(Updated for 2022)
There can be times when you’ve chatted with a friend about a certain item, and then later in the day, you get a targeted ad about it without even searching for it.
You might think, “I was just talking about this. How did my phone know?” The immediate conclusion you may come up with is that your phone is hearing your conversations. But is it really?
Today, we’ll uncover the truth and break down the myths surrounding this issue.
Normally, brands get permission from third-party sites like your social networking channels and websites you visit to view your activity on the internet. The data they get ranges anywhere from the cookies you accept to your demographic information (age and location), and more.
That way, they can more accurately target audiences with specific traits, interests, and preferences that they’re looking for, and have higher chances of capturing a lead or converting a sale. There’s been no secret about how ad networks and digital marketing companies use data to serve ads to the best audience, but what if we told you there was more to the picture?
Can Your Phone Hear You for Advertising?
Yes, your phone can technically hear you, but this function is mainly used by virtual assistant apps, not advertisers who are tapping into your private conversations. Advertisers don’t need to listen to your phone to get your data because third-party sites like Facebook and Google already have them. These sites help advertisers access the audience’s location, age, interests, and even visited websites.
Big data, artificial intelligence, and algorithms all work together to target ads efficiently. The more data gathered about your audience, the more precise these campaigns will turn out to be.
Artificial intelligence fuels most (if not all) online marketing tools to automate processes and reduce errors. Each social media channel or ad network has specific algorithms that identify the best size, time, and type of ad to show to a user for maximum effect.
How Advertisers Get Your Data
Below are a few ways advertisers get your data:
1. Online forms and surveys
Online forms and surveys serve as the advertiser’s “ears” because they can gather information like age, gender, and location. These forms may also ask more complex questions like “did you like this product/service?” or “Are you planning to purchase this item within 3 months? From here, advertisers can infer what products or services these people will most likely be looking for based on certain demographic data and show ads about that product.
2. Using cookies
Using cookies is another common tactic because they allow advertisers to track users online, which can be used to gather information on what people want and how they are using the internet.
The cookies are also used to store impersonal information about a user, such as their search history, scrolling patterns, and even where their mouse is hovering. You’ll see the option to accept the cookies, but they can appear anywhere from blog sites to social media. These cookies will need to be activated with the end-user’s consent though.
This information can then be used by advertisers to target their ads at individuals who have shown interest in similar products or services.
3. Data brokers
Data brokers are companies that specialize in collecting data on a person’s online activities—what they buy, what they read, where they go—and then sell it to other companies. Companies use this data mainly for marketing purposes. By listening to what people say and doing research into their lives, data brokers can help advertisers target their ads more effectively.
What Types of Data are Being Collected?
1. Personal Data
Personal Data is data that can be used to distinguish between people. This can include personally identifiable information like location, phone number, and email addresses, and non-personally identifiable information like device IDs and IP addresses.
2. Engagement Data
Engagement Data is the data that shows a consumer’s interaction with a business from its social media pages, website, and even emails. These data can be used by companies to make decisions about how to market their products and services.
This type of data can be gathered from a variety of sources, including social media platforms like Facebook and Twitter. It can also be gathered from emails sent by a company to its customers.
3. Behavioral Data
Behavioral data is any data that is collected how a person interacts with the business, These can range from purchase histories, click through rates, scrolling speed, and even mouse movement tracking.
4. Attitudinal Data
Attitudinal data is information about how people feel about a particular product, service, or brand, or a particular type of ad. Things like consumer satisfaction, purchase criteria, and product desirability are part of Attitudinal Data.
Wait, is All of this Legal?
The United States has been slow to catch up with the latest innovations in technology, but it is finally starting to regulate them. In the past, we have seen that the government has been hesitant to intervene in any new technology because it does not want to stifle innovation.
However, it is now apparent that some of these technologies need more oversight and regulation. There are a few different laws that apply to data collection and protection in the United States, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which protects a patient’s health information, and the Children’s Online Privacy Protection Rule (COPPA), which protects the privacy of children below 13 years old..
The European Union has some of the strictest data protection laws in the world. The General Data Protection Regulation (GDPR), protects personal data and requires that companies give people clear information on how they collect, store and use personal data. It also requires them to get consent from users before they do so.
