Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping

HAL Id: hal-02384582

https://inria.hal.science/hal-02384582

Submitted on 28 Nov 2019

HAL is a multi-disciplinary open access

archive for the deposit and dissemination of sci-

entic research documents, whether they are pub-

lished or not. The documents may come from

teaching and research institutions in France or

abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est

destinée au dépôt et à la diusion de documents

scientiques de niveau recherche, publiés ou non,

émanant des établissements d’enseignement et de

recherche français ou étrangers, des laboratoires

publics ou privés.

Distributed under a Creative Commons Attribution 4.0 International License

Is My Phone Listening in? On the Feasibility and

Detectability of Mobile Eavesdropping

Jacob Leon Kröger, Philip Raschke

To cite this version:

Jacob Leon Kröger, Philip Raschke. Is My Phone Listening in? On the Feasibility and Detectability of

Mobile Eavesdropping. 33th IFIP Annual Conference on Data and Applications Security and Privacy

(DBSec), Jul 2019, Charleston, SC, United States. pp.102-120, �10.1007/978-3-030-22479-0_6�. �hal-

02384582�

Is My Phone Listening In? On the Feasibility and

Detectability of Mobile Eavesdropping

Jacob Leon Kröger

1,2

and Philip Raschke

Technische Universität Berlin, Germany

Weizenbaum Institute for the Networked Society, Berlin, Germany

{kroeger,philip.raschke}@tu-berlin.de

Abstract. Besides various other privacy concerns with mobile devices, many

people suspect their smartphones to be secretly eavesdropping on them. In par-

ticular, a large number of reports has emerged in recent years claiming that pri-

vate conversations conducted in the presence of smartphones seemingly resulted

in targeted online advertisements. These rumors have not only attracted media

attention, but also the attention of regulatory authorities. With regard to explain-

ing the phenomenon, opinions are divided both in public debate and in research.

While one side dismisses the eavesdropping suspicions as unrealistic or even par-

anoid, many others are fully convinced of the allegations or at least consider them

plausible. To help structure the ongoing controversy and dispel misconceptions

that may have arisen, this paper provides a holistic overview of the issue, review-

ing and analyzing existing arguments and explanatory approaches from both

sides. Based on previous research and our own analysis, we challenge the wide-

spread assumption that the spying fears have already been disproved. While con-

firming a lack of empirical evidence, we cannot rule out the possibility of sophis-

ticated large-scale eavesdropping attacks being successful and remaining unde-

tected. Taking into account existing access control mechanisms, detection meth-

ods, and other technical aspects, we point out remaining vulnerabilities and re-

search gaps.

Keywords: Privacy, Smartphone, Eavesdropping, Spying, Listening, Micro-

phone, Conversation, Advertisement

1! Introduction

Smartphones are powerful tools that make our lives easier in many ways. Since they

are equipped with a variety of sensors, store large amounts of personal data and are

carried throughout the day by many people, including in highly intimate places and

situations, they also raise various privacy concerns.

One widespread fear is that smartphones could be turned into remote bugging de-

vices. For years, countless reports have been circulating on the Internet from people

who claim that things they talked about within earshot of their phone later appeared in

targeted online advertisements, leading many to believe that their private conversations

must have been secretly recorded and analyzed.

The reported suspicious ads range across many product and service categories, in-

cluding clothing, consumer electronics, foods and beverages, cars, medicines, holiday

destinations, sports equipment, pet care products, cosmetics, and home appliances –

and while some of these ads were described as matching an overall discussion topic,

others allegedly promoted a brand or even a very specific product mentioned in a pre-

ceding face-to-face conversation [6, 12]. Some people claim to have experienced the

phenomenon frequently and that they have successfully reproduced it in private exper-

iments. Interestingly, many of the purported witnesses emphasize that the advertised

product or service seems not related to places they have visited, terms they have

searched for online, or things they have mentioned in text messages, emails or social

media [6, 40]. Furthermore, some reports explicitly rate it as unlikely that the respective

advertisements were selected by conventional targeting algorithms, as they lay notably

outside the range of advertising normally received and did sometimes not even appear

to match the person’s consumer profile (e.g. in terms of interests, activities, age, gender,

or relationship status) [6, 41].

Numerous popular media outlets have reported on these alleged eavesdropping at-

tacks [3]. In a Forbes article, for instance, the US-based market research company For-

rester reports that at least 20 employees in its own workforce have experienced the

phenomenon for themselves [40]. The same holds true for one in five Australians, ac-

cording to a recent survey [38]. Even the US House Committee on Energy and Com-

merce has started to investigate the issue by sending letters to Google and Apple in-

quiring about the ways in which iOS and Android devices record private conversations

[77].

Many commentators, including tech bloggers, researchers and business leaders, on

the other hand, view the fear that private companies could target their ads based on

eavesdropped conversations as baseless and paranoid. The reputational risk, it is ar-

gued, would be far too high to make this a viable option [76]. With regard to CPU,

battery and data storage limitations, former Facebook product manager Antonio García

Martínez even considers the alleged eavesdropping scenario to be economically and

technically unfeasible [51]. As an alternative explanation for suspiciously relevant ads,

he points to the many established and well-documented methods that companies suc-

cessfully use to track, profile and micro-target potential customers. Yet another possible

explanation states that the frequently reported phenomenon is merely a product of

chance, potentially paired with some form of confirmation bias [41]. Finally, some

commentators also suggest that topics of private conversations are sometimes inspired

by unconsciously processed advertisements, which may later cause the perception of

being spied upon when the respective ad is encountered again [28].

Many views, theories and arguments have been put forward in attempt to explain the

curious phenomenon, including experimental results and positions from the research

community. However, a consensus has not yet been reached, not even regarding the

fundamental technical feasibility of the alleged eavesdropping attacks. Therefore, this

paper reviews, verifies and compares existing arguments from both sides of the dis-

course. Apart from providing a structured overview of the matter, conclusions about

the feasibility and detectability of smartphone-based eavesdropping are drawn based

on existing research and our own analysis.

In accordance with the reports found on the phenomenon, this paper will focus on

smartphones – specifically, iOS and Android devices. Since smartphones are the most

widespread consumer electronics device, and since iOS and Android together clearly

dominate the mobile OS market [70], this choice seems justified to us. However, most

of the considerations in this paper are applicable to other types of mobile devices and

other operating systems as well.

