Remember meForgot password?
    Log in with Twitter

article imageShazam forced to backtrack over always-on Mac mic concerns

By James Walker     Nov 15, 2016 in Technology
Shazam's Mac app never turns the microphone off, according to a security researcher who studied the program. While Shazam doesn't process audio while in the background, its lack of warning to users has caused a privacy scare. The app will be updated.
The behaviour was discovered by Patrick Wardle, a former NSA hacker who now builds security tools for Mac computers. As Motherboard reports, Wardle uncovered Shazam's suspicious microphone use through his new OverSight software. It's a program designed to alert users when an app accesses their webcam or microphone.
After releasing OverSight, Wardle was contacted by a user. They'd observed OverSight continuing to warn that Shazam was using their mic, even after turning the in-app toggle to "off." Wardle began to investigate, considering that a flaw in his software could be generating false positives. After reverse-engineering Shazam's app, he determined that it was the third-party program at fault.
In a blog post, Wardle confirmed that the Mac version of Shazam never stops listening to the microphone. He warned that the app isn't actually spying on its users, instead keeping the mic open to allow its features to work next time it's turned on. When Shazam is turned off, it remains connected to the microphone but stops processing audio.
"I saw no indication that this recorded data is ever processed (nor saved, exfiltrated etc)," said Wardle. "However, I still don't like an app that appears to be constantly pulling audio off my computer's internal mic."
The constant mic access could open Shazam to hijacking by other applications. Malware could infiltrate the feature to spy on users, recording audio without their knowledge. Shazam itself should be making it clearer what its "off" button actually does. While audio sampling does stop, "they are still recording all the time," Wardle said to Motherboard.
Shazam has denied the behaviour poses a risk to users. It said the feature makes Shazam faster to turn on the next time it's enabled, helping ensure users are able to launch the app quickly enough to record a song.
"There is no privacy issue since the audio is not processed unless the user actively turns the app 'ON,'" James Pearson, Shazam's VP of global communications, told Motherboard in a statement. "If the mic wasn't left on, it would take the app longer to both initialize the mic and then start buffering audio, and this is more likely to result in a poor user experience where users 'miss out' on a song they were trying to identify."
Shazam has since changed its stance on the matter. After Pearson made the comments to Motherboard, CNET spoke to Fabio Santini, Shazam's chief product officer, and heard a different version of the statement. The company now plans to release an update that will change the app's behaviour, insisting it does listen to user concerns. The widespread negative publicity appears to have forced Shazam into taking action.
"We want to be sensitive to what our users think and feel," Santini said. "Even though we don't recognize a meaningful risk, we want to make this configuration change to show that we care, and we pay attention, and we want them to feel good about using Shazam on their Mac."
The discovery highlights the potential privacy risks of some of the most popular apps. Always-on microphone access is becoming more common across devices. Emerging technologies such as digital assistants can require a continuous connection to the mic to enable hot-word recognition. Shazam kept the mic open without any warning though, leaving the user uninformed. The company said an update will be released later this week.
[UPDATE 15/11/2016 19:00 GMT]
In an emailed statement to Digital Journal, Shazam has stressed that its app does not use the microphone to directly record audio. Shazam uses audio "fingerprints" to identify soundwaves and compare them to known songs in its database, limiting the scope for attackers to use its app to spy on users.
"Contrary to recent rumors, Shazam doesn't record anything," the company said. "Shazam accesses the microphone on devices for the exclusive purpose of obtaining a small fingerprint of a subset of the soundwaves, which are then used exclusively to find a match in Shazam's database and then deleted."
The company added that it takes user concerns about its app "very seriously" and will be updating its Mac app accordingly "within the next few days."
More about SHAZAM, Mac, Apple mac, Privacy, Security
Latest News
Top News