Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Tells Lawmakers iPhones Are Not Listening In On Consumers (reuters.com)

Posted by BeauHD on from the privacy-concerns dept.

An anonymous reader quotes a report from Reuters: Apple told U.S. lawmakers on Tuesday that its iPhones do not listen to users without their consent and do not allow third-party apps to do so either, after lawmakers asked the company if its devices were invading users' privacy. Representatives Greg Walden, Marsha Blackburn, Gregg Harper and Robert Latta wrote to Apple's chief executive Tim Cook and Alphabet chief executive Larry Page in July, citing concerns about reports that smartphones could "collect 'non-triggered' audio data from users' conversations near a smartphone in order to hear a 'trigger' phrase, such as 'Okay Google' or 'Hey Siri.'"

In a letter to Walden, an Oregon Republican who chairs the House Energy and Commerce Committee, Apple said iPhones do not record audio while listening for Siri wakeup commands and Siri does not share spoken words. Apple said it requires users to explicitly approve microphone access and that apps must display a clear signal that they are listening.

4 of 214 comments (clear)

  1. Post the source code by spire3661 · · Score: 4, Insightful

    and we will believe you. Until such a time as the code can be verified by third-parties, your word is utterly meaningless. Trust, but verify.

    --
    Good-bye
    1. Re:Post the source code by jellomizer · · Score: 4, Insightful

      Why would that prove anything?
      If Apple is going to deceive you in front of lawmakers. Why not release source without the offending code, and compile and send a different branch with it.

      Most of us even hard core open source Linux fans, will not install their applications by compiling the source.
      make clean & make & make install
      We would rather just run the apt-get, download the .deb or .rpm file which has the executable precompiled. Saving you the time and effort of the build.

      Sure some of us will compile our code before we run it. But heck if you are in the business of spying, that could be considered a trade-off.

      If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.

      For the most part it is in Apples best interest in not getting caught betraying our trust in its security feature. The easiest way to not get caught is to not do the action.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    2. Re:Post the source code by spire3661 · · Score: 4, Insightful

      The point is the option should be there so that a person can look at it and say 'Holy shit, what the hell is this?'. It doesnt matter how many actually do it, what matters is that it represents a logical break. Without any way to look or alter the code, its a black box, forever. You dont trust a black box.

      --
      Good-bye
    3. Re:Post the source code by Wrath0fb0b · · Score: 4, Insightful

      If Apple is going to deceive you in front of lawmakers. Why not release source without the offending code, and compile and send a different branch with it.

      Indeed.

      Most of us even hard core open source Linux fans, will not install their applications by compiling the source.
      make clean & make & make install

      First, even those that do will not audit the entire source. I bet you could insert a function send_personal_data_to_kgb_and_nsa(void) and only a small number of people running ./configure && make -j12 install would notice. If you obfuscated the functionality a bit better, no one would notice :-P

      Anyway, even if you did audit the source, that is not sufficient to guarantee that the compiled binary faithfully represents the source files input. To do that, you have to audit the entire compiler/toolchain. And then you have to audit the compiler used to build the compiler.

      If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.

      But the phone has storage. And it has speech-to-text, part of which happens locally. Both of those features mean that, in theory, the phone could record and process the audit and then dribble it out over the network later when you are doing some other legitimate network activity.

      So if you REALLY want to be certain, you have to fill up the storage (wait, there could be a secret reserve of a few GB that are not user-accessible) and also monitor the supply lines from the battery to ensure there is no heavy speech processing that might be transcribing it to text :-D

      I agree with the sentiment of your post, just like showing that there is no way around having some level of trust in the hardware/software that you use.