The remainder of this paper is structured as follows. In section 2, we describe the

underlying threat model, distinguishing between three possible adversaries. Section 3

examines the possibility of using smartphone microphones for stealthy eavesdropping,

expanding on aspects of security permissions and user notifications. Similarly, section

4 considers smartphone motion sensors as a potential eavesdropping channel, taking

into account sampling frequency limits enforced by mobile operating systems. Section

5 then looks into the effectiveness of existing mitigation and detection techniques de-

veloped by Google, Apple, and the global research community. In Section 6, the eco-

system providers themselves are considered as potential adversaries. Section 7 evalu-

ates the technical and economic feasibility of large-scale eavesdropping attacks. After

that, Section 8 examines ways in which governmental and criminal hackers can com-

promise the speech privacy of smartphone users. Finally, section 9 provides a discus-

sion of analysis results, followed by a conclusion in section 10.

2! Threat Model

To target advertisements based on smartphone eavesdropping, an organization A, who

is responsible for selecting the audience for certain online ads (either the advertiser

itself or a contractor entrusted with this task, such as an advertising network

), needs to

somehow gain access to sensor data

from the corresponding mobile device, or to in-

formation derived from the sensor data.

Initially, speech is recorded through the smartphone by an actor B, which could be

either (1) the operating system provider itself, e.g. Apple or Google, (2) non-system

apps installed on the device, or (3) third-party libraries

included in these apps. Poten-

tially after some processing and filtering, which can happen locally on the device or on

remote servers, actor B shares relevant information extracted from the recording – di-

rectly or through intermediaries – with organization A (unless A and B are one and the

same actor, which is also possible).

Organization A then uses the received information to identify the smartphone owner

as a suitable target for specific ads and sends a corresponding broadcast request to an

Advertising networks are companies that match demand and supply of online ad space by con-

necting advertisers to ad publishers. They often hold extensive amounts of data on individual

internet users to enable targeted advertising [17].

„sensor data“ can refer to either audio recordings or motion sensor data (see sections 3, 4)

The role and significance of third-party apps will be further explained in section 3.1

ad publisher (organization A could also publish the ads itself if it has access to ad dis-

tribution channels). Finally, the publisher displays the ads on websites or apps – either

on the smartphone through which the speech was recorded or on other devices that can

be linked

to the smartphone owner, for example through logins, browsing behavior, or

IP address matching. The websites and apps on which the advertisements appear do not

reveal who recorded the smartphone owner’s speech. Not even organization A neces-

sarily understands how and by whom the received profiling information was initially

collected. For illustration, figure 1 presents a simplified overview of the threat model.

Fig. 1. A schematic and simplified overview of the threat model.

3! Microphone-based Eavesdropping

Modern smartphones have the capability to tape any sort of ambient sound through

built-in microphones, including private conversations, and to transmit sensitive data,

such as the recording itself or information extracted from recorded speech, to remote

servers over the Internet. Mobile apps installed on a phone could exploit these capabil-

ities for secret eavesdropping. Aspects concerning app permissions and user notifica-

tions that could affect the feasibility and visibility of such an attack are examined in the

following two subsections.

3.1! Microphone Access Permission

Before an app can access microphones in Android and iOS devices, permission has to

be granted by the user. However, people tend to accept such requests blindly if they are

interested in an app’s functionality [10]. A survey of 308 Android users found that only

17% of respondents paid attention to permissions during app installation, and no more

than 3% of the participants correctly answered the related comprehension questions

[24].

For more information on cross-device tracking, refer to [65]

Encouraging app development at the expense of user privacy, current permission

systems are much less strict than they were in early smartphones and have been criti-

cized as „coarse grained and incomplete“ [59]. Also, once a permission is granted, it is

usually not transparent for users when and for which particular purpose data is being

collected and to which servers it is being sent [62].

To include analytics and advertising capabilities, apps commonly make use of third-

party libraries, i.e., code written by other companies. These libraries share multimedia

permissions, such as microphone access, with their corresponding host app and are of-

ten granted direct Internet access [39]. Apart from the concern that third-party libraries

are easily over-privileged, it is considered problematic that app developers often have

limited or no understanding of the library code, which can also be changed dynamically

at runtime [59]. Thus, not only users but also app developers themselves may be una-

ware of privacy leaks based on the abuse of granted permissions.

A large variety of existing apps has access to smartphone microphones. Examining

over 17.000 popular Android apps, Pan et al. found that 43.8% ask for permission to

record audio [59].

3.2! User Notifications and Visibility

Android and iOS apps with microphone permission can not only record audio at any

time while they are active, i.e. running in the foreground, but also while they are in

background mode, under certain conditions [7, 31]. Background apps have limited priv-

ileges and are often suspended to conserve the device’s limited resources. In cases,

however, where they request the system to stay alive and continue recording while not

in the foreground, there are ways to indicate this to the user.

In iOS, the status bar will automatically turn bright red when recording takes place

in the background, allowing the user to immediately detect potentially unwanted mi-

crophone activity [8].

While the latest release of Android (version 9 Pie) implements similar measures [31],

some older versions produce no visible indication when background apps access the

microphone [10]. In this context, it might be worth noting that Android has been widely

criticized for its slow update cycle, with hundreds of millions of devices running on

massively outdated versions [56]. Also, quite obviously, notifications in the graphical

user interface are only visible as long as the device’s screen is not turned off. And

finally, some experimenters have already succeeded in circumventing the notification

requirements for smartphone media recordings [69].

4! Motion Sensor-based Eavesdropping

Adversaries might be able to eavesdrop on conversations through cell phones without

accessing the microphone. Studies have shown that smartphone motion sensors – more

specifically, accelerometers and gyroscopes – can be sensitive enough to pick up sound

vibrations and possibly even reconstruct speech signals [36, 54, 79].

4.1! Experimental Research Findings

There are opposing views on whether non-acoustic smartphone sensors capture sounds

at normal conversational loudness. While Anand and Saxena did not notice an apparent

effect of live human speech on motion sensors in several test devices [3], other studies

report very small but measurable effects of machine-rendered speech, significant

enough to reconstruct spoken words or phrases [54, 79].

Using only smartphone gyroscopes, researchers from Israel's defense technology

group Rafael and Stanford University were able to capture acoustic signals rich enough

to identify a speaker’s gender, distinguish between different speakers and, to some ex-

tent, track what was being said [54]. In a similar experiment, Zhang et al. demonstrated

the feasibility of inferring spoken words from smartphone accelerometer readings in

real-time, even in the presence of ambient noise and user mobility [79]. According to

their evaluation, the achieved accuracies were comparable to microphone-based hot-

word detection applications such as Samsung S Voice and Google Now.

Both [79] and [54] have notable limitations. First of all, their algorithms were only

able to detect a small set of predefined keywords instead of performing full speech

recognition. Also, the speech in both experiments was produced by loudspeakers or

phone speakers, which may result in acoustic properties different from live human

speech. In [54], the playback device and the recording smartphone even shared a com-

mon surface, leading critics to suggest that the observed effect on sensor readings was

not caused by aerial sound waves, but rather by direct surface vibrations [3]. Also, in

contrast to Zhang et al., this approach only achieved low recognition accuracies, par-

ticularly for speaker-independent hotword detection. By their own admission, however,

the authors of [54] are „security experts, not speech recognition experts“ [32]. There-

fore, the study should be regarded as an initial exploration rather than a perfect simula-

tion of state-of-the-art spying techniques. With regard to the effectiveness of their ap-

proach, the researchers pointed out several possible directions for future improvement.

