professor of computer security at the University of Hamburg, Hannes Federrath, explains that it is technically possible for smartphones to eavesdrop unintentionally: “Because whenever an application has been granted access to the microphone, it can do so if it is in the foreground is active.” However, an Android smartphone can also listen in locked mode, as an experience from a recent pulse report shows. To this end, a BR programmer has developed an application on which the journalist can record voice messages. With access to the microphone, the app then secretly listens to conversations, even if the cell phone is locked to the table. And this despite the fact that Android apps must send a notification one minute after the pause if the microphone is still recording.

Other scientific experiments show that apps can secretly record up to an hour of audio footage on locked Android devices.

Apps like data octopuses

Theoretically, apps could also collect user data in order to display advertisements in a targeted manner. Facebook founder Mark Zuckerberg had to face the allegation during his 2018 interrogation by the US Senate and denied it. Hannes Federrath explains: “From a scientific point of view, there is no evidence that applications from the Facebook universe have done such malicious things”.

It is also very unlikely that such a thing will happen. This also applies to Google’s parent company, Alphabet, as confirmed by privacy professor Thorsten Strufe from KIT-Karlsruhe. The risk of image damage is too great. In addition, their applications have enough other options to collect data from users and display advertisements in a targeted manner.

Admittedly, advertising is just one area where the use of listening technology would be conceivable, says Hannes Federrath. Rather, it is quite likely that some people will also be specifically monitored using their smartphone: “As part of investigative measures, the police, intelligence services, but possibly also in connection with industrial espionage . It would be naïve to think that it would not also be used for malicious and criminal purposes.

Motion detectors more important than the microphone

Interestingly, eavesdropping with a smartphone has long been considered “easy to notice and technically far too complex” – also by the media, explains Jacob Kröger. He is a doctoral student at the Weizenbaum Institute for the Network Society, a German internet institute funded by the Federal Ministry of Education and Research. Kröger does not agree with this thesis and refers to a study that he and his team authored, in which they explain that “eavesdropping” on cell phones can be carried out with significantly higher energy efficiency and that the effort is also manageable.

This would be possible, for example, by reducing the quality of recordings, saving them selectively or focusing on certain triggers, such as words, times or places. Technically, a lot is possible.

But in addition to the microphone, motion sensors, which actually measure cell phone shake and detect movement, could also provide interesting information about the owner of the smartphone. This includes data on activity level, health status. A “biometric identification” is also possible – via the movement pattern.

These patterns can reveal a lot about a person – even how they feel: “There are tendencies that when people are depressed, for example, they have certain patterns about the amount of movement and the way they are moving.” Reconstructing text that is entered into a touch screen is also not a problem. Jacob Kröger explains that this technique could also be particularly interesting for passwords.

Are users at the mercy of this?

The range of technical possibilities also puts system manufacturers in a dilemma: “On the one hand, it is of course true that IOS and Android are definitely interested in protecting their reputations and positioning themselves as data protection compliant. “, says Kröger. Therefore, there are always security controls and protection mechanisms. “But do they want to save money everywhere and be attractive to app developers.” And of course, they want to access user data as simply and easily as possible.

“Much of what is collected about us and how it is processed, we don’t really understand.” However, for legal reasons, users must agree to agreements in apps in order to use them. This is not correct, says Jacob Kröger: “I think the question of which forms of data collection and use are unacceptable, which go too far for us, should be a political question.”

