Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shazam Keeps Your Mac's Microphone Always On, Even When You Turn It Off (vice.com)

Posted by BeauHD on from the always-listening dept.

An anonymous reader quotes a report from Motherboard: What's that song? On your cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic. On Apple's computers, Shazam never turns the microphone off, even if you tell it to. When a user of Shazam's Mac app turns the app "OFF," the app actually keeps the microphone on in the background. For the security researcher who discovered that the mic is always on, it's a bug that users should know about. For Shazam, it's just a feature that makes the app work better. Patrick Wardle, a former NSA hacker who now develops free Mac security tools, discovered this issue thanks to his latest software OverSight, which is designed to alert users when apps use their webcam and microphone. After he released OverSight, Wardle received an email from a user who noticed that the security app alerted him that Shazam was still listening even after he had switched the toggle to "off." Curious about this discovery, and worried his own software might be issuing a false alarm, Wardle reverse engineered the Shazam app to figure out what was happening. After a few hours analyzing the code, Wardle found out that, in fact, Shazam never stops listening, as he explained in a blog post published on Monday. James Pearson, VP of global communications for Shazam, said in a statement to Motherboard: "There is no privacy issue since the audio is not processed unless the user actively turns the app 'ON.' If the mic wasn't left on, it would take the app longer to both initialize the mic and then start buffering audio, and this is more likely to result in a poor user experience where users 'miss out' on a song they were trying to identify."

9 of 126 comments (clear)

  1. Re:Sounds legit by Sowelu · · Score: 4, Insightful

    It's a great legitimate reason, but that doesn't mean it's not a big problem, too. Just because they're not actually bugging it, doesn't mean that it's okay behavior...it makes malicious behavior harder to spot. Engineering would be so much easier if we never had to worry about unintended consequences or inconvenient best practices.

  2. Re:Sounds legit by Sowelu · · Score: 3, Insightful

    (Also, it eats up battery life.)

  3. Disclosure would have been nice. by XeXeN · · Score: 5, Insightful

    The reason is understandable, but there should an opt-in or some kind of disclosure. Something like "This app keeps your microphone initialized for a better user experience. This "feature" can be disabled in the programs settings."

  4. You are a spy by PPH · · Score: 4, Insightful

    ... for the RIAA. The ability to sample and identify music has existed for years. It is used by the RIAA to sample radio broadcasts and enforce fee collection. But until now, it has been difficult to conduct this same level of surveillance on businesses like bars, restaurants and shops that play background music. And owe fees for doing so. But now, install the phone Shazam app and collect location data and the money will roll in.

    It's just a shame they don't pay the phone users a cut of the take.

    --
    Have gnu, will travel.
  5. Re:Sounds legit by Anonymous Coward · · Score: 4, Insightful

    Had they labeled the setting "Ignore Mic" then it would be a legitimate reason. But because they lied about what the setting does you should assume the worst as they've already shown themselves to be untrustworthy.

  6. Alexa/OK Google devices by swb · · Score: 4, Insightful

    It wouldn't surprise me if they just decided that since people are willingly putting permanent audio listeners in their house, nobody would care if they kept the computer mic on too.

    I'm a conspiracist, but I'm also something a fatalist and in many cases I kind of shrug my shoulders at the latest privacy dustup. But I really can't grasp why someone would buy an audio device capable of listening in their house all the time and sending it back to who knows where.

  7. Did Shazam ever stop to consider... by rnturn · · Score: 3, Insightful

    ... the security implications?

    ``If the mic wasn't left on, it would take the app longer to both initialize the mic and then start buffering audio, and this is more likely to result in a poor user experience where users 'miss out' on a song they were trying to identify.''

    What if they'd actually turned off the microphone instead of fooling the end-user into thinking it was off. And, then, if user's complained about missing the first 0.25s (or whatever) of the tune, Shazam responded to the users that there was a slight delay but that it was necessary to protect them from potentially being eavesdropped on? How many users would have found that reasonable and been fine with that? Well, we'll never know because Shazam didn't, apparently, care too much about the end user's privacy. But making sure they could identify an effin' song? Well, that's of paramount importance!

    --
    CUR ALLOC 20195.....5804M
  8. Re: Sounds legit by Anonymous Coward · · Score: 3, Insightful

    If this was as completely innocuous as Shazam claims, why have they hidden this continuing monitoring condition, even when explicitly switched off, until confronted?
    It should be right there in the EULA or something: "In order to provide seamless interaction, Shazam continuously monitors the microphone for background sounds and analyzes them. Shazam does not compile information on its users or shares that inform... he... hehe... Haha...HAHAHAHAHAHAHAHAHA...."

    http://www.investopedia.com/articles/personal-finance/010815/how-shazam-makes-money.asp
    A rundown on how Shazam plans on making money.
    It isn't by selling Apps.

  9. Re:Sounds legit by MadKeithV · · Score: 4, Insightful

    It's potentially a good legitimate reason made very very suspect by having an "off" option that doesn't actually work.