Shazam Keeps Your Mac's Microphone Always On, Even When You Turn It Off

An anonymous reader quotes a report from Motherboard: What's that song? On your cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic. On Apple's computers, Shazam never turns the microphone off, even if you tell it to. When a user of Shazam's Mac app turns the app "OFF," the app actually keeps the microphone on in the background. For the security researcher who discovered that the mic is always on, it's a bug that users should know about. For Shazam, it's just a feature that makes the app work better. Patrick Wardle, a former NSA hacker who now develops free Mac security tools, discovered this issue thanks to his latest software OverSight, which is designed to alert users when apps use their webcam and microphone. After he released OverSight, Wardle received an email from a user who noticed that the security app alerted him that Shazam was still listening even after he had switched the toggle to "off." Curious about this discovery, and worried his own software might be issuing a false alarm, Wardle reverse engineered the Shazam app to figure out what was happening. After a few hours analyzing the code, Wardle found out that, in fact, Shazam never stops listening, as he explained in a blog post published on Monday. James Pearson, VP of global communications for Shazam, said in a statement to Motherboard: "There is no privacy issue since the audio is not processed unless the user actively turns the app 'ON.' If the mic wasn't left on, it would take the app longer to both initialize the mic and then start buffering audio, and this is more likely to result in a poor user experience where users 'miss out' on a song they were trying to identify."

Proprietary software never discloses the truth.

[jbn-o]

Disclosure is no substitute for software freedom. It's so easy to disclose something, give the user a bogus UI for "controlling" the program, and then do whatever the proprietor really wants done (which could include covertly recording audio from unsuspecting users who believe they control their computer's mic). There's no substitute for being free to run, share, inspect, and modify the program at any time for any reason. Software freedom is the only thing that will keep proprietors from taking advantage of computer users because when the proprietors don't know who is inspecting the code, improving the code, or distributing improved versions they know they can be caught.

Every device with a microphone

[C3ntaur]

Every device with a microphone should have a physical, hardwired switch with an indicator that tells when it's enabled or disabled.

Time to remove those...

[gweihir]

Cameras are easy: A bit of quality black electrical tape, easily removed later, and they are blind. Microphones are far more difficult. You basically have to blind them with excessive noise or disconnect them. Since the internal microphones of laptops are never very good, I will start doing that for mine, no loss. And the microphone on my main computer is only plugged in when I use it.

Smartphones, on the other hand, are a problem here. I still have one with a removable battery (only way to be really sure it is off), and I will keep it that way as long as possible.

Re:Alexa/OK Google devices

[hughbar]

I'm not actually really or deeply a conspiracist, but I like something that Susan George: https://www.amazon.co.uk/Fate-... wrote a while ago. Simply put, if a set of agendas converge, there may not be a conspiracy but the outcome may be roughly the same. In this case, a general undifferentiated thirst for 'data' and 'big data' as the new oil and competitive advantage. To hell with privacy, discretion etc., until there's a data breach, of course.

The second part of this is that I hate apps, they mean fragmented and conflicting architectures and 'no-choice' relationships with your local or global data thief in exchange for some eye candy and special offers or a stupid game. Even if they aren't actively nefarious, they are badly written with some of all (this is an example/sample) turned on: READ_CALENDAR, WRITE_CALENDAR, CAMERA, READ_CONTACTS, WRITE_CONTACTS, GET_ACCOUNTS, ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION, RECORD_AUDIO, READ_PHONE_STATE, CALL_PHONE, READ_CALL_LOG, WRITE_CALL_LOG, BODY_SENSORS. That's apart from all the documented problems with Android, I'm not sure about the others.

Bottom line for me, this is the same as 'loyalty cards', it's not a very good bargain and one in which I choose not to participate.