Am I Just Paranoid or Are My Phone and Virtual Home Assistants Listening to Everything I’m Saying?

Paranoia or something else?

You or someone you know has probably gotten an ad for something you were recently talking about. Seemingly seconds after saying you’re low on dog food or found out your sister is expecting a baby boy, ads about that very thing show up all over the social media and websites you visit.

The fact that so many people have allegedly been part of such scenarios has caused widespread headlines claiming that your phones and home assistant devices are listening to you at all times, not just when you beckon them. The skeptics among us may be more apt to call this a coincidence, but neither side is exactly right.

As more researchers look into this phenomenon, it’s becoming increasingly clear that these devices aren’t listening to your every word. But that’s only because the companies behind these devices have far more accurate and subtle ways of attaining your information and data quicker, cheaper, and more accurately.

‍Testing the conspiracy theory

In June 2020, CNET set up an informal test with its reporters to attempt to get Facebook to send them ads about topics they talked about. Reporters discussed sky diving lessons, mattress stores, and a variety of other subjects to see if the social media giant would send them targeted ads. After two weeks of this, none of the ads appeared based on these planned conversations. ‍

Similar tests have been done by other researchers and companies, including the cloud security company Wandera and The New York Times’ Wirecutter, the latter of which dealt with Alexa, Google Home, and other virtual home assistants. The results were the same: No one involved in the study got targeted ads based on what they were saying, what they asked their home devices to do, or anything else that would suggest that the devices were listening to them all the time so companies could send them personalized ads.

Why eavesdropping isn’t probable

After such studies were published, many experts said they weren’t at all surprised by the results. Wandera’s study proved what most tech experts had already known: It’s far too cost-prohibitive to have your devices listening and recording you all the time.

Wandera found that when you do ask your phone or home virtual assistant to do something using a verbal command, your data usage spikes. If your device or app was listening all the time, it would result in such a large amount of data usage that most companies wouldn’t be able to keep up with the demand, resulting in crashes or frequent outages. Even if it could collect that information, the amount of data would be nearly impossible for companies to sift through in any meaningful way.

The data problem

Moreover, Wandera’s study found that it would be incredibly obvious to even semi-tech-savvy users that their devices were listening and recording their conversations to a company’s cloud. That’s because they would be able to see there’s incredibly high data usage all the time that would begin affecting the device’s performance.

Both CNET and The Wirecutter found another flaw in the eavesdropping conspiracy theory: Amazon and nearly every other tech company that offers some sort of audio command software have struggled with getting their technology to recognize human voices.

In particular, Amazon’s Alexa can’t differentiate between different peoples’ voices, according to The Wirecutter, and it also had issues distinguishing human voices from ambient noises. Before these devices could listen to you 24/7, they’d first have to get a lot better at identifying human voices so they could differentiate background noises, such as TV shows, from actual human conversations. Failing to do so would mean the devices would record copious amounts of data that companies would find difficult to use for things like creating targeted ads.

What’s actually happening?

Apps need permission to use things like your mic. That’s why many apps ask you to change your permissions and give them access to this, among other features, when you first load them. While unscrupulous mic usage may be ruled out as the culprit of targeted ads, some studies have found that apps have another method of gathering your information for the purpose of targeted advertisements.

News Atlas and other outlets have reported that some apps are taking screenshots of your phone and sending that data to third-party companies. This activity was discovered during a 2018 Northeastern University study of 17,000 Android apps.

While researchers found no audio leaks in the apps, they were surprised to learn that 9,000 apps asked to take screenshots to send to third parties. One delivery app, GoPuff, even took videos of user screens and sent them to Appsee, a data analytics company.

The study didn’t find that these screenshots were used for anything besides app improvement. However, researchers did express concerns that these screenshots could potentially capture information about your credit cards, login information, and more.

User tracking & ad retargeting

Even if your phone apps aren’t taking screenshots, chances are your devices can be used in other ways to get data points that can result in targeted ads. In 2017, a former Facebook employee wrote a Wired article explaining that Facebook, Twitter, LinkedIn, and other tech companies can track you on any device you’ve logged into their apps on.

