Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
That was a clever use of Internet permissions, which were requested by the apps, rather than a covert usage of permissions that the apps weren't supposed to have. There's a difference between using a permission creatively and using a permission that you're not supposed to have.
Does this difference actually matter? 99.99% of users will click "allow" on any permission a "trusted" app (like facebook or browser) would ask them for, and would never realize any of those deep technical aspects.
If you've got a green microphone chip in your notifications bar because Facebook is listening to you, then it's not really a mystery if Facebook is listening to you or not and this conversation would be over.
However, this doesn't happen and nobody has produced an explanation of how it could happen without the OS notifying the user that the microphone is enabled.
Nobody checks any notifications bars when your phone is in your pocket or sitting on your table. A tiny green dot is hard to miss. Also, I am not entirely convinced there's no way to turn on the microphone (hardware) without showing the green dot (software). It's be very easy to lay all these doubt to rest - make a hardware microphone mute switch, that physically (electrically) disconnects the microphone hardware. I'd trust that. Nobody does it though.
Why would you trust the Phone OS to set the electronic switch off (a physical switch isn't possible) if you don't trust the same OS to not route audio to the app without your permission?
Why a physical switch isn't possible? Looks like very basic thing, just interrupt the circuit.
There isn't "the circuit" to interrupt. A phone has something like half a dozen digital MEMS microphones, so you'd have to interrupt a whole bunch of circuits with a single switch. That'd require an expensive and more failure prone multi-pole switch and would be hell to route. You can't just cut power to the mics either because you need to turn off the clock signal before cutting power to prevent overdriving the protection diodes and also short circuiting the clock driver (and you can't sequence the clocks because the switch directly cuts power before the cpu has a chance to react). Plus of course there would again be the routing issue.
Then there are the legal ramifications. You have to be able to call the emergency number while paniccing and phones go to quite some lengths to bypass blocks to enable that. This would of course be impossible with a physical switch.
Finally, the whole thing is completely and utterly pointless for anything other than state level actors who have to worry about zero day exploits in the OS itself (where "turn off the phone" / "leave the phone in a sealed box" is more secure and much easier to do). Anyone with half a clue of how operating systems work knows that an app can't "just access" the microphone and the OS has to do a whole lot of work to stream audio to an application via a dedicated API that is used solely for that (which is a fundamental difference from all the typical file permission bypass exploits).
This is a very convincing argument about physical microphone switch being completely impossible. As somebody who never designed a phone, I have to completely defer to your expertise. Except for one small thing: phones with physical microphone switches actually exist. Example: https://puri.sm/products/librem-5/ Must be using some kind of unholy black magic, because is also costs less than many of those phones where there's absolutely no way to do it, both physically and legally. As people should not associate with unholy black magic, I guess we'd have to agree this is just not possible.
Yes, also known as "worse performance in the aspects that people actually care about". If all you cared about was apps not being able to listen to the microphone, you could always buy a dumbphone with no apps (or just not install any apps you're concerned about).
Also do you actually know that they disconnect the microphone or are you just believing their marketing material? Have you verified it yourself from the schematics? If you haven't done even that, why do you trust it more than what every expert in the topic says about audio routing and app permissions in regular phone OSes?
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link