A couple years ago, something strange happened. A friend and I were sitting at a bar, iPhones in pockets, discussing our recent trips in Japan and how we’d like to go back. The very next day, we both received pop-up ads on Facebook about cheap return flights to Tokyo. It seemed like just a spooky coincidence, but then everyone seems to have a story about their smartphone listening to them. So is this just paranoia, or are our smartphones actually listening?
According to Dr. Peter Hannay—The senior security consultant for cybersecurity firm Asterisk, and former lecturer and researcher at Edith Cowan University—the short answer is yes, but perhaps in a way that’s not as diabolical as it sounds.
For your smartphone to actually pay attention and record your conversation, there needs to be a trigger, such as when you say “hey Siri” or “okay Google.” In the absence of these triggers, any data you provide is only processed within your own phone. This might not seem a cause for alarm, but any third party applications you have on your phone—like Facebook for example—still have access to this “non-triggered” data. And whether or not they use this data is really up to them.
“From time to time, snippets of audio do go back to [other apps like Facebook’s] servers but there’s no official understanding what the triggers for that are,” explains Peter. “Whether it’s timing or location-based or usage of certain functions, [apps] are certainly pulling those microphone permissions and using those periodically. All the internals of the applications send this data in encrypted form, so it’s very difficult to define the exact trigger.”
He goes on to explain that apps like Facebook or Instagram could have thousands of triggers. An ordinary conversation with a friend about needing a new pair of jeans could be enough to activate it. Although, the key word here is “could,” because although the technology is there, companies like Facebook vehemently deny listening to our conversations.
“Seeing Google are open about it, I would personally assume the other companies are doing the same.” Peter tells me. “Really, there’s no reason they wouldn’t be. It makes good sense from a marketing standpoint, and their end-use agreements and the law both allow it, so I would assume they’re doing it, but there’s no way to be sure.”
With this in mind, I decided to try an experiment. Twice a day for five days, I tried saying a bunch of phrases that could theoretically be used as triggers. Phrases like I’m thinking about going back to uni and I need some cheap shirts for work. Then I carefully monitored the sponsored posts on Facebook for any changes.
The changes came literally overnight. Suddenly I was being told mid-semester courses at various universities, and how certain brands were offering cheap clothing. A private conversation with a friend about how I’d run out of data led to an ad about cheap 20 GB data plans. And although they were all good deals, the whole thing was eye-opening and utterly terrifying.
Peter told me that although no data is guaranteed to be safe for perpetuity, he assured me that in 2018 no company is selling their data directly to advertisers. But as we all know, advertisers don’t need our data for us to see their ads.
“Rather than saying here’s a list of people who followed your demographic, they say Why don’t you give me some money, and I’ll make that demographic or those who are interested in this will see it. If they let that information out into the wild, they’ll lose that exclusive access to it, so they’re going to try to keep it as secret as possible.