It might also be noteworthy that patents have already been filed for methods to cap-

ture acoustic signals through motion sensors, including a “method of detecting a user's

voice activity using an accelerometer” [21] and a “system that uses an accelerometer in

a mobile device to detect hotwords” [55].

4.2! Sampling Frequency Limits

In order to limit energy consumption and because typical applications of smartphone

motion sensors do not require highly sampled data, current mobile operating systems

impose a cap on the sampling frequency of motion sensors, such as a maximum of 200

Hz for accelerometer readings in Android [3] and 100 Hz for gyroscopes in iOS [32].

For comparison, the fundamental frequency of the human speaking voice typically lies

between 85 Hz and 155 Hz for men and 165 Hz and 255 Hz for women [79]. Thus, if

at all, non-acoustic smartphone sensors can only capture a limited range of speech

sounds, which presents a challenge to speech reconstruction attacks.

With the help of the aliasing effect explained in [54], however, it is possible to indi-

rectly capture tones above the enforced frequency limits. Furthermore, experiments

show that motion sensor signals from multiple co-located devices can be merged to

obtain a signal with increased sampling frequency, significantly improving the effec-

tiveness of speech reconstruction attacks [36]. Two or more smartphones that are lo-

cated in proximity to each other and whose sensor readings are shared – directly or

indirectly – with the same actor may therefore pose an increased threat to speech pri-

vacy.

It should also be noted that motion sensors in smartphones are usually capable of

delivering much higher sampling frequencies (often up to 8 KHz) than the upper bounds

prescribed by mobile operating systems [3]. Researchers already expressed concern that

adversaries might be able to override and thereby exceed the software-based limits

through patching applications or kernel drivers in mobile devices [3, 54].

4.3! Sensor Access Permissions and Energy Efficiency

While certain hardware components, such as camera, microphone and the GPS chip,

are typically protected by permission mechanisms in mobile operating systems, motion

sensors can be directly accessed by third-party apps in iOS and Android without any

prior notification or request to the user [32, 45]. Thus, there is usually no way for

smartphone owners to monitor, let alone control when and for what purposes data from

built-in accelerometers and gyroscopes is collected. Even visited websites can often

access smartphone motion sensors [32]. Exploiting accelerometers and gyroscopes to

intrude user privacy is also much more energy-efficient and thus less conspicuous than

recording via microphone [79].

5! Existing Mitigation and Detection Techniques

Many methods are applied by ecosystem providers and security researchers to screen

mobile apps for vulnerabilities and malicious behavior. The following two subsections

examine existing efforts with regard to their potential impact on the feasibility and de-

tectability of mobile eavesdropping attacks.

5.1! App Inspections Conducted by Ecosystem Providers

Both iOS and Android apply a combination of static, dynamic and manual analysis to

scan new and existing apps on their respective app market for potential security threats

and to ensure that they operate as advertised [78]. Clearly, as the misbehavior of third-

party apps can ultimately damage their own reputation, the platforms have strong in-

centives to detect and prevent abuse attempts.

Nevertheless, countless examples of initially undetected malware and privacy leaks

have shown that the security screenings provided by Google and Apple are not always

successful [19]. Google Play’s app inspection process has even been described as „fun-

damentally vulnerable“ [29]. In a typical cat-and-mouse game, malicious apps evolve

quickly to bypass newly implemented security measures [63], sometimes by using „un-

bearably simple techniques“ [29]. In Android devices from uncertified manufacturers,

malware may even be pre-installed before shipment [14]. Significant vulnerabilities

have also been found in official built-in apps. Apple’s FaceTime app, for example, al-

lowed potential attackers to gain unauthorized access to iPhone cameras and micro-

phones without any requirement of advanced hacking skills [15].

Leaving security loopholes aside, the existing security mechanisms do not guarantee

privacy protection in terms of data minimization and transparency. Many mobile apps

collect personal data with no apparent relevance to the advertised functionality [18, 62].

Even well-known apps like Uber have not been prevented from collecting sensitive user

data that is not required for the service they offer [46].

There are also many documented cases of mobile apps using their microphone access

in unexpected ways. An example that has received a lot of media attention recently is

the use of so-called “ultrasonic beacons”, i.e. high-pitched Morse-style audio signals

inaudible to the human ear which are secretly played in stores or embedded in TV com-

mercials and other broadcast content in order to be able to unobtrusively track the lo-

cation, activities and media consumption habits of consumers [10]. For this to work,

the data subject needs to carry a receiving device that records and scans ambient sound

for relevant ultrasonic signals and sends them back to the tracking network for auto-

mated comparison. A constantly growing number of mobile apps – several hundred

already, some of them very popular – are using their microphone permission for exactly

that purpose, often without properly informing the user about it [10, 47]. These apps,

some of which are targeted at children and would not require audio recording for their

core functionality, may even detect sounds while the phone is locked and carried in a

pocket [47]. Even in cases where users are aware that their phone listens in, it is not

clear to them what the audio stream is filtered for exactly and what information is being

exfiltrated. Thus, the example of ultrasonic beacons shows how apps that have been

approved into Apple’s App Store and Google Play can exploit their permissions for

dubious and potentially unexpected tracking purposes.

Finally, it should not be overlooked that smartphone apps can also be obtained from

various non-official sources, circumventing Apple’s and Google’s permission systems

and auditing processes [62]. In Android, users are free in choosing the source of their

applications [78]. Following a more restrictive policy, iOS only allows users to install

apps downloaded from the official Apple App Store. However, kernel patches can be

used to gain root access and remove software restrictions in iOS (“iOS jailbreaking”),

which enables users to install apps from uncertified publishers [62].

5.2! App Inspections Conducted by the Research Community

In addition to the checks conducted by Google and Apple, mobile apps are being re-

viewed by a broad community of security and privacy researchers. A wide and con-

stantly expanding range of manual and automated methods is applied for this purpose.

Pan et al., for instance, scanned 17,260 popular Android apps from different app

markets for potential privacy leaks [59]. Through examining their media permissions,

privacy policies and outgoing network flows, the researchers tried to identify apps that

upload audio recordings to the Internet without explicitly informing the user about it.

While unveiling other serious forms of privacy violations, they found no evidence of

such behavior. Based on these findings, the widely held suspicion of companies secretly

eavesdropping on smartphone users was already portrayed as refuted in news headlines

[34, 80].

