FlexiSpy, ShopKick, Roving Bugs and a New Breed of Spyware?

Posted by on January 5, 2011 at 4:14 pm.

(credit:Spyware Blockers Pro)

Given all the coverage of iPhone, Android, Blackberry and Windows Mobile apps lately,  I’m surprised I’ve seen relatively little discussion of the new privacy issues some apps present — particularly when they leverage phone resources such as the microphone.  Microphone spying may have been a small issue when many desktops didn’t have microphones or microphones were stuck wherever the computer sat, but the ubiquity and proximity of smartphone microphones opens a new “roving bug” risk that extends beyond the phone owner to anyone nearby.


  • I see two ways to go with this: Bring down the heat on the makers of unscrupulous apps or outsmart them with detection apps and blacklist the apps. Just don’t bring the government into it.

  • cde says:

    Uh, Shopkick has this little thing called walkin’s, which give you points. They work by your phone listening for a special audio frequency played by shopkick devices installed at certain stores. For the shopkick app to listen, it needs the record audio permission (there is no simple “”listen but don’t record audio”” permission. Makes no sense from a programming standpoint, and any app that needs to hear audio requires that permission). It’s a core feature of the app, on both android and ios. Have you even used the app?

  • dan says:

    @stephanie: I agree, no need for government, just transparent developers on exactly what/when they record, how those recordings are used, and what is done with them after use — resulting in more informed consumers.

    @cde: I understand that recording audio around someone’s smartphone is, in your words, a “core feature of the app”. That’s exactly why it was included in this article. However, they say nothing in their TOS, Privacy Policy or marketing materials about the details of those recordings. For example, do those recordings meet the requirements of state and federal eavesdropping laws? If so, how? If not, how far does the legal risk extend; just the app developer, to the merchant getting walkins, to the user who’s phone is recording conversations? I’m not sure the laws include a “there is no simple ‘listen but don’t record audio’ permission” exception.

  • richardp says:

    Interesting article. You may also want to look into the new Nielsen Media sync app for the iPad which listens to and syncs with a TV programme (technology licensed from Digimarc) – currently working with Grey’s Anatomy on ABC.
    Links here:

    Also Gracenote previewed a new video information system at CES using a similar approach:

    Do any of these apps ask the user for explicit permission? Not that I have seen!

    Oh and it would seem really easy to ‘game’ the Shopkick system with various sites which have posted recordings and scans from participating stores! So any user could fake ‘walk-ins’.

    Still, I am curious how the legal aspect you have covered will impact this type of app.

  • Nick says:

    Interesting ideas, but why take such a cynical view? In my experience with the Shopkick app, there is almost no chance that it can be uploading audio clips to a server somewhere. A bandwidth monitoring app can show you the miniscule amount of data that SK is uploading when it is running, and that once the ShopKick app is no longer running, it is not transferring any data.

Trackbacks / Pingbacks

Leave a Reply

Disclosure Policy
Advertisment ad adsense adlogger