(Replying to PARENT post)

I did quite a bit of Jailbreak/tweak dev in the past, and I was curious if you could just hook into AVAudioRecorder and show an alert any time it was invoked.

So, I did this sort of thing years ago when I wrote a tweak for the InPulse smartwatch (later became Pebble) https://github.com/brandontreb/inPulseNotifier .I was able to hook into the system messaging, forward it to a custom bluetooth stack (sending it to the watch) and forward the message up the stack to be displayed by the system.

It would stand to reason that the same sort of process would be effective for catching Facebook invoking audio recording. Once you hook into the AVAudioRecorder's interface, you could theoretically observe the following:

1. Open the Audio Recorder app and hit Record - An alert should show to prove your tweak is working.

2. Open the Facebook app. If you receive a similar alert at some point, you could at least prove that FB is invoking the audio recorder at some point without the user's expressed permission.

Am I crazy or could this test actually work?

👤brandontreb🕑7y🔼0🗨️0

(Replying to PARENT post)

It's possible Facebook could be using an exclusive method to access hardware more directly, much like how Uber had access to restricted developer debugging tools which allowed them to record the screen even when the app was closed.

https://thehackernews.com/2017/10/uber-screen-record-iphone....

👤sine🕑7y🔼0🗨️0

(Replying to PARENT post)

The Microphone access switch in Privacy settings is not just to make users feel better – it enforces that the app has zero access to the microphone. If someone has reason to believe that's not the case, they should report it to Apple Security.

The tricky bit is when users give microphone access to the app (i.e. for video recording functionality), but want to verify it's only being used then.

👤conradev🕑7y🔼0🗨️0

(Replying to PARENT post)

My theory is that a different 3rd party app is listening and that FB/Goog are buying the data without even knowing the 3rd party app is listening. Some of the coincidences could be frequency illusion, but I really don't think so. Some of the coincidences are just too strange.

👤wtvanhest🕑7y🔼0🗨️0

(Replying to PARENT post)

This works for sure, but only on jailbroken devices.

On the other hand, facebook can check (at least on IOS) easily if the device is jailbroken and behave differently.

You can also patch binary and inject some code, (probably swizzle AVAudioRecorder methods) for the same effect.

In this case, Facebook can check binary integrity, and change behavior accordingly.

So this is kind a cat and mouse game.

👤bluesign🕑7y🔼0🗨️0

(Replying to PARENT post)

If I were Facebook and I were trying to surreptitiously record users via the microphone, I think I would do it by using lower-level hardware APIs rather than high-level Cocoa APIs.

Disclaimer: I don't really know a) if there is some other way to interface with the mic or b) what I'm talking about in general.

👤wycy🕑7y🔼0🗨️0

(Replying to PARENT post)

you mean introduce a traceable side effect in the underlying dll/system-api? Sure that could work (many debuggers do that), but perhaps they are just not using the same API, or just find another way to stream the data without go through the same interfaces (idk, perhaps through browser APIs or they keep recording all time and just send portions of data which is locally inspected)... it is a good challenge and certainly observing the interruptions hardware could be the right way to go.

In the other hand that is a considerable effort for someone who does not usually work with this part of the stack... would you be able to introduce this changes in an android OS?

👤nudpiedo🕑7y🔼0🗨️0

(Replying to PARENT post)

I am wonder, can we not just use wireshark and see that is any audio packet send to Facebook or not.

I am not network guy so just asking and seeking for valid explanation.

👤jageen🕑7y🔼0🗨️0