However, the study comes with numerous limitations: Apart from considering only

a small fraction of the over 2 million available Android apps, the researchers did not

examine media exfiltration from app background activity, did not consider the use of

privileged APIs, only tested a limited amount of each app’s functionalities for a short

amount of time, used a controlled test environment with no real human interactions, did

not consider iOS apps at all, and were not able to detect media that was intentionally

obfuscated, encrypted at the application-layer, or sent over the network in non-standard

encoding formats. Perhaps most importantly, Pan et al. were not able to rule out the

scenario of apps transforming audio recordings into less detectable text transcripts or

audio fingerprints before sending the information out. This would be a very realistic

attack scenario. In fact, various popular apps are known to compress recorded audio in

such a way [10, 33]. While all the choices that Pan et al. made regarding their experi-

mental setup and methodology are completely understandable and were communicated

transparently, the limitations do limit the significance of their findings. All in all, their

approach would only uncover highly unsophisticated eavesdropping attempts.

Of course, many other researchers have also tried to detect privacy leaks in iOS and

Android apps [62]. Besides analyzing decompiled code, permission requests and gen-

erated network traffic, other factors, such as battery power consumption and device

memory usage, can also be monitored to detect suspicious app behavior [67]. Although

some experts claim to have observed certain mobile apps recording and sending out

audio with no apparent justification [58], the scientific community has not yet produced

any hard evidence for large-scale eavesdropping through smartphone microphones.

Like the above-cited work by Pan et al., however, other existing methods to identify

privacy threats in mobile devices also come with considerable limitations. Due to its

closed-source nature, there is generally a lack of scalable tools for detecting malicious

apps within iOS [19]. While, on the other hand, numerous efficient methods have been

proposed for automatically scanning Android apps, none of these approaches is totally

effective at detecting privacy leaks [59]. As with security checks of the official app

stores (see section 5.1), there is a wide range of possible obfuscation techniques and

covert channels to circumvent detection mechanisms developed by the scientific com-

munity [10, 67]. Furthermore, many of the existing approaches do not indicate if de-

tected data exfiltration activities are justified with regard to an app’s advertised func-

tionality [62]. Yerukhimovich et al. even suggest that apps classified as safe or non-

malicious are more likely to leak private information than typical “malware” [78].

Therefore, the fact that no evidence for large-scale mobile eavesdropping has been

found so far should not be interpreted as an all-clear. It could only mean that it is diffi-

cult – under current circumstances perhaps even impossible – to detect such attacks

effectively.

6! Ecosystem Providers as Potential Adversaries

Not only third-party apps but also mobile operating systems themselves can access pri-

vacy-sensitive smartphone data and transfer it over the Internet. It has been known for

years that both, iOS and Android, do so extensively [5]. Examining the amount of data

sent back to Google’s and Apple’s servers from test devices, a recent study found that

iPhones – on average – received four requests per hour from their manufacturer during

idle periods, and eighteen requests during periods of heavy use [68]. Leaving these

numbers far behind, Android phones received forty hourly requests from Google when

in idle state and ninety requests during heavy use. Of course, the number of requests

per hour has only limited informational value. Data is often collected much more fre-

quently, such as on a secondly basis or even constantly, to be later aggregated, com-

pressed and sent out in data bundles [5].

While the establishment of network connections can be monitored, many aspects of

data collection and processing in smartphones remain opaque. The source code of iOS

is not made publicly available, and while Android is based on code from the Android

Open Source Project, several of Google’s proprietary apps and system components are

closed-source as well [2]. Due to the resulting lack of transparency, it cannot be reliably

ruled out that sensitive data is collected and processed without the will or knowledge

of the smartphone owner – although, naturally, this would represent a considerable le-

gal and reputational risk for the corresponding platform provider.

As an intermediary between applications and hardware resources, operating systems

control the access to smartphone sensors, including microphones, accelerometers and

gyroscopes, and can also decide whether or not sensor activity is indicated to the user

on the device’s screen. Other than with third-party apps, there is no superior authority

in the system supervising the actions and decisions of iOS and Android. While external

security experts can carry out inspections using similar methods as outlined in section

5.2, they also face similar limitations. There is no reason to assume that operating sys-

tems refrain from using sophisticated obfuscation techniques to conceal their data col-

lection practices. Additionally, being in control of the whole system, iOS and Android

can access data on different levels of their respective software stack, which gives them

more options for stealthy data exfiltration and could possibly impede detection.

7! Technical and Economic Feasibility

Even where adversaries manage to get around security measures and evade detection,

it remains questionable whether a continuous and large-scale eavesdropping operation

for the purpose of ad targeting would be technically feasible and economically viable.

Based on estimations of CPU, battery, network transfer and data storage requirements,

some commentators already stated their conclusion that such an operation would be far

too expensive [51, 76] and may “strain even the resources of the NSA” [71]. Taking

into account their underlying assumptions, these estimates appear valid. However, there

are several ways in which smartphone-based eavesdropping could be made much more

efficient and scalable, including:

•! Low quality audio recording. To reduce the required data storage, processing

power and energy consumption, adversaries could record audio at low bitrates.

Speech signals do not even have to be intelligible to the human ear to be recognized

and transcribed into text by algorithms [54].

•! Local pre-processing. Some steps in the processing of recordings (e.g. transcrip-

tion, extraction of audio features, data filtering, keyword matching, compression)

can be performed locally on the device in order to transmit only the most relevant

data to remote servers and thus reduce network traffic and required cloud storage.

•! Keyword detection instead of full speech recognition. The amounts of processing

power required for automatic speech recognition can be prohibitively high for local

execution on mobile devices. A less CPU-intensive alternative to full speech recog-

nition is keyword detection, where only a pre-defined vocabulary of spoken words

is recognized. Such systems can even run on devices with much lower computational

power than smartphones, such as 16-bit microcontrollers [25]. It has been argued

that it would still be too taxing for mobile devices to listen out for the “millions or

perhaps billions” of targetable keywords that could potentially be dropped in private

conversations [51]. However, instead of listening for specific product and brand

names, audio recordings can simply be scanned for trigger words that indicate a per-

son’s interest such as “love”, “enjoyed”, or “great” in order to identify relevant snip-

pets of the recording that can then be analyzed in more depth. In fact, this very audio

analysis method has already been patented, with the specific declared purpose of

informing “targeted advertising and product recommendations” [22].

•! Selective recording. Instead of recording continuously, an adversary could only rec-

ord at selected moments using wake words or triggers based on time, location, user

activity, sound level, and other context variables. This could significantly reduce the

amount of required storage and network traffic [67].

Mobile apps that use all or some of the above techniques can be light enough to run

smoothly on smartphones, as numerous commercial apps and research projects show

[9, 10, 33, 58, 67].

