" oh sweet summer child " you might be thinking, and yeah. I got no clue.
A thing I appreciate about Lemmy is the tech savy, privacy conscious crowd. Since joining I’ve seen these topics discussed a lot more often so here I am, wondering how much and when do apps collect information about their users. Most people usually don’t mind or don’t notice this, and those who do often come across as conspiracy theorists.
What I’m trying to figure is what exactly gets mined, how, and for how long. I heard some apps track your eye movements or record your camera at all times. I’ve heard that Google records your audio 24/7. I find it hard to believe this would happen all the time as it sounds like pretty expensive process in phone resources as well as space (information is unlikely to be stored on video format, right? Is it even human readable at all?) Obviously if I purchase something online or if I’m browsing for a specific topic on any app, that data is gathered and used- I’ve seen it myself, after browsing about X, or purchasing X, I’ll see more ads and content similar to X ( if it makes it past my adblocker of course, but it’s hard to block ads on some apps). Now, does Google truly know how many times a day I fart ? Does Instagram keep track record of people’s faces and underwear color when they scroll in the toilet? Does it happen in the background at all times or only while I use those apps?
These are the stupid questions I need to know about. Sources appreciated. TIA.
The stuff about recording your camera/tracking eyes/recording mic are all bullshit (ish). That stuff is all possible, and does happen, but not from popular apps. You don’t really need to worry about that unless you’re going to really dodgy websites (and giving them access to your camera/mic), OR if you’re a high profile figure who may be targeted by far more sophisticated attacks. These privacy invasions are uncommon in popular websites and apps because it’s very easy for users to discover that kind of data/processing usage, and the blow to their reputation is far more expensive than the profits they’d get from recording you (not even sure what the commercial incentive would be for that). There are thousands of nerds like me in the cyber security industry who monitor websites network activity for this kind of shady shit, so they wouldn’t get away with it.
Location is a far cheaper (and less conspicuous, data-usage-wise) process, so far more apps will be recording that. Google, Facebook, Apple, and likely dozens more companies know exactly where you’ve been throughout the day, whether by GPS or by wifi (maps of the locations of different wifi networks exist).
As for targeted advertising - any app or website that has a share button for Facebook or other apps is most likely sharing your usage habits with those apps. This is a symbiotic relationship for the apps/websites, because letting Facebook know you’ve been searching their site for X means Facebook will start showing you ads for X, and you might go and purchase from them after seeing that ad. Many believe their phones are listening to them because their targeted advertising is so specific, but the reality is they don’t need to listen to you. They get far better info from your searches and browsing history.
Sorry no sources at the moment because I’m at the gym, but I guess my source is that I graduated with a bachelor’s in cyber security in February lol.
It’s very hard to prove, because at the end of the day no one sees the source code of these apps. However it is somewhat reasonable to assume that apps use exploits to gain access beyond your permissions - in particular with regards to camera, microphone and location (which the latest versions of Android should notify you when they’re in use, however there may be ways to bypass this).
The classic one is something many people have experienced: you have a conversation with someone about a product around your phone, which has Facebook installed, then later you see advertisements in Facebook for that product.
My belief is that this is more to do with system apps that come preinstalled on many phones - Facebook has deals with manufacturers to bundle their apps. These installations bypass the Google Play Store and are not readily removeable from the stock version of Android as supplied by the manufacturer.
Some people (eg Google and manufacturers) warn that installing custom ROMs is a security risk, but when manufacturers and apps are pulling crap like this it becomes a matter of trading off between two risks. Personally, I’d rather eliminate the certain risk of spying from Facebook in exchange for a possible risk of custom ROMs being corrupt - especially with the added functionality that custom ROMs provide.
Most apps have usage reporting enabled either permanently, or by default. It may be just in case of a crash, or it can constantly be collecting and reporting every tap and scroll you make, how long you hover before scrolling, if your screen is on, if you’re not switching to other apps, stuff like that.
Furthermore, the OS is constantly aware of other information, like from the motion sensors, wifi signal strength, connected devices, storage space, installed running apps, battery etc. It collects that data and can pass it on to the apps as well.
So all that information is then packaged together with some unique identifiers, phone number etc.
So there isn’t much need for camera to be always recording, since the system always knows where you are and what are you doing. Combine that with data of other users, and they know who you are with and what you are doing.
As for microphone, depends. Voice assistants do listen all the time for keywords and can probably be made to record everything, but that doesn’t seem to be the case. But they can still record if they mishear a command.
Worth noting that this kind of telemetry isn’t programmed by every app maker from scratch, but is done by libraries that people insert into their apps. Such as those by Google or MS, but alao others. So the library creator has access to all the data from other apps too, and can share it with customers and other parties.
I am only going to give clarification on the small part I feel confident about. They do not save while videos, photos or sound that they record secretly. They somehow condense it onto what I imagine to be some kind of tag system. So rather than saving the raw sound of you talking about something they just record that you said that word X times or at timestamps a, b and c.
I think Google records sound constantly when you have chrome open or from your android phone but they do not save everything they record. Only what they think is important enough to keep on record. I also have no clue if they ever throw anything away after some time.