The GDPR applies to all types of organizations that process personal data of individuals residing in the EU, regardless of their location or size. This means that even if your company is based outside the EU but processes personal data about anyone in the EU, it must comply with this regulation.
The Philippines has pretty strict data protection laws, so it’s no surprise that it also takes a strong stance against companies that violate these laws. The Philippine Data Privacy Act (PDPA), sets clear guidelines for how personal information is collected, stored and used by companies who collect this information from Filipinos.
What Major Advertisers and Tech Giants Have to Say
Over the past couple of years, this issue has gained enough traction to compel major tech companies to release statements to the public.
Google has stressed that they do not use ambient noises to serve targeted ads. However, around July 2021, in a closed-door hearing with Indian government officials, some sources say that Google’s employees were listening to their user’s conversations via Google Assistant. According to the report, Google records conversations even if users don’t mention the wake word (“Hey Google,” “OK Google”).
Google disputed this claim and clarified that it doesn’t record conversations without the “Hey Google” trigger. The company directed the audience to its Safety Center website for more details on how Google Assistant works. But, Google previously admitted that its employees listen to “Hey Google” triggered conversations to help improve its speech recognition technology.
Additionally, there have been recent changes to their Developer Policy that will be effective on July 20, 2022. A new Data Safety section will be added to the policy where developers need to provide accurate information related to personal user data. This applies to all apps, such as Google Play Console.
Rumors and allegations about Facebook eavesdropping through its user’s phone microphone to listen in on conversations for better ad targeting have persisted over recent years. Be that as it may, Facebook denies this allegation. The company’s 2016 statement clarifies that they show ads based on interests and information you place on your public profile, but not what you’re talking about.
However, amidst Facebook’s denial of eavesdropping on their users, security experts still warn that the platform’s data-gathering schemes are massive enough to be alarming and potentially intrusive in cases of targeted ads based on a user’s Facebook activity and search history.
The level of Facebook’s data harvesting even covers times when you’re not using the platform, just as long as the app is on your phone.
Facebook’s messaging counterpart also has loose policies on privacy, as messages and shared media may be directly accessed by Facebook employees unless put under the Secret Conversation feature.
Security experts also tag other platforms under Meta Platforms, Inc., such as Instagram and WhatsApp, as having the possibility of listening to your conversations.
Instagram, the widely-used photo-sharing platform with 1.386 billion users, is notorious for including suspicious items in their Terms and Conditions, which astoundingly only 1% of people read before ticking. These items include asking permission for the app to access, read, and modify your contacts, storage, call logs, system settings and locate your phone.
However, Instagram clarified that this information is shared with Meta-affiliated companies “to provide a more tailored and consistent experience on all Facebook Products you use.” The company also uses this to “develop, test, and improve” its products and “select and personalize ads, offers, and other sponsored content.”
According to security experts, WhatsApp can easily be exploited by attackers who can send messages to users and gain access to the same actions and features, such as microphone, camera, and contacts, you’ve permitted the app.
These permitted actions are probably the reasons behind the hysteria about iPhone spying on conversations you make in private.
Only Apple has somewhat admitted to this phenomenon, but only when you’re using Siri. They also claim that it’s used for optimization. However, there is no stopping their servers from recording conversations you have when the voice assistant is triggered.
Amazon Echo devices are always listening for the wake word, which is “Alexa.” The device starts recording the conversation after hearing the wake word, and stops when you say “Alexa, stop.”
This does not mean that Amazon is always listening to or recording your conversations. As soon as the Echo hears its wake word, it begins streaming audio to the cloud. However, this stream will only last until you continue talking after Alexa’s response, or if you manually disconnect from your device.
These recordings have sparked discussions and cases, with a recent lawsuit claiming that Amazon is using Alexa to target ads at customers. The lawsuit is looking for certification as a class action, and if approved could include several smart speaker customers as plaintiffs.
Cortana is an AI voice command feature that’s suppose to help out users in day-to-day tasks, but there are some contractors that manually review recordings featured in Cortana. The reason why these contractors listen to recordings is to improve the voice services they’re used with, but it has made people uncomfortable.