But even if it is possible for companies to listen in on private conversations, some

argue that this information might not be of much value to advertisers, since they would

need to know a conversation’s context and speaker personalities very well in order to

accurately infer personal preferences and purchase intentions from spoken phrases [51].

This argument is reasonable, but can equally be applied to many other profiling meth-

ods, including online tracking and location tracking, which are widely used nonethe-

less. Of course, where contextual information is sparse, such methods may lead to

wrong conclusions about the respective data subject, possibly resulting in poor and in-

efficient ad targeting. However, this would not conflict with the above-mentioned re-

ports of suspected eavesdropping: While the ads were perceived as inspired by topics

raised in private conversations, they did not always reflect the purported witnesses’

actual needs and wants [6, 12].

From an outside perspective, it cannot be precisely determined how profitable cer-

tain types of personal data are for advertisers. It is therefore difficult, if not impossible,

to draw up a meaningful cost-benefit calculation. However, it can generally be assumed

that private conversations contain a lot of valuable profiling information, especially

when speakers express their interest in certain products or services. It is also worth

mentioning that some of the world’s largest companies earn a significant portion of

their revenue through advertising – for Google and Facebook, this portion amounted to

85% and 98% in 2018, respectively [1, 23]. Profits from advertising can be considerably

increased through effective targeting, which requires the collection of detailed personal

information [68]. There is no doubt that smartphone sensor data can be very useful for

this purpose. A recently filed patent describes, for example, how “local signals” from a

mobile device, including motion sensor data and audio data from the microphone, can

be analyzed to personalize a user’s Facebook news feed [50].

8! Unauthorized Access to Smartphones

Although this is most likely no explanation for suspicious ad placement, it should be

noted that there are many ways in which skilled computer experts or “hackers” can gain

unauthorized access to mobile devices. The widespread use of smartphones makes them

a particularly attractive hacking target [4].

Not only cyber criminals, but also law enforcement agencies and secret services in-

vest heavily in their capabilities to exploit software flaws and other security vulnerabil-

ities in consumer electronics [73]. It has been known for some time that intelligence

agencies, such as NSA, GCHQ, and CIA, are equipped with tools to secretly compro-

mise devices running iOS, Android and other mobile operating systems, enabling them

“to move inside a system freely as if they owned it” [66, 75].

In addition to accessing sensitive data, such as geo-location, passwords, personal

notes, contacts, and text messages, this includes the ability to turn on a phone’s micro-

phone without a user’s consent or awareness [11]. With the help of specialized tools,

smartphone microphones can even be tapped when the device is (or seems) switched

off [73]. Such attacks can also be successful in high-security environments. In a recent

case, for example, more than 100 Israeli servicemen had their phones infected with

spyware that allowed unknown adversaries to control built-in cameras and microphones

[57].

Besides the United States and some European nations, other developed countries,

such as Russia, Israel and China, also have highly sophisticated spying technology at

their disposal [75]. Less developed countries and other actors can buy digital eaves-

dropping tools from a flourishing industry of surveillance contractors at comparatively

low prices [60]. That not only secret services but also law enforcement agencies in the

US can be authorized to convert smartphones into “roving bugs” to listen in on private

conversations has been confirmed in a 2012 court ruling [16]. Eavesdropping capabili-

ties of criminal organizations should not be underestimated, either. According to a re-

port by McAfee and the Center for Strategic and International Studies (CSIS), there are

20 to 30 cybercrime groups with "nation-state level" capacity in countries of the former

Soviet Union alone [52].

9! Discussion

So far, despite significant research efforts, no evidence has been found to confirm the

widespread suspicion that firms are secretly eavesdropping on smartphone users to in-

form ads. To the best of our knowledge, however, the opposite has not been proven

either. While some threat scenarios (e.g. the constant transfer of uncompressed audio

recordings into the cloud) can be ruled out based on existing security measures and

considerations regarding an attack’s visibility, cost and technical feasibility, there are

still many security vulnerabilities and a fundamental lack of transparency that poten-

tially leave room for more sophisticated attacks to be successful and remain undetected.

In comparison with the researchers cited in this paper, it can be assumed that certain

companies have significantly more financial resources, more training data, and more

technical expertise in areas such as signal processing, data compression, covert chan-

nels, and automatic speech recognition. This is – besides unresolved contradictions be-

tween cited studies and large remaining research gaps – another reason why existing

work should not be seen as final and conclusive, but rather as an initial exploration of

the issue.

While this paper focuses on smartphones, it should be noted that microphones and

motion sensors are also present in a variety of other Internet-connected devices, includ-

ing not only VR headsets, wearable fitness trackers and smartwatches, but also baby

monitors, toys, remote controls, cars, household appliances, laptops, and smart speak-

ers. Some of these devices may have weaker privacy safeguards than smartphones. For

instance, they may not ask for user permission before turning on the microphone or

may not impose a limit on sensor sampling frequencies. Numerous devices, including

smart TVs [13], smart speakers [27], and connected toys [26], have already been sus-

pected to spy on private conversations of their users. Certain smart home devices, such

as home security alarms, may even contain a hidden microphone without disclosing it

in the product specifications [44]. For these reasons, it is essential to also thoroughly

examine non-smartphone devices when investigating suspicions of eavesdropping.

It is quite possible, at the same time, that the fears of advertising companies eaves-

dropping on private conversations are unfounded. Besides the widespread attribution

to chance, one alternative approach to explaining strangely accurate advertisements

points to all the established tracking technologies commonly employed by advertisers

that do not depend on any phone sensors or microphones [51].

Drawing from credit card networks, healthcare providers, insurers, employers, pub-

lic records, websites, mobile apps, and many other sources, certain multi-national cor-

porations already hold billions of individual data points on consumers’ location histo-

ries, browsing behaviors, religious and political affiliations, occupations, socioeco-

nomic backgrounds, health conditions, personality traits, product preferences, and so

on [17, 64]. Although their own search engines, social networks, email services, route

planners, instant messengers, and media platforms already give them intimate insight

into the lives of billions of people, advertising giants like Facebook and Google also

intensively track user behavior on foreign websites and apps. Of the 17.260 apps ex-

amined in [59], for example, 48.22% share user data with Facebook in the background.

Through their analytics services and like buttons, Google and Facebook can track clicks

and scrolls of Internet users on a vast number of websites [17].

The deep and potentially unexpected insights that result from such ubiquitous sur-

veillance can be used for micro-targeted advertising and might thereby create an illu-

sion of being eavesdropped upon, especially if the data subject is ill-informed about the

pervasiveness and impressive possibilities of data linkage.

