[Herald_MJ]

Can't speak for Android, but on iOS it is not possible for an app to "listen" to your microphone unless it is in the foreground, and you have explicitly given the app permission to do this (the first time the app attempts to do so). It can also be revoked at any time without removing the app.

The only way around this restriction would be using a private API Apple could have provided. Given that Apple has even integrated some aspects of Facebook into iOS, this is not totally impossible, but it's hard to imagine Apple having an incentive in allowing Facebook to passively record and transmit all user audio. To date, Apple actually seem to be pretty good at protecting user's privacy.

[joshstrange]

Unless Heard has stopped working then this is not 100% true http://www.heardapp.com/ It may put a banner on the top bar but I've used this app and it worked just fine.

[mikeash]

Yes, apps can definitely listen while in the background. In fact, this is one of the few activities where Apple allows you to run in the background indefinitely. Without doing this or one of the other things (like continuous GPS updates), you only get three minutes of background activity before the OS freezes or kills your app.

Some apps actually use this to work around background activity restrictions. If they can come up with a plausible excuse to run the microphone, they can use that to keep the app active in the background indefinitely.

It does place a really obvious red bar at the top of the screen, though, so it's not something an app can do secretly. I believe only one app can do it at a time, too, so you can't have a bunch of them all spying on you at once.

[koyote]

Very off-topic but what is your real-world use case for such an app? The site lists a couple but most of those seem to make more sense when using a recording app in the traditional, explicit, way (e.g. "we are having a meeting, I will record this meeting").

[joshstrange]

So honestly it's best use case is "gotcha". As in you didn't know I was recording and you said something stupid and now I have a recording. Likewise if you are talking to someone and you say something along the lines of "Are you sure about that?" or "Can you confirm this is what/how you want me to do this" and then you record the audio for later incase they come back and say "I never said that".

For myself I went the extra mile to just have my laptop record ALL audio but then felt this was a little too douchey/NSA-y and disabled the whole thing and wiped the audio. I wanted such a system not only for "You said this then and now you are saying that now" but to remember things I had said myself. I wanted to hook it up to STT to have a searchable archive of what I had said but again it was an invasion of privacy (to people around me) that I personally couldn't stomach.

[imbeau]

Besides the creepiness, the law around recording people without them knowing (one-party consent) is state-by-state

[EdHominem]

As for creepiness, you know what's creepy? People saying something and then lying about it later.

You'll be happy having the audio even if there are restrictions. Simply don't tell anyone about it until the benefits (saving your ass) outweigh the drawbacks (potential charges).

[get2zpointer]

To circumvent the one-party consent issue, he could just write a Terms of Service on the inside of his shirt that includes a clause about "Engaging in conversation as a use of the Services" that implies agreement with the Terms of Service.

[joshstrange]

I Iive in a one-party consent state, I checked before I tested it.

[a_small_island]

How often do you record other people?

[joshstrange]

I said about I don't do it anymore, I'm not sure what you are trying to ask here.

[EdHominem]

Virtue signaling. By implying that you're a criminal they feel it makes them look better.

As for you, there's nothing morally wrong in wanting to not be trapped by a liar. And it doesn't magically become morally wrong if you walk into a two-party state.

[brightshiny]

What is STT?

[joshstrange]

Speech to Text

Transcribing audio to text

[brightshiny]

Thank you.

[dahart]

I've often been in meetings I wish I'd have recorded but didn't think about it until too late.

For that matter, I'd love the same concept with video, if there was a way to always record what I'm seeing without having to think about it in advance or wear a camera on my face, to capture anything interesting that happens to me, I'd be interested. I remember a story about an exec at Microsoft installing implants in his head for this purpose.

I'm terrified of anyone but me having access to this kind of data, though. It's nobody's business but mine.

Don't know about HeardApp, but I automatically assume the primary use case is for the company's benefit and not mine. Is it installing SilverPush on my phone and listening for things besides me to cross-reference and track my activity? I don't know...

[psc]

> I'm terrified of anyone but me having access to this kind of data, though. It's nobody's business but mine.

This is by far the biggest problem with this kind of tech. If there were a way to guarantee the privacy of the recordings, it would be a super useful tool. You could basically have a perfect photographic memory. Not to mention all the cool processing you can do with the data. The idea really excites me, but equally terrifies me.

But I think given enough time and progress in encryption/speech recognition/legal issues, I think something like this is inevitable. It's hard to see a future where we record less. I think another key part is having access to data of you. That way you don't feel like it's being recorded to be used "against" you.

[frogpelt]

The best case I saw was to catch things your kids say. It's really hard to get a child to repeat exactly what they said again.

I'm guessing your phone would have to be pretty close to the child though.

[hellbanner]

You mean when they removed their warrant canary a few years ago under the guise of "new security policy"?

When they were found to be tracking GPS positions even with GPS disabled? (Sorry it's impossible to find a link to this anymore)

How about the Bluetooth vulnerabilities their desktop computer suffer -- I've seen keyboard connections trivially hijacked.

I'm not suggesting that Apple has made a deal with Facebook (I think you're right on not being incentivized to do this), but to say Apple is "pretty good" at protecting a user's privacy, I question that.

[Herald_MJ]

I know of the first two examples you gave, but disagree that they're evidence of Apple not being interested in user privacy.

Let's not hijack this thread to talk about Apple's security record.

[madmax96]

It'd be interesting if there were a party with a JailBroken iPhone and the Facebook App installed who would check the network traffic.

[eric_h]

Would a jailbreak really be necessary for this? Couldn't you just install a certificate on the phone and MitM the https traffic?

[superuser2]

Not if the app is certificate pinning (and from a security perspective, it ought to).

[eric_h]

Is this a common thing for apps to do, yet? I was under the impression that there are some corporate networks which treat MitMing ssl connections as a business necessity. Would Facebook et. al. allow their apps to stop functioning on networks like that?

[superuser2]

I can't imagine an enterprise which would MITM employee web browsing but not block Facebook. Come to think of it, I can't imagine an enterprise that would MITM employee web traffic but allow personal smartphones on the network.

[eric_h]

Ha. Yes, fair enough. But, presuming they didn't, would it not be in facebook's best interest to allow their app to still work, perhaps with a visible warning?

[madmax96]

That would be a lot simpler:)