What Apps Spy on You
Owning a mobile phone comes with installing apps for different purposes. At 8.93 million, the range of apps available to you covers almost any type of service. Some of the apps you find useful in automating activities and delivering important information may also be spying on you.
At the top of this list is CamScanner, an app that serves as the digital counterpart of a scanner. CamScanner often holds malicious components, such as a Trojan Downloader that continuously gathers infected files.
These malicious activities can seriously damage your phone. Fortunately, uninstalling the app will immediately remove threats.
2. Weather apps
Even some of the weather apps you rely on for information to schedule your errands can carry Trojans or other malware that may spy on your activities and even cause permanent damage to your device.
3. Flashlight apps
Free flashlight apps are often flooded with ads and require permission to access your microphone and contact information before they can function. Therefore, their usage doesn’t really come for free, as these permissions can gather and sell your data to third-party companies.
Nevertheless, if you have a flashlight app in your system, immediately uninstall it, change passwords to all your important accounts, and email the company to have all your data deleted from their database.
4. Angry Birds
The global phenomenon of the early 2010s, the game Angry Birds was downloaded 2 billion times. Despite its decline in popularity five years after its launch, it still caters to 200 million monthly players.
Unknown to its users, the classic game version was reported to have collected user data, including phone numbers, call logs, home addresses, and even marital status.
5. Zombie Mod
Zombie-themed games have become popular over the years, and Zombie Mod is no exception. However, recent investigations revealed the privacy and device damage issues it contains.
The game tried to collect its users’ Gmail usernames and passwords and forced the users’ devices to reset and restart the game back to square one, all while profiting from aggressive advertising schemes.
These risks affected 50,000 Android users. Unfortunately, uninstalling the game won’t immediately dislodge threats as you still need to locate and ultimately delete the Scary Granny Zombie Mod app. As an extra precaution, users need to change their account passwords after eliminating all of the app’s remnants from their phones.
The popular delivery service app gathers your personal information, such as your name, email address, address, and device information, and shares them with nine third-party trackers. The app even sends out ads even after being uninstalled.
7. Children’s apps
The increasing exposure of children to technology led developers to cater to this demographic. However, the growing number of children’s apps comes with risks of suspicious activities.
8. Dating apps
The dating apps people use to explore people, such as Tinder and Grindr, gather more than half of your personal data, including name, email address, phone number, employment, and even pet ownership statuses, on top of their access to your location and age. This scheme is risky, considering there were previous data breaches in these apps.
How Exactly Does Your Phone Listen?
So, does your phone listen to you for ads? Yes and no. Some apps secretly include provisions in their fineprint to gain access to your phone’s microphone, which they use to actually listen to you, while other apps track your online activities to send out targetted ads.
Smartphones do pick up audio in your environment, but it’s not the same as actively listening to your conversations unless you activate a voice assistant. Unless you start your sentences with “Hey, Siri,” “OK, Google,” or “Alexa,” there’s no need to worry that your phone could be spying on specific conversations.
If your conversations don’t have any wake words, the data is only processed within your phone. However, these “non-triggered” data can still be accessed by third-party applications on your phone, like Facebook. It’s up to them whether they’d like to use this data or not. These are the two ways how your smartphone spies on you.
The Vice Experiment
Apps like Facebook and Instagram can have their own set of triggers, but it isn’t easy to define what they are exactly. VICE did an experiment about this and tested if saying a bunch of phrases like “I’m thinking about going back to uni” and “I need some cheap shirts for work” can be used as triggers.
As a result, overnight, the writer saw Facebook ads about “mid-semester courses at various universities and how certain brands were offering cheap clothing.” Based on their experiment, it seemed that their phone was listening, but there isn’t any more substantial evidence to support this.
The NordVPN Experiment
The NordVPN Experiment involved a few employees that decided to test if phones really listen in on users. Three employees spoke about different things, all of which were unrelated. The test took three days and the results were varied with two not getting specific ads, while one did.
This experiment is not scientific in any way, but it does show that this issue is more nuanced.