Even without being used for audio snooping, smartphones (in their current configu-

ration) allow a large variety of actors to track private citizen in a much more efficient

and detailed way than would ever have been possible in even the most repressive re-

gimes and police states of the 20th century. At the bottom line, whether sensitive infor-

mation is extracted from private conversations or collected from other sources does not

make much difference to the possibilities of data exploitation and the entailing conse-

quences for the data subject. Therefore, whether justified or not, the suspicions exam-

ined in this paper eventually lead to a very fundamental question: What degree of sur-

veillance should be considered acceptable for commercial purposes like targeted adver-

tising? Although this paper cannot offer an answer to this political question, it should

not be forgotten that constant surveillance is by no means a technical necessity and that,

by definition, democracies should design and regulate technology to primarily reflect

the values of the public, not commercial interests.

Certainly, the fear of eavesdropping smartphones should never be portrayed as com-

pletely unfounded, as various criminal and governmental actors can gain unauthorized

access to consumer electronics. Although such attacks are unlikely to result in targeted

advertisement, they equally deprive the user of control over his or her privacy and might

lead to other unpredictable harms and consequences. For example, digital spying tools

have been used to infiltrate the smartphones of journalists [49] and human rights activ-

ists [60] for repressive purposes.

Finally, it should be recognized that – apart from the linguistic contents of speech –

microphones and motion sensors may unexpectedly transmit a wealth of other sensitive

information. Through the lens of advanced analytics, a voice recording can reveal a

speaker’s identity [53], physical and mental health state [20, 37], and personality traits

[61], for example. Accelerometer data from mobile devices may implicitly contain in-

formation about a user’s location [35], daily activities [48], eating, drinking and smok-

ing habits [72, 74], degree of intoxication [30], gender, age, body features and emo-

tional state [43] and can also be used to re-construct sequences of text entered into a

device, including passwords [42].

10! Conclusion

After online advertisements seemingly adapted to topics raised in private face-to-face

conversations, many people suspect companies to secretly listen in through their

smartphones. This paper reviewed and analyzed existing approaches to explaining the

phenomenon and examined the general feasibility and detectability of mobile eaves-

dropping attacks. While it is possible, on the one hand, that the strangely accurate ads

were just a product of chance or conventional profiling methods, the spying fears were

not disproved so far, neither by device manufacturers and ecosystem providers nor by

the research community.

In our threat model, we considered non-system mobile apps, third-party libraries,

and ecosystem providers themselves as potential adversaries. Smartphone microphones

and motion sensors were investigated as possible eavesdropping channels. Taking into

account permission requirements, user notifications, sensor sampling frequencies, lim-

ited device resources, and existing security checks, we conclude that – under the current

levels of data collection transparency in iOS and Android – sophisticated eavesdrop-

ping operations could potentially be run by either of the above-mentioned adversaries

without being detected. At this time, no estimate can be made as to the probability and

economic viability of such attacks.

References

1.! Alphabet Inc.: Alphabet Announces Fourth Quarter and Fiscal Year 2018 Results,

https://abc.xyz/investor/static/pdf/2018Q4_alphabet_earnings_release.pdf?cache=adc3b38,

(2019).

2.! Amadeo, R.: Google’s iron grip on Android: Controlling open source by any means neces-

sary, https://arstechnica.com/gadgets/2018/07/googles-iron-grip-on-android-controlling-

open-source-by-any-means-necessary/, (2018).

3.! Anand, S.A., Saxena, N.: Speechless: Analyzing the Threat to Speech Privacy from

Smartphone Motion Sensors. In: 2018 IEEE Symposium on Security and Privacy. pp.

1000–1017 IEEE, San Francisco, CA (2018). https://doi.org/10.1109/SP.2018.00004.

4.! Aneja, L., Babbar, S.: Research Trends in Malware Detection on Android Devices. In:

Panda, B. et al. (eds.) Data Science and Analytics. pp. 629–642 Springer, Singapore

(2018). https://doi.org/10.1007/978-981-10-8527-7_53.

5.! Angwin, J., Valentino-DeVries, J.: Apple, Google Collect User Data,

https://www.wsj.com/articles/SB10001424052748703983704576277101723453610,

(2011).

6.! Anonymous: YouTube user demonstrating how Facebook listens to conversations to serve

ads, https://www.reddit.com/r/videos/comments/79i4cj/youtube_user_demonstrat-

ing_how_facebook_listens/, (2017).

7.! Apple: Background Execution, https://developer.apple.com/library/archive/documenta-

tion/iPhone/Conceptual/iPhoneOSProgrammingGuide/BackgroundExecution/Back-

groundExecution.html.

8.! Apple: Record - iPhone User Guide, https://help.apple.com/iph-

one/11/?lang=en#/iph4d2a39a3b.

9.! Arcas, B.A. y et al.: Now Playing: Continuous low-power music recognition. ArXiv Com-

put. Res. Repos. abs/1711.10958, (2017). http://arxiv.org/abs/1711.10958.

10.! Arp, D. et al.: Privacy Threats through Ultrasonic Side Channels on Mobile Devices. In:

2017 IEEE European Symposium on Security and Privacy (EuroS&P). pp. 35–47 IEEE,

Paris, France (2017). https://doi.org/10.1109/EuroSP.2017.33.

11.! Ball, J.: Angry Birds and “leaky” phone apps targeted by NSA and GCHQ for user data,

https://www.theguardian.com/world/2014/jan/27/nsa-gchq-smartphone-app-angry-birds-

personal-data, (2014).

12.! BBC News Services: Is your phone listening in? Your stories,

https://www.bbc.com/news/technology-41802282, (2017).

13.! Beres, D.: How To Stop Your Smart TV From Eavesdropping On You, https://www.huff-

post.com/entry/your-samsung-tv-is-spying-on-you_n_6647762, (2015).

14.! Bocek, V., Chrysaidos, N.: Android devices ship with pre-installed malware,

https://blog.avast.com/android-devices-ship-with-pre-installed-malware, (2018).

15.! Bogost, I.: FaceTime Is Eroding Trust in Tech, https://www.theatlantic.com/technology/ar-

chive/2019/01/apple-facetime-bug-you-cant-escape/581554/, (2019).

16.! Brown, A.J.: United States v. Oliva (United States Court of Appeals, D.C. No. 3:07-cr-

00050-BR-1). (2012).

17.! Christl, W.: Corporate Surveillance in Everyday Life. Cracked Labs, Vienna (2017).

18.! Christl, W., Spiekermann, S.: Networks of Control: A Report on Corporate Surveillance,

Digital Tracking, Big Data & Privacy. Facultas, Vienna (2016).

19.! Cimitile, A. et al.: Machine Learning Meets iOS Malware: Identifying Malicious Applica-

tions on Apple Environment: In: Proceedings of the 3rd International Conference on Infor-

mation Systems Security and Privacy. pp. 487–492 SciTePress, Porto, Portugal (2017).

https://doi.org/10.5220/0006217304870492.

20.! Cummins, N. et al.: Speech analysis for health: Current state-of-the-art and the increasing

impact of deep learning. Methods. (2018). https://doi.org/10.1016/j.ymeth.2018.07.007.

