Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shazam Keeps Your Mac's Microphone Always On, Even When You Turn It Off (vice.com)

Posted by BeauHD on from the always-listening dept.

An anonymous reader quotes a report from Motherboard: What's that song? On your cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic. On Apple's computers, Shazam never turns the microphone off, even if you tell it to. When a user of Shazam's Mac app turns the app "OFF," the app actually keeps the microphone on in the background. For the security researcher who discovered that the mic is always on, it's a bug that users should know about. For Shazam, it's just a feature that makes the app work better. Patrick Wardle, a former NSA hacker who now develops free Mac security tools, discovered this issue thanks to his latest software OverSight, which is designed to alert users when apps use their webcam and microphone. After he released OverSight, Wardle received an email from a user who noticed that the security app alerted him that Shazam was still listening even after he had switched the toggle to "off." Curious about this discovery, and worried his own software might be issuing a false alarm, Wardle reverse engineered the Shazam app to figure out what was happening. After a few hours analyzing the code, Wardle found out that, in fact, Shazam never stops listening, as he explained in a blog post published on Monday. James Pearson, VP of global communications for Shazam, said in a statement to Motherboard: "There is no privacy issue since the audio is not processed unless the user actively turns the app 'ON.' If the mic wasn't left on, it would take the app longer to both initialize the mic and then start buffering audio, and this is more likely to result in a poor user experience where users 'miss out' on a song they were trying to identify."

4 of 126 comments (clear)

  1. Same with SoundHound on android by wbr1 · · Score: 5, Interesting

    Google has its own 'what's this song' feature, but for a while I sued sound hound. Initially it was the only one, and it had better features like lyrics search. Then I found that unless I force closed the app (app switching or closing did not work), the mic was unavailable for ok google searches. Forcing the app closed released the mic. Bug or intentional, I don't know. The last time I used the app was a year or more so it could have changed, but this behavior no longer surprises me.

    --
    Silence is a state of mime.
  2. Questionable behaviour by Shazam by slincolne · · Score: 3, Interesting
    If they need the microphone to be on at all times, why do they provide a 'sham' feature that gives their users the impression that the microphone can be turned off ?

    If the requirement to be listening permanently is reasonable, then surely their users would understand and accept this as part of using their application?

  3. Re:Always on puns. by Miamicanes · · Score: 4, Interesting

    Probably the same kind of programming logic that causes a computer with a quadcore 3GHz+ i7 running Windows to grind to a complete halt for several seconds whenever something triggers UAC...

    Or the logic that causes my three LCD monitors to take longer to finish waking up (one... by... one...) after the screensaver puts them to sleep than it used to take me to COLD-BOOT GODDAMN WINDOWS 7 from my first SSD ~5 years ago.

  4. Re:Sounds legit by Anonymous Coward · · Score: 0, Interesting

    At this point virtually anything and everything that someone can do to improve their software is going to be criticized by someone, regardless of intent. You want to incorporate telemetry so that you can determine ways to improve regularly-used features or fix confusing options? Fuck you, privacy comes first. You want to seamlessly automated bug reports without bugging (pun intended) the user? Fuck you, privacy comes first. I get that a certain amount of healthy concern for the side-effects of such behavior is worthy of attention, but with modern software doing what it does, it seems like nothing can be coded without offending someone's sensibilities. It's suffocating.

    At some point companies are going to just say "fuck it" and do what they want, because people are critical bastards and always think of the worst. Microsoft seems to have gone past this ages ago with their design decision in Windows 10 for example (e.g. auto updates). I guess they figured that since everyone hates them anyone and refuses to understand their reasoning, they might as well just do what they want with the assumption that the overall benefits will be worth the scorn.

    You're right though - Engineering would be so much easier if we never had to worry about unintended consequences or inconvenient best practices. But we can't worry about EVERYTHING because then no-one could improve their software without some paranoid nutbags getting in the way.