Many of us cover our laptop’s webcam to avoid being spied on surreptitiously, but your phone’s mic is what you should be more worried about.
Some of India’s leading apps and games – including Hotstar, Dainik Jagran, Chhota Bheem Jungle Run and NewsDog – use Audio Content Recognition (ACR) to listen to ambient sound in your vicinity, including snatches of what you are watching on TV, or any videos or music that is playing around you.
Developed by Bengaluru-based Zapr Media Labs for these apps, plenty of popular Indian games developed by Nazara also use ACR to access a device’s microphone to identify what a user is watching or listening. Zapr is backed by the likes of Star (which develops Hotstar), Flipkart, Saavn and Micromax, among more than a dozen other investors.
Interestingly, Hotstar launched a native in-app advertising network earlier this year to earn more revenue from targeted marketing, and it also tied up with Flipkart on a shopper audience network, which would involve some form of data sharing between the two companies.
So, what’s the impact? Well, aside from the serious privacy concerns of being spied on, you also fall victim to targeted advertising, even when you have given your explicit consent to using the audio data. But as Zapr believes it can be used to offer “better recommendations by analyzing your media consumption habits”, as per the report in Factor Daily, which did a detailed expose on the ACR tech by Zapr.
How Does It Work?
Zapr’s ACR technology uses the device’s microphone to monitor the audio playing on a device or the ambient surroundings and then creates a profile of the user’s media consumption habits. The data is then shared with the app’s developer to push out personalized content recommendations, ads, or is resold to other advertisers for targeted marketing.
Zapr claims to have India’s largest analytics database of users’ media consumption preference, which has been developed by creating an audio fingerprint of every second of a TV show, songs or movies.
Once its ACR technology picks up an audio signal from a device’s microphone, it converts it into an audio fingerprint and then matches it against the database to create a profile of a person’s content preference. Once it is done, the app’s developer can push recommendations that are more likely to be picked up by the user.
“That is totally a breach of privacy. Unless they give me clear cut indication that it is going to be used only by them (the app that hosts the code) for a specific purpose and not be shared with any other party, that amounts to breach”, retired Supreme Court judge B N Srikrishna said. However, he added that the absence of comprehensive data privacy laws such as GDPR makes it difficult to categorize Zapr’s technology as illegal or legal.
Zapr is currently undergoing an external privacy and security audit that will conclude by the end of 2018. Sandipan Mondal, its CEO, claims that their ACR technology would help brands and advertisers recommend the right kind of content with higher accuracy and efficiency.
When asked whether users are aware if they are being monitored, Mondal gave an evasive answer. “I don’t know. I think as technologists we have to try our best to be as transparent as possible and not hide things behind legalities and jargon,” he said being as vague as possible.
One way users can block such apps from tapping into what your microphone is listening to is by blocking the permission in Android. Simply deny the app access to microphone audio, and you should be fine in most cases. The fact that none of these apps actually need your microphone to work is a blessing.
Of course, Zapr is not the only service which lets app tap into what you are listening to or watching around you. There have been other controversies on this front as well, thanks to the return path data technology adopted by nearly all DTH providers in the country.