While confirming a lack of empirical evidence, we cannot rule out the possibility of sophisticated large-scale eavesdropping attacks being successful and remaining undetected. Taking into account existing access control mechanisms, detection methods, and other technical aspects, we point out remaining vulnerabilities and research gaps.
I like that a hefty dose of skepticism is still the best policy. I might have missed it but there is also the saturation problem - if I have a rooted/flashed/Linux smartphone that I’m confident isn’t listening in I also have to be weary of those devices around me that have a good chance of being in that 48% group the paper says just blindly accept permissions. Of course that gets into “threat levels” and the like but it’s an interesting issue to consider IMO.
Also just going to leave this here as well, it’s based on Google but shows the other ways a device can create a user profile without the microphone.
deleted by creator
Agreed - similar to how the big name social networks feed their targeted ads in a sense (alogrithm sees your friend group, etc), and since they agreed to the permissions your name/number/details has been shared with the app.
I’d hope to see a push for non-targeted ads but we’d have to start seeing some more policy restrictions (advertising regulations) of interaction and that seems like a really far out dream.
Scary AF!
