Are ad systems eavesdropping on your smartphone?
You might have experienced this at least once. After discussing a product or something else with a friend, the next thing you know, you receive an ad on your phone. Without Googling, sending a message, or doing any phone action, you wonder if an ad system is listening to your conversation.
If this is frequently happening, you think you already know the answer, right? If your phone is in the room, you assume digital ad systems are listening.
However, is this only happening because you have set up some microphone permissions? Is it as simple as turning these off? Or maybe it’s just complex algorithms working behind the scenes, predicting your interests.
One thing is for sure. How you use the Internet and what permissions you allow on your devices adds to collectible data, which is very desirable to advertisers. But does the smartphone go so far as eavesdropping?
Let’s get to the bottom of this mystery.
Talking technology
How do seemingly coincidental ads appear on your phone after talking?
Anecdotal evidence seems to indicate there’s a direct relationship between what you talk about and the ads you see online. In one amateur experiment, a couple speaks about cat food to see if they get ads (despite not having any pets). They duly receive ads about cat food.
Ken Munro, a cyber expert with Pen Test Partners, offers this explanation:
“Of course, phones can listen to you. They have microphones. Apps ask you for permission to listen to your microphone and camera.”
In the case of cat food, a simple explanation is the owners of those smartphones left on one or more app permissions.
To explore the idea that the couple’s smartphone was eavesdropping — which is a further step on from merely listening — Munro thinks apps that can eavesdrop (listening without your permission, by any method, and sending your words to advertisers) are “not likely to exist because they would be considered unethical, and very expensive.” Munro adds that in his experience, “ad companies don’t want to invest in that technology because the amount of data processing would be too large.”
In a nutshell, it would not be cost-effective. Imagine if every word spoken around a smartphone was collected on every smartphone. That’s a huge amount of data to collect and process. At present, phones might collect a few voice commands into a database. A whole day of chats, however, is a vast amount to process.
Even so, many people are convinced phones are monitoring our conversations somehow and using Facebook and other social media apps to deliver advertising related to those conversations.
So how is this happening? The answer is a combination of what is known as trigger phrases linked to cookies.
The problem with permission cookies
For your smartphone to pay attention to what you are saying, you need to permit cookies. If you’ve given permission to use voice assistance, you have (probably) allowed your phone to identify trigger phrases to give you ads.
VICE reporter Sam Nichols decided to try two trigger phrases to see if he could get ads on his phone. His phrases; “I’m thinking about going back to uni” and “I need some cheap shirts for work,” he repeated over a day. He found Facebook delivering up courses at universities and cheap clothing as soon as the next day.
Nichols concludes an ordinary conversation with a friend can trigger ads, but only if the advertiser is looking for the trigger phrase and your permissions are open.
Nichols quizzed Dr. Peter Henway from cybersecurity firm Asterix to determine if speaking trigger phrases get you ads when you haven’t given permission. The short answer was yes — but don’t get too paranoid.
Keep in mind that third parties, like Facebook, gain search data due to cooperative user agreements linked to permission cookies. Saying “I need a new pair of jeans” within proximity of your smartphone could activate an ad via an audio snippet. Dr. Henway says, “it’s very difficult to define the exact trigger … apps could have thousands.”
So your phone is not technically eavesdropping — you’ve actually given it permission or third-party permission to listen out for ad phrases. But it is listening.
Hmmm. Are there more ways your phone can eavesdrop?
What about if you are not trying to trigger anything? Could you be watching television or chatting at the dinner table? Fatima Al-Hussaini from Spiralytics Performance Marketing says phones can pick up ambient sounds.
“Smartphones do pick up audio in your environment, but it’s not the same as actively listening to your conversations unless you activate a voice assistant.”
So that’s a relief. You can avoid voice listening if you deactivate Google’s Alexa, Apple’s Siri, Microsoft’s Cortana, Amazon’s Alexa, gaming apps via Alphonso, and voice-controlled devices.
There’s a ‘but’ … and it’s pretty huge.
Al-Hussaini explains how background conversations won’t trigger advertising “if your conversations don’t have any wake words.” But… she warns that non-triggered data (everyday conversations) “can still be accessed by third-party applications for data analysis.”
If you’ve agreed to allow third-party access in an app agreement, what you say in the background can be used. It’s up to those third parties how they use it. This is quite common when you wish to use an interactive website of any sort. Social media, gaming, shopping, investing, to name just a few.
Think of your phone as straining at the seams to find every bit of data it can about you and then sharing it with anyone who asks. The unpalatable truth is if your phone is on and third-party permissions are active, you have opened the door to eavesdropping.