21.! Dusan, S.V. et al.: System and Method of Detecting a User’s Voice Activity Using an Ac-

celerometer (Patent No.: US9438985B2), https://patents.google.com/pa-

tent/US9438985B2/en, (2014).

22.! Edara, K.K.: Keyword Determinations from Voice Data (Patent No.: US20140337131A1),

https://patents.google.com/patent/US20140337131A1/en, (2014).

23.! Facebook: Facebook Reports Fourth Quarter and Full Year 2018 Results,

https://s21.q4cdn.com/399680738/files/doc_financials/2018/Q4/Q4-2018-Earnings-Re-

lease.pdf.

24.! Felt, A.P. et al.: Android Permissions: User Attention, Comprehension, and Behavior. In:

Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ’12).

ACM Press, Washington, D.C. (2012). https://doi.org/10.1145/2335356.2335360.

25.! Fourniols, J.-Y. et al.: An Overview of Basics Speech Recognition and Autonomous Ap-

proach for Smart Home IOT Low Power Devices. J. Signal Inf. Process. 9, 239–257.

https://doi.org/10.4236/jsip.2018.94015.

26.! Freytas-Tamura, K. de: The Bright-Eyed Talking Doll That Just Might Be a Spy,

https://www.nytimes.com/2017/02/17/technology/cayla-talking-doll-hackers.html, (2018).

27.! Fussell, S.: Behind Every Robot Is a Human, https://www.theatlantic.com/technology/ar-

chive/2019/04/amazon-workers-eavesdrop-amazon-echo-clips/587110/, (2019).

28.! Ganjoo, S.: Is Facebook secretly listening your conversations? New report says yes, secu-

rity experts say no proof, https://www.indiatoday.in/technology/features/story/is-facebook-

secretly-listening-your-conversations-new-report-says-yes-security-experts-say-no-proof-

1255870-2018-06-09, (2018).

29.! Gao, G., Chow, M.: Android Applications, Can You Trust Google Play on These. Tufts

University (2016).

30.! Gharani, P. et al.: An Artificial Neural Network for Gait Analysis to Estimate Blood Alco-

hol Content Level. ArXiv Comput. Res. Repos. abs/1712.01691, (2017).

https://arxiv.org/abs/1712.01691.

31.! Google: Android 9 Pie, https://www.android.com/versions/pie-9-0/.

32.! Greenberg, A.: The Gyroscopes in Your Phone Could Let Apps Eavesdrop on Conversa-

tions, https://www.wired.com/2014/08/gyroscope-listening-hack/, (2014).

33.! Grosche, P. et al.: Audio Content-Based Music Retrieval. In: Müller, M. et al. (eds.) Multi-

modal Music Processing. Dagstuhl Follow-Ups. Dagstuhl Publishing, Wadern (2012).

34.! Hale, J.L.: Does Your Smartphone Listen To You? A New Study Debunked This Common

Conspiracy, https://www.bustle.com/p/does-your-smartphone-listen-to-you-a-new-study-

debunked-this-common-conspiracy-9682413, (2018).

35.! Han, J. et al.: ACComplice: Location inference using accelerometers on smartphones. In:

2012 Fourth International Conference on Communication Systems and Networks

(COMSNETS). pp. 1–9 (2012). https://doi.org/10.1109/COMSNETS.2012.6151305.

36.! Han, J. et al.: PitchIn: Eavesdropping via Intelligible Speech Reconstruction using Non-

Acoustic Sensor Fusion. In: Proceedings of the 16th ACM/IEEE International Conference

on Information Processing in Sensor Networks (IPSN). pp. 181–192 ACM Press, Pitts-

burgh (2017). https://doi.org/10.1145/3055031.3055088.

37.! Hashim, N.W. et al.: Evaluation of Voice Acoustics as Predictors of Clinical Depression

Scores. J. Voice. 31, 2, 256.e1-256.e6 (2017). https://doi.org/10.1016/j.jvoice.2016.06.006.

38.! Hassan, B.: 1 in 5 Aussies convinced their smartphone is spying on them,

https://www.finder.com.au/press-release-july-2018-1-in-5-aussies-convinced-their-

smartphone-is-spying-on-them, (2018).

39.! He, Y. et al.: Dynamic Privacy Leakage Analysis of Android Third-Party Libraries. In: 1st

International Conference on Data Intelligence and Security (ICDIS). pp. 275–280 (2018).

https://doi.org/10.1109/ICDIS.2018.00051.

40.! Khatibloo, F.: Is Facebook Listening (And So What If They Are)?,

https://www.forbes.com/sites/forrester/2017/03/17/is-facebook-listening-and-so-what-if-

they-are/, (2017).

41.! Kleinman, Z.: Is your smartphone listening to you?, https://www.bbc.com/news/technol-

ogy-35639549, (2016).

42.! Kröger, J.: Unexpected Inferences from Sensor Data: A Hidden Privacy Threat in the In-

ternet of Things. In: Strous, L. and Cerf, V.G. (eds.) Internet of Things. Information Pro-

cessing in an Increasingly Connected World. pp. 147–159 Springer International Publish-

ing (2019). https://doi.org/10.1007/978-3-030-15651-0_13.

43.! Kröger, J.L. et al.: Privacy Implications of Accelerometer Data: A Review of Possible In-

ferences. In: Proceedings of the 3rd International Conference on Cryptography, Security

and Privacy (ICCSP). ACM, New York, NY, USA (2019).

https://doi.org/10.1145/3309074.3309076.

44.! Lee, D.: Google admits error over hidden microphone, https://www.bbc.com/news/tech-

nology-47303077, (2019).

45.! Liu, X. et al.: Discovering and Understanding Android Sensor Usage Behaviors with Data

Flow Analysis. World Wide Web. 21, 1, 105–126 (2018). https://doi.org/10.1007/s11280-

017-0446-0.

46.! Lomas, N.: Uber to end controversial post-trip tracking as part of privacy drive, http://so-

cial.techcrunch.com/2017/08/29/uber-to-end-controversial-post-trip-tracking-as-part-of-

privacy-drive/, (2017).

47.! Maheshwari, S.: That Game on Your Phone May Be Tracking What You’re Watching on

TV, https://www.nytimes.com/2017/12/28/business/media/alphonso-app-tracking.html,

(2017).

48.! Mannini, A. et al.: Activity recognition using a single accelerometer placed at the wrist or

ankle. Med Sci Sport Exer. 45, 11, 2193–2203 (2013).

https://doi.org/10.1249/MSS.0b013e31829736d6.

49.! Marczak, B. et al.: Hacking Team and the Targeting of Ethiopian Journalists, https://citi-

zenlab.ca/2014/02/hacking-team-targeting-ethiopian-journalists/, (2014).