Advertisers & Third-Party Data
Advertisers aren’t spying on your specific conversations. Instead, to clue them in on your interests, advertisers are after the audio of TV commercials, movies, and other media you consume.
That, coupled with the information you voluntarily place on your social media accounts, the cookies you accept on websites you visit, and the permission to grant brands, all work together to provide companies with a holistic view of who you are.
Not to say your phone isn’t actively listening to you right now, because it does have that capacity. But at this stage, companies are saying that they don’t use it the wrong way.
Can Phone Cameras Spy on You?
While no strong evidence shows that brands use your smartphone’s cameras to track you, the main culprits of this act could range from dangerous hackers to seemingly harmless security services and even schools.
The typical way for these unauthorized people to access your phone camera is through Trojan malware embedded in the apps you download. Once installed, the app will allow its malicious contents to spread throughout and wreak havoc on your system and personal privacy.
At this point, advertisers are the least of your worry. Many of the victims of security breaches discovered their nude photos and videos uploaded online. Worse, these hackers can also gain access to baby monitors.
How to Stop Apps from Spying on You
The simplest way to stop apps from spying on you is to turn off their access to your microphone and camera, ensure that you have excellent anti-virus software, uninstall any suspicious apps on your phone, and unplug your external webcam when not in use.
Some apps may require access to your microphone and camera to work. But for apps that require this unnecessary access, it’s best to turn it off to safeguard your privacy. You may also uninstall these and any suspicious apps.
That said, if the idea of your phone actively listening in bothers you, there are ways to ensure that no apps get access to your phone’s listening device:
To stop apps from using your microphone:
- Go to Settings > Privacy > Microphone
- Check which apps have microphone access and remove them as you wish.
To turn off Siri (for iOS 11 and 12):
- Got to Settings > Siri & Search
- Deselect Listen for “Hey Siri,” Press Home for Siri, and Allow Siri When Locked
- A prompt should appear asking if you want to turn off Siri; press Turn Off Siri.
If you’re using iOS 10:
- Got to Settings > General > Siri
- Select Turn Off Siri
To turn off dictation:
- Go to Settings > General > Keyboard
- Deselect Enable Dictation
To stop apps from using your microphone:
- Go to Settings > Privacy > Permissions Manager > Microphone
- Select any app under the ALLOWED column that you want to remove microphone access for.
To stop Google Assistant:
- Go to Settings > Apps & Notifications > Assistant
- Deselect Google Assistant
To stop OK Google on Android:
- Go to Settings > Google
- Scroll to Services and select Account Services
- Select Search, Assistant & Voice > Voice
- Scroll to the Hey Google section, select Voice Match
- Deselect Hey Google
To turn off the Google search app microphone access:
- Go to Settings > Apps & Notifications or Apps > See all apps or Google
- Select Permissions > Microphone > Deny
To stop Google from tracking your computer:
- Open Google Chrome browser
- Click your account avatar > Manage your Google Account
- Select Data & privacy
- Scroll to History settings > Web & App Activity
- Deselect Web & App Activity > Pause
- Go back to the Data & privacy page
- Select Location History
- Deselect Location History > Pause
To stop Microsoft online speech recognition (for Windows 10):
- Go to Settings > Privacy > Speech
- Deselect Online speech recognition
To turn off Mac microphone access:
- Go to Apple menu > System Preferences > Security & Privacy > Privacy
- Select Microphone
- Deselect the checkbox to turn off access for your preferred apps.
That said, these settings are not enough to completely mask your digital footprint. For instance, you should be careful of signing up on any website using your existing social media accounts (such as Facebook), since a typical tradeoff is access to view your public profile info.
It’s Not Just What They Hear
Even if you think you don’t have anything to hide, it’s still important to be mindful of your privacy and data.
While your mobile phones are not actively listening to your conversations, you do leave substantial trails of your identity online, which can explain why those ads are just so spot on. Technology will only get more intelligent, so it’s always a good idea to exercise caution. But in reality, there isn’t much to be afraid of.
Unless you’re dealing with highly sensitive, FBI-level information on a daily basis, the only people who get access to your data are advertisers who use automated tools to run their campaigns more efficiently. It’s just one of the ways for them to know their audience better–and as people have noticed, it works!