How your smartphone can be used to spy on you

Today we all expect high-quality digital services, and we prefer these services to be free. What we typically don’t realize is that when an online service is free there is usually a trade off – and the way you pay for the service is by allowing access to your data. With the many free apps available across the Apple and Google ecosystems, this is exactly what happens. When a user downloads and installs a new app, they will often have to accept a terms and conditions document. Almost nobody reads these even though they outline exactly how much data the app can access and what it can do with this data.

This is the price that everyone pays for having access to services like mapping, weather, social media, online payments, ride-sharing, music, and video streaming – all the digital services that we rely on in day to day life. Access to your data is usually framed as being necessary to provide you with better services – but viewed through a different lens, it could just as easily be called ‘smartphone spying’. In this article, we’ll look at how your smartphone can be used to spy on you – and what you can do to stop it.

Can the government see through your phone camera?

If they wanted to, there is no technical reason why they couldn’t. Here are three ways your phone spies on you.

1. Your smartphone camera

When former FBI director James Comey was asked at a conference at the Center for Strategic and International Studies in 2016 whether he covers his laptop camera, he responded, “There are some sensible things you should be doing, and that’s one of them.” It seems that Facebook’s Mark Zuckerberg agrees. He is known to cover his laptop camera and microphone with tape – and whatever can be done to a laptop camera, can be done to a smartphone camera.

In 2013, when NSA whistleblower Edward Snowden showed the world the capabilities the global intelligence agencies have to spy on their citizens, it became clear that everyone can be watched. More recently, Snowden has made the point that security agencies now prioritize spying via cell phones. In an interview on the Joe Rogan Experience on October 23, 2019, Snowden said, “The big thing that has changed since 2013 is now it’s mobile-first everything. Mobile was still a big deal and the intelligence community was very much grappling to get its hands around it and to deal with it. But now, people are less likely to use laptops, desktops, or any kind of wired phone, then they are to use a smartphone. And both Apple and Android devices, unfortunately, are not especially good in protecting your privacy.”

In November 2019, Google confirmed that this was a risk for “hundreds of millions of smartphone users” after a flaw allowed hackers to gain access to Android phone cameras.

2. Your smartphone microphone

For anyone who has ever asked ‘is my phone listening to me?’ The answer is a resounding yes. That is what they’re built for after all. Apple admitted in 2019 that it had been doing this for years as part of its Siri project, and it issued an apology with all the usual mitigating language about how it was just to improve the service. The idea that our phones can listen in on conversations became a topic in recent years when platforms like Facebook seemed to start serving ads to people based on conversations they had had when their phone was in the room. According to a survey of 1,000 American adults in the US conducted by Consumer Reports, 43% of Americans who own smartphones believe their device is listening in on them.

While a Facebook spokesperson stated in 2016 that the company “does not use your phone’s microphone to inform ads or to change what you see in News Feed," it is difficult to believe them given the whole Cambridge Analytica scandal. In this case, what users thought was a harmless Facebook application, was used to harvest the personal details of millions of Facebook users, and this data was eventually used for political purposes in the 2016 US election.

What we do know for sure is that it is not difficult at all to access a smartphone’s microphone and listen in on conversations. If you download an app and grant it access to your microphone (which we do routinely), it can switch it on and listen.

3. Your smartphone apps

From a privacy point of view, smartphone apps are especially problematic. If you grant an app like Facebook or WhatsApp full access, it has access to your cameras, to record you, to run facial recognition software, to track your location, and more. Granting permissions to WeChat essentially gives the Chinese government the power to do all the same things, as there’s really no dividing line in China between giant Chinese corporations like Tencent Holdings, which owns WeChat, and the Beijing government. Referring to moves to ban TikTok in the United States, US Secretary of State Mike Pompeo told a British newspaper recently. “It is not possible to have your personal information flow across a Chinese server without the rest of that information ending up in the hands of the Chinese Communist Party.”

So, if you are using smartphone apps, it is a certainty that your data is being harvested – and these are only the outwardly non-malicious apps that actually ask for permission. Hackers who are specifically targeting you will try to gain access to your camera by sending you emails or texts with a malicious link or file that will grant them access if you click on it.

If you are unfortunate enough to download an app that was designed to steal your data and sell it to third parties, you can expect your data to continue to be passed on.

How to stop your phone from spying on you

First the basics – never click on a suspicious link. If a malicious operator wants to gain access to your phone, they will send you malware in the form of a link in an email or an attachment that fulfills that purpose.

Check your apps

The best way to protect yourself from smartphone spying using your phone camera is to cover the camera lens and laptop cameras with removable stickers. Additionally, you should not enable apps to have camera access. You can check app permissions in the settings section. As this Android smartphone settings screen-cap on the left below shows, this user has unknowingly granted 15 apps access to their camera, 13 apps access to their microphone and 22 apps access to their contacts list. The screencap on the right shows just some of the apps with default access to the camera. While it is understandable that messaging and the phone would require camera access, it is less clear why the New World supermarket chain would.

To protect yourself from corporations or hackers listening in on your conversations download the minimum amount of apps necessary and make sure to disable access to microphones for all apps that do not absolutely require it.

Turn off location services

Given the current Covid 19 pandemic, more people than ever are now sharing their location details with authorities. If you’re concerned about governments and others knowing where you have been, the easiest thing you can do is to disable location sharing for apps already on your phone. It’s easy to do this without having to open each app. Location Services can be found in your phone settings. If you have a Google account, it’s likely that the company already stores historical data on you. You can prevent Google from collecting and storing your location data by turning off location sharing.

Disable your advertising ID

The next action you can take is to disable your mobile advertising ID. This is a number unique to your phone that is sent to advertisers and app makers that tracks your online activity. You can disable this feature in your privacy settings.
Mobile ad ID is set to ‘on’ by default in Android phones

You should only download reputable applications to minimize the chance of ending up with a malicious app on your phone. Running a regular malware and virus scan on your smartphone can help you to identify and delete any potentially harmful applications.

Finally, if you’re an individual with reason to value your privacy more than most, there are other phones available that offer features unavailable on iPhone or Android. The Linux based PinePhone is a mobile device with hardware kill switches for common features, giving you full control over your smartphone.

Hard-line privacy activists may suggest that ditching smartphones altogether is the best step to take to avoid phone-based privacy invasions. However, for the majority of us, that would be impractical. Instead, we can take the simple steps mentioned above to protect our privacy a little more today than we did yesterday.