50.! Marra, C.J. et al.: Ranking of News Feed in a Mobile Device Based on Local Signals (Pub.

No.: US20170351675A1), https://patents.google.com/patent/US20170351675A1/en,

(2017).

51.! Martínez, A.G.: Facebook’s Not Listening Through Your Phone. It Doesn’t Have To,

https://www.wired.com/story/facebooks-listening-smartphone-microphone/, (2017).

52.! McAfee: Net Losses: Estimating the Global Cost of Cybercrime. Center for Strategic and

International Studies (CSIS), Washington, D.C. (2014).

53.! McLaren, M. et al.: The 2016 Speakers in the Wild Speaker Recognition Evaluation. In:

Proceedings of the 16th Annual Conference of the International Speech Communication

Association (INTERSPEECH). pp. 823–827 (2016). https://doi.org/10.21437/Inter-

speech.2016-1137.

54.! Michalevsky, Y. et al.: Gyrophone: Recognizing Speech from Gyroscope Signals. In: Pro-

ceedings of the 23rd USENIX Security Symposium. pp. 1053–1067 (2014).

55.! Mohapatra, P. et al.: Energy-efficient, Accelerometer-based Hotword Detection to Launch

a Voice-control System. (Patent No.: US20170316779A1), https://patents.google.com/pa-

tent/US20170316779A1/en, (2017).

56.! Morris, I.: Android Is Still Failing Where Apple’s iOS Is Winning,

https://www.forbes.com/sites/ianmorris/2018/04/13/android-is-still-failing-where-apples-

ios-is-winning/, (2018).

57.! Naor, I.: Breaking The Weakest Link Of The Strongest Chain, https://secure-

list.com/breaking-the-weakest-link-of-the-strongest-chain/77562/, (2017).

58.! Nichols, S., Morgans, J.: Your Phone Is Listening and it’s Not Paranoia,

https://www.vice.com/en_uk/article/wjbzzy/your-phone-is-listening-and-its-not-paranoia,

(2018).

59.! Pan, E. et al.: Panoptispy: Characterizing Audio and Video Exfiltration from Android Ap-

plications. Proc. Priv. Enhancing Technol. 2018, 4, 33–50 (2018).

https://doi.org/10.1515/popets-2018-0030.

60.! Perlroth, N.: Governments Turn to Commercial Spyware to Intimidate Dissidents,

https://www.nytimes.com/2016/05/30/technology/governments-turn-to-commercial-spy-

ware-to-intimidate-dissidents.html, (2017).

61.! Polzehl, T.: Personality in Speech. Springer International Publishing, Cham (2015).

https://doi.org/10.1007/978-3-319-09516-5.

62.! Quattrone, A.: Inferring Sensitive Information from Seemingly Innocuous Smartphone

Data. The University of Melbourne (2016).

63.! Rahman, M. et al.: Search Rank Fraud and Malware Detection in Google Play. IEEE

Trans. Knowl. Data Eng. 29, 6, 1329–1342 (2017).

https://doi.org/10.1109/TKDE.2017.2667658.

64.! Ramirez, E. et al.: Data Brokers. A Call for Transparency and Accountability. Federal

Trade Commission, Washington, D.C. (2014).

65.! Ramirez, R. et al.: Cross-Device Tracking: An FTC Staff Report. Federal Trade Commis-

sion, Washington, D.C. (2017).

66.! Rosenbach, M. et al.: iSpy: How the NSA Accesses Smartphone Data, http://www.spie-

gel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-

921161.html, (2013).

67.! Schlegel, R. et al.: Soundcomber: A Stealthy and Context-Aware Sound Trojan for

Smartphones. In: Proceedings of the Network and Distributed System Security Symposium

(NDSS). (2011).

68.! Schmidt, D.C.: Google Data Collection. Digital Content Next, New York (2018).

69.! Sidor, S.: Exploring limits of covert data collection on Android: apps can take photos with

your phone without you knowing., http://www.ez.ai/2014/05/exploring-limits-of-covert-

data.html, (2014).

70.! Statista: Global mobile OS market share in sales to end users from 1st quarter 2009 to 2nd

quarter 2018, https://www.statista.com/statistics/266136/global-market-share-held-by-

smartphone-operating-systems/.

71.! Stern, J.: Facebook Really Is Spying on You, Just Not Through Your Phone’s Mic,

https://www.wsj.com/articles/facebook-really-is-spying-on-you-just-not-through-your-

phones-mic-1520448644, (2018).

72.! Tang, Q. et al.: Automated Detection of Puffing and Smoking with Wrist Accelerometers.

In: Proceedings of the 8th International Conference on Pervasive Computing Technologies

for Healthcare. pp. 80–87 (2014).

73.! Taylor, P.: Edward Snowden interview: “Smartphones can be taken over,”

https://www.bbc.com/news/uk-34444233, (2015).

74.! Thomaz, E. et al.: A practical approach for recognizing eating moments with wrist-

mounted inertial sensing. In: Proceedings of the ACM International Conference on Ubiqui-

tous Computing. pp. 1029–1040 ACM Press (2015).

https://doi.org/10.1145/2750858.2807545.

75.! Timberg, C. et al.: WikiLeaks: The CIA is using popular TVs, smartphones and cars to spy

on their owners, https://www.washingtonpost.com/news/the-switch/wp/2017/03/07/why-

the-cia-is-using-your-tvs-smartphones-and-cars-for-spying/?noredi-

rect=on&utm_term=.c162373021c3, (2017).

76.! Triggs, R.: No, your smartphone is not always listening to you, https://www.androidau-

thority.com/your-phone-is-not-listening-to-you-884028/, (2018).

77.! Tsukayama, H., Romm, T.: Lawmakers press Apple and Google to explain how they track

and listen to users, https://www.washingtonpost.com/technology/2018/07/09/lawmakers-

press-apple-google-explain-how-they-track-listen-users/, (2018).

78.! Yerukhimovich, A. et al.: Can Smartphones and Privacy Coexist? Assessing Technologies

and Regulations Protecting Personal Data on Android and iOS Devices. MIT Lincoln La-

boratory, Lexington, MA (2016). https://doi.org/10.7249/RR1393.

79.! Zhang, L. et al.: AccelWord: Energy Efficient Hotword Detection through Accelerometer.

In: Proceedings of the 13th Annual International Conference on Mobile Systems, Applica-

tions, and Services (MobiSys). pp. 301–315 ACM Press (2015).

https://doi.org/10.1145/2742647.2742658.

80.! No, Phones Aren’t Listening to Your Conversations, but May Be Recording In-App Vid-

eos: Study, https://www.justandroid.net/2018/07/05/no-phones-arent-listening-to-your-

conversations-but-may-be-recording-in-app-videos-study/, (2018).