You can manually opt-out of those permissions; however, there’s no way to truly opt-out entirely — unless you stop using the full functionality on your favorite websites.
So yes, eavesdropping is possible.
What about my smartphone browser?
Browsers present a different problem. Today, so many voice-operated devices connect us to the Internet. As a result, your phone can be one too. Without you knowing — it can do more than just respond to your voice if you’ve given your microphone access to any service.
Google, for example, says its listening abilities only extend to voice-activated services. If you use these, it can use microphone search data to target advertising. It’s not quite listening, but it translates audio into a text search, such as, “Alexa, which restaurants are nearby?” This is similar for most browsers, apart from those vested in protecting your search privacy.
Even partial listening will lead to ad delivery. And if your app — think Uber (where you’d use voice a lot to go to, or from, those restaurants) — has third party permissions/cookies, you might just quickly ‘accept’ all for the sake of quick access to the Uber website and that taxi home.
What about my device location?
Your phone goes where you go and knows what you’re doing, and the nearest cell tower receives all of this data. How? Unique identifier codes. The IMEI/MEID — for Apple iPhones and for Android phones, are auto-generated codes which identify where your device is. The ICCID — your SIM card identifier, gives data collectors the information your number was somewhere or used for something like a call.
When you search websites, the local cell tower correlates everyone into that visitor area even if you went incognito. Data is quietly collected, and you could get ads. This isn’t technically ‘eavesdropping’ but you could mistake it for this. If you’d just visited a nail salon and got ads for nails, you might think it was your conversations and not realize your location settings are paying attention to what you are doing. This all feeds into the collection of data that helps ad systems to collect our marketing preferences.
Steps you can take to improve privacy
It is certainly easier for ads to zero in on your interests with information sourced from several data points. Keep in mind that search engines and websites collect data, and third parties with permission could eavesdrop for their own benefit.
Having said that, here are some tips to make it a little more difficult for others to collect data about you.
To disrupt browser ad trackers:
- Regularly clear all cookies in your browser settings and clear your search history.
- Turn off tracking and microphone permissions in apps and voice assistants (or only use when you need them).
- Try browsers that provide privacy protections such as Firefox or Brave.
To limit ad tracking on your smartphone by voice assistants:
- Turn off access to Siri on Apple iPhones
- Turn off access to Google Assistant and microphones
- Android phones should turn off OK Google
If you have to use voice for functionality, remember to disable the choice later to limit possible third-party eavesdropping.
To disrupt other ad tracking on mobile devices:
- Turn off your Bluetooth and location services (or use minimally and turn them off afterward.)
- Use a search engine like DuckDuckGo that doesn’t track your queries, locate you, or bug you incessantly about cookie permissions.
- Try a VPN for increased anonymity — especially when you are not at home.
- Turn off apps’ access to microphones or cameras, or use sparingly.
- On game and dating apps, look for ‘Alphonso automated’ and turn off permissions. (Around 200 games have this listening setting automatically enabled.)
- If you’ve got an iPhone on iOS, navigate to Settings > Privacy > Advertising and toggle on Limit Ad Tracking.
- If you use Android or another smartphone, apply ad-tracker privacy settings. Go to Settings > Privacy > Advanced > Ads and toggle on Opt out of Ads Personalization.
- On new websites you visit, take a few moments to reject site cookies by making sure you’ve selected ‘reject all’ on the permission pop-up.
To reduce ad targeting, more helpful steps you can take are in our blog on how to clean up your digital footprint.
Can I limit digital ads connected to my online activity?
Social media, many websites, and gaming services invest heavily in sophisticated data collection, in part so they can make money selling advertising. It’s a fact of life that platforms like Facebook, WhatsApp, Instagram, Twitter, LinkedIn, Tik Tok, and others all collect data. The ad systems they employ are reacting to any action you take, type or tweet. If you want to interact with all platform features, you have to accept some targeted advertising.
If you don’t like the proximity of advertising to your every waking moment and lifestyle, you need to make that ‘uniqueness’ less collectible. In business, privacy can be crucial to your success as an entrepreneur, and your phone is capable of listening through third-party apps and geolocation if you’ve given permission.
Left unchecked, sophisticated algorithms can readily predict what ads will tempt you. When you receive ads that are linked to something you chatted about within the vicinity of a smartphone, it’s probably time to take a few of the steps discussed in this article.
Disturbing yet eye-opening read! The revelation about ad systems eavesdropping on smartphones is a serious privacy concern. Your post succinctly captures the importance of being vigilant about digital privacy. Thanks for shedding light on this issue.