this post was submitted on 02 Sep 2024
233 points (96.4% liked)

Pulse of Truth

1426 readers
18 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago
MODERATORS
krogoth
233
In Leak, Facebook Partner Brags About Listening to Your Phone’s Microphone to Serve Ads for Stuff You Mention (futurism.com)
submitted 11 months ago by lemmydev2 to c/pulse_of_truth
26 comments fedilink hide all child comments
 

Comments

you are viewing a single comment's thread
view the rest of the comments
[–] I_Miss_Daniel@lemmy.world 46 points 11 months ago (11 children)

Would this trigger the 'mic in use' indicator on Android and iPhone platforms?

[–] henfredemars 26 points 11 months ago* (last edited 11 months ago) (6 children)

It has to. The only way that it wouldn’t trip the indicator is if it was built into the operating system itself or somehow had an exploit to get around OS security protections.

The information is fascinating but by and large should no longer be applicable because the OS has been designed to prevent using the microphone without the users knowledge. An app doesn’t have access to the microphone hardware without going through the OS first. Google could modify the OS to do such a thing, but of course, they have to hide this in the proprietary parts of Android, and the generally open nature of the platform give security researchers quite good access to observe such activity. I’d be surprised such activity would go unnoticed. It seems unlikely.

I think this type of approach might have worked on older OS versions but I don’t see how it could work today in general.

[–] archchan@lemmy.ml 5 points 11 months ago (1 children)

What about Google Play Services? A pre-installed Swiss army knife of a system app with proprietary code and apps relying on it as a dependency seems to check the box.

[–] henfredemars 1 points 11 months ago* (last edited 11 months ago)

That might be possible. I’m not an expert in the wide ranging permissions that preinstalled system apps can access. It would require Google complicity. We haven’t seen this behavior in various sandbox versions of Google play running on custom ROMs, nor hasn’t been seen in any teardowns, but it cannot be completely ruled out.

I feel like there are better places to hide such malicious code. For example, down in the hardware abstraction layer, or another proprietary demons that aren’t part of AOSP. At the end of the day, you need to have some trust in the company that develops your OS.

load more comments (4 replies)
load more comments (8 replies)