“Is my phone listening to me?”
Researchers from Northeastern University spent months testing 9,100 applications. They were looking for large audio or video files being sent to dark corners of the Web. If any such existed, it would be proof that the applications are surreptitiously making recordings that can be plumbed for personal details about our likes and dislikes.
Long story short: they found no evidence of any such thing. After carefully examining all the data these phone apps are sending, there weren’t large numbers of mysterious multimedia files. (There were a smidgen, but more on that in a bit.)
There’s a caveat here, but not a big one: the research was done entirely with Android devices. But Google’s operating system is not as secure as Apple’s, with software released onto the Android app store with much less vetting. So if third-party Android applications aren’t spying on users, then it’s extremely unlikely iOS ones are. Especially given Apple’s strong stance on privacy.
Exceptions that prove the rule
The five Northeastern researchers did find examples where third-party software isn’t protecting user privacy as well as they should.
Some applications record a series of screenshots of how people are interacting with their user interface, and then upload these as video. The goal is for developers to watch these to improve the design of the software. All well and good, except that not of the companies who make these warn users that such recordings can happen.
Also, the researchers found that a few image editing apps do some of their manipulations on remote servers, without warning users that their pictures are being uploaded.
But the fact that the computer scientists turned up these small problems actually helps to show that they would have discovered if there was a huge conspiracy of iPhone and Android software spying on us. So it’s just not happening.
Everyone who suffers from panoptispy owes a debt of gratitude to Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson, and David Choffnes for their research. Their full paper can be downloaded (PDF) from the Proceedings on Privacy Enhancing Technologies.
Of course, panoptispy sufferers won’t be helped by learning that app developers can read their Gmail messages.