These companies also can sometimes track in-store and online purchases through loyalty programs tied to your email or phone number. Some can even use your friends’ search histories to send you targeted ads, according to the article.

Such techniques are common practice in ad retargeting campaigns, which allow companies to send ads to would-be customers who left their sites without buying anything. These ad retargeting campaigns are often responsible for many of the eerily specific ads you get.

‍Who’s doing this?

A full list of apps that Northeastern found taking screenshots while in use was not available. However, shortly after the study, Google sent a statement to Fox News saying that apps working with Appsee may be violating Google Play’s privacy policies. About a year after the study, Appsee was bought by ServiceNow.

Facebook and Twitter have also stopped working with third-party companies to create targeted ads. However, Google, Facebook, Twitter, LinkedIn, Amazon, Google, and nearly every other tech giant still have access to the data points previously mentioned about you and your contacts that can result in targeted advertisements.

Legal and governmental intervention

Simply put, even if it’s not currently happening, it would be illegal for companies or apps to eavesdrop on you in the way that conspiracy theories claim they do. In fact, Amazon faced a lawsuit in 2019 for allegedly eavesdropping on kids without consent.

However, as the Northeastern researchers found, companies are generally cleared of potential lawsuits as long as they disclose in their privacy statements that they’re accessing your contact lists or mics and taking screenshots, among several other privacy-related concerns. This information must appear in the terms of service that you have to accept before using most apps or devices.

Privacy regulation seems inevitable

As privacy concerns are pushed to the forefront of more peoples’ minds, though, the U.S. Senate continues plodding toward federal data privacy legislation. The U.S. Senate Committee on Commerce, Science and Transportation held a hearing about this issue in September 2018, and discussion drafts of data accountability and transparency act already exist.

Additionally, Slate and other publications have been critical of the government for not already having a bill that prevents tech giants from misusing data. That includes allowing apps to take screenshots while in use and using your data to create personalized ads.

Taking control of your privacy settings

There are some simple steps you can take to limit companies’ use of your data for targeted ads. If you have a virtual home assistant, you can always unplug them at night, when you’re hosting a party, or when you know you’re not going to use them for a long time. Google Home even allows you to turn off the mic permanently or temporarily, and you can change your account settings so that your data isn’t uploaded and stored onto Google’s servers.

If you’re concerned about the long-term safety of the data that companies collect about you, friends, and family, tell companies and your legislators to support data privacy legislation.

On Facebook, you can ask why you’re seeing particular ads in your privacy settings. You can also manage which ads you see and block certain ads from appearing on your timeline again. Be sure to check your off-Facebook activity to see how Facebook is accessing and using your data for apps you may sign in through Facebook to use. You can also disconnect all off-Facebook activity by following these instructions.

For Instagram users, you can report a sponsored or targeted ad as “inappropriate” to stop it from appearing entirely. Google goes a step further by allowing you to block certain ads and turn off ad personalization. Several other companies have allowed users to turn off targeted ads, too. You can find out if you’re currently getting any targeted ads that can be stopped using the NAI’s Opt Consumer Opt Out website.

‍What else you can do?

While the government is slow to act, there are steps you can take to keep your data safe and prevent apps and devices from taking data you don’t want them to.

Besides changing your social media settings, check your phone or account permissions to see what information your devices and apps are accessing. You can always turn off permissions, such as accessing your mic, for any device or app you use. Just note that this may turn off certain features, such as voice commands. 

While these are temporary fixes, it’ll take long-term legislative changes to prevent tech giants from accessing your data through apps, devices, and virtual home assistants. You should be able to use these devices and apps without sacrificing your digital security, but that’s not a guarantee unless companies are held accountable for using data responsibly.

If you’re concerned about the long-term safety of the data that companies collect about you, friends, and family, tell companies and your legislators to support data privacy legislation.

Kurt is an experienced marketing and sales executive with a passion for privacy and technology. From the background of a successful media and content agency entrepreneur, Kurt delivers fresh insights by making connections between tech, marketing, security, and personal freedom and responsibility.