Is your phone spying on you?
… and, even worse, using what you talk about to bombard you with adverts?
It was after having dinner with a friend in London’s Canary Wharf that I first became suspicious. We’d sat down and arranged our belongings – my iPhone on the table in front of me – when I noticed my companion struggling to read the menu.
‘I thought you’d had laser eye surgery?’ I asked.
‘It only works for long distance,’ she replied. A mundane conversation, but one that led to something altogether more unsettling.
Because, within hours, adverts for laser eye surgery and spectacles were appearing on my Facebook account. I don’t even wear glasses.
Surely, I thought, it must be a coincidence? Yet the timing felt troubling.
Are our phones somehow eavesdropping on us? Are phrases being used to send us targeted adverts? The implications, if true, are
chilling. We’re obsessed with our phones. They accompany us to our most personal spaces and are privy to our most intimate conversations.
Facebook, which owns Instagram and WhatsApp, denies using microphones to eavesdrop on conversations, insisting the company only shows ads based on the user’s interests, and information they voluntarily upload.
How, then, can they explain what I uncovered?
I carried my iPhone for a week, always switched on and close enough for it to ‘ hear’ any conversations. One day, I visited my GP and she booked me for a blood test. Soon, I received an offer on Facebook from private firm Thriva, offering me a ‘ blood test today’.
Then I met a friend for lunch, who spoke about his love of photography. He was going to Heathrow to photograph a British Airways Boeing 757 landing, and we discussed buying camera lenses. This time, I got ads on both my Facebook and Instagram accounts from airlines and photography companies. One ad told me, ‘ You don’t need to be techsavvy to edit photos’ and featured a picture of a plane.
Finally, I showed a friend a book of prints by the artist Aubrey Beardsley. Guess what happened next… Yes, an advert appeared on my Instagram for London’s Victoria & Albert Museum with a similar image.
To be absolutely certain, I left my phone next to the radio and tuned in to Italian news network Radio 24. Bingo. Next day, my Instagram was full of Italian adverts.
That wasn’t the full extent of it. My phone was also, I discovered, ‘spying’ on my pictures. A friend sent me a picture on WhatsApp of a £1,190 Chloé Nile leather bag. ‘I wonder if we could find a replica?’ I replied. Days later, a similar bag popped up on my phone, priced at a far more realistic £39.99.
Surely not just another coincidence? WhatsApp would say so, insisting your messages are so encrypted that even they can’t tell you what you’ve been sending.
Of course, most people already know that, when they use a search engine or visit certain websites, they’ll be targeted by related ads. But the idea that our conversations and photos are being harvested is a different prospect entirely.
Dr Vitor Jesus, senior lecturer in cybersecurity at Birmingham University, told me he wasn’t surprised by my findings. ‘Every time you download an app and give it permission to access personal information, you open yourself to being targeted.
‘The companies tell us they do this, but the information is buried in long agreements and policies. Because users are, technically, giving permission, it’s not illegal.’
‘Permission’ is tacitly given because the microphones on most people’s phones are left on. The phones are pre-programmed to listen for ‘trigger’ phrases that activate personal assistant apps, such as Siri or Alexa.
‘It’s entirely possible to have multiple apps listening in the background, each being triggered by keywords,’ Dr Jesus added. ‘ Your details are then passed on to the relevant companies, who will bombard you with adverts.’
It’s thought that app developers create a list of keywords that relate to their advertisers or their products. The microphone sends conversations through transcription software, which instantly turns it from speech to text. If key words or phrases are present, the app triggers adverts to be sent to users.
Paolo Sartori, managing director of cybersecurity firm TransWorldCom, believes companies like Facebook, Instagram and WhatsApp have all developed algorithms that facilitate this process.
‘ We conducted our own mini-test in the office, talking about razors and lady shaving,’ he said. ‘That evening, one of our staff was bombarded with ads on Facebook for shaving products. She was the only one who hadn’t removed the app from her phone.’
Mr Sartori warned this is one way free apps could make money – by selling their users’ data to advertisers.
Cyber security experts don’t believe that social media companies are acting with malicious intent, but it’s worrying how easily we may have opened ourselves up to being exploited for profit.
David Emm, principal security researcher at international cybersecurity firm Kaspersky Lab, offered reassurance, asserting there isn’t someone eavesdropping on our every word, and that it isn’t possible for a device to determine who said what – just that the phrase was used by someone within earshot of the phone.
However, he warns, ‘People should think more about what they download on their phones and remember that nothing is free. There are just different ways of paying.’