A question mark in a ball (datacurious logo)


Jennifer Chen
July 13, 2021

Is my phone spying on me?

Illustration for undefined

How many times have you casually discussed your latest purchase at a new brand or talked to your friends about a verrrry specific fact...only for that very item to show up on your newsfeed a few days or even hours later? There’s no way that could happen if ad companies weren’t listening to you.

Is there?

Well, “listening” can mean different things depending on the context. If by “listening” we mean, “your microphone is always on and your conversations are always being monitored and logged,” then no, we aren’t being listened to. The processing power, bandwidth, and storage capacity required to make that information useful is simply too great for today’s technological capabilities. It’s almost possible: In order to serve you voice-controlled features like Siri or Alexa, your microphone has to listen to you so that it can catch the “activation phrase” like “Hey Siri!” or “Alexa.” However, major tech companies like Apple and Facebook say they don’t record or use any conversations for advertising purposes.

Some advertisers* admit they can pick up ambient background sound like a TV commercial, which helps them make inferences about your interests**. But the scary thing is, companies and advertisers don’t even need to listen with a microphone to our gushing over the latest sneaker brand to know what we like. Data brokers can pick up bits of our everyday interactions and put those pieces together to form an accurate persona. That late-night grocery store run? When you use your credit card, data brokers can link that transaction to your social media account (because you consented and agreed to share your data when you signed up for both services, right?). The more points of data they have, the more companies can piece together a startlingly accurate profile of who you are—and moreso, using other aggregated data of other similar demographic profiles to target what they think people in your group might want.

For example, when I go to my local Lucky’s grocery store, I give them my phone number as part of their “member rewards” program for special deals. From that purchase transaction, they’ll know my phone number is tied to a specific credit card number—and that same phone number happens to be the same one I use to verify my Twitter account. When I log in later, I get an ad for the same brand of coffee I just bought at Lucky’s even though I didn’t say anything or do a search. Advertisers know my purchase history from that transaction, and tie it to my Twitter account, which will then show an ad for that product.

But what about ads for products you’ve never bought or searched for? Or only heard about in casual conversation in passing? For example, I regularly play mobile games, such as Pokemon Go. So do many of my friends, with whom I hang out regularly. (No big deal.) Over time, I start to get ads for mobile games they play, even if I’ve never searched or downloaded those apps myself. How did they know what games my friends played, and why would they try to advertise them to me?

When our phones are in close proximity to each other, there’s a good chance they’re on the same local wifi network with the same IP address. From an advertiser’s perspective, unless they also collect individual device IDs, it appears both devices are the “same user”—therefore the data and behaviors from both are blended into one. That way, both me and my friends’ interests get mixed together. That’s why after a trip to my sister’s house, I often start getting advertisements for her favorite brand of sportswear, even though I’ve never bought it or searched for it—but I’ve definitely commented on her outfit several times, so it feels like these advertisers are listening to what I’m saying. In reality it’s far more likely that since my phone and my sister’s phone are connected to the same wifi network, the algorithm assumes we’re both the same “person” and combines my browsing and purchase history with that of my sisters—which includes that very sportswear brand.

Even if your wifi is off, location tracking still plays a big part when it comes to targeted advertising. Let’s say one of my friends and I had a conversation about buying a new frying pan. Now, this friend and I weren’t on the same wifi network, but we’re friends on Facebook. When I go home, suddenly my Facebook feed shows me an ad for the exact same brand we were chatting about***.

Secret spying? It’s most likely my friend had searched for some frying pans earlier that day, plus her digital history shows she loves to cook—posts, searches, interests, etc. Facebook knows this, and by extension, the data brokers who collect all these data points. With wifi off, if we had our locations on we give out an additional data point—that us two were in close vicinity, and likely physically together, that day. Since we’re Facebook friends already, and we share some common interests (like cooking), the algorithms will assume that if my friend searched for that frying pan, then there’s a good chance I’d be interested—especially if we were in the same location recently, and my friend just searched for a frying pan.

Finally, there’s collected demographics. Each of us may be unique individuals, but given enough data we can also be easily grouped by different demographics and other factors: interests, geolocation, age, gender, etc. Advertisers might not necessarily be trying to serve me personally, but based on my data, people with similar interests and demographics who like x usually also like y. In this case, female users in my age range with “cooking” as one of their interests tend to like the frying pan my friend searched for. So, it’s recommended to me due to demographic popularity—and it seems like my phone was listening in.

So now that we’ve broken down some of the magic behind why your phone seems to be spying on you: Is there a way to limit these hyper-targeted ads, even if they can’t listen to your conversation? If you have an iPhone, iOS 14 and later allows you to block ad tracking in your phone’s overall settings. For Android users, you can choose to opt-out of personalized ads that use your unique advertising ID. You can also turn off apps’ access to your microphone and diction options (e.g. Siri, OK Google, Google Assistant) to prevent ambient noise eavesdropping. We’ve said it once and we’ll say it again: If you don’t feel comfortable with access to certain permissions, remember you can always deny or turn them off. It may seem impossible to completely get rid of our digital trail, but we can make it harder for large corporations and advertisers to learn about us—and to assume we’re shopping for frying pans and athleisure when sometimes we’re just in the mood to browse.


**https://www.theatlantic.com/technology/archive/2015/11/your-phone-is-literally-listening-to-your-tv/416712, https://www.spiralytics.com/blog/mobile-ads-can-phone-hear-conversations-infographic/, https://www.popularmechanics.com/technology/security/a14533262/alphonso-audio-ad-targeting/


What do you want to know about data, privacy, or technology?

Data Curious is a public resource supported by Good Research LLC in collaboration with the Center for Digital Civil Society at University of San Diego.

To contact us, send us an email at hello@datacurious.org.

AboutPrivacy Policy