As many as 53% of phone users report that their phones are listening to their private conversations, as was evident from advertisements related to such conversations that are served up to them. This was revealed in a survey conducted by LocalCircles.
LocalCircles says, "...since 53% of those surveyed said, they are seeing advertisements on web or app based on their phone conversations about products or services, one has to assume that at least some apps are engaging in such activities. Almost 84% of smartphone users have given access to their contact list to one or more apps, including WhatsApp, Instagram and Truecaller."
Most citizens in the survey accept that they have given access to their phone's microphone to several apps, especially audio or video calling apps, social media and audio recording apps.
"Audio and video-based social networks like Twitter Spaces and video calling apps like WhatsApp, Skype, Zoom, and Google Meet require microphone access. One can only hope that any apps that have taken user's consent to their phone's microphone are not recording the verbal conversations and sharing them with third parties," LocalCircles says.
While technology has made our lives easier, it also poses a significant risk as individuals expose their personal data to third parties. It also enables cybercriminals or hackers who try numerous ways—phishing, malicious malware software, malicious mobile apps, smishing, and insecure networks—to get hold of users' data, which is then put to misuse. There have been growing instances of many Indian users reporting that certain mobile apps are now listening to their phone conversations as they are presented with relevant ads after that.
LocalCircles says it has been receiving thousands of posts and comments over the past 12 months on people's data being shared without their consent and in several cases, people even complained about seeing advertisements based on their voice conversations. To understand the magnitude of this issue, LocalCircles conducted a survey, which received more than 38,000 responses from citizens residing in 307 districts of India.
53% of the citizens surveyed said they have had one or more instances in the last 12 months where they saw advertisements on web/app based on their phone conversations
Over the past two years, LocalCircles has received more than a hundred complaints from citizens about advertisements presented to them based on the content of their recent phone conversations. In community discussions, citizens also discussed with each other similar instances they have experienced.
There are many apps that ask users' permission to access their microphone; however, in many cases, users are not made aware of what reason their phone microphone is being used and where this data is being shared, other than the service they require.
Several apps-for instances, gaming apps require users' permission to access their microphones. A few of them go to recording a user's voice, thereby violating the user's privacy rights.
To gauge the extent of the issue, the first question in the survey asked citizens, "In the last 12 months, have you had experiences where after you spoke to someone on the phone about a particular product or service, when you went on website or apps afterwards you were presented with ads for such product or service?"
In response, 28% said 'Yes, happens all the time,' 19% said 'Yes, has happened several times', and 6% said it has 'Happened a few times'. Only 24% of citizens said that it has never happened, while 23% did not have an opinion.
The findings of the poll suggest that 53% of citizens are seeing advertisements on web or app based on their phone conversations about products or services, LocalCircles says.
Majority of Indians have given microphone access to their mobile phone for audio and video calls, social media and audio recording apps
There are reports, which indicate that turning the microphone off can help prevent apps from listening to your conversation. However, it is not a viable option for many apps as they require the phone's microphone for speech to text, call, and record voice.
That said, users rarely go through the pain of turning a microphone 'on' and 'off' only when they need it. This is primarily because users are not made aware of their phone microphones being used for anything other than the service they require or of information being stored.
LocalCircles survey sought to know from citizens if they have given access to their phone's microphone to different apps. In response, 9% said '(1) To all apps,' (2) 18% said 'Apps used for audio and video call', and 11% said '(3) Apps used for social media, music, audio video recording', and 4% have given the access to '(4) Apps that assist in usage of phone via voice'.
Breaking down the poll, 11% voted for '2 & 3' type of apps from the aforementioned options, 5% said '2 & 4', while 13% voted for '2, 3 & 4' options. There were only 11% of citizens who have not given their phone's microphone access to any apps, while 18% did not have an opinion.
"Based on aggregated responses, it is clear that most Indians have given microphone access to their mobile phones for audio and video calls, social media, and audio-video recording apps," LocalCircles says.
84% of smartphone users have given access of their contact list to one or more apps
The next question in the survey asked citizens, "What is your current status in regards to giving contact list access to one or more apps?" In response, only 16% of citizens said, "Have not given contact list access to any apps". The majority, 84% of smartphone users, said, "Have given access of their contact list to one or more apps.
84% of smartphones users in India have given their contact list access to WhatsApp; 51% have to Facebook or Instagram or both; 41% have given access to apps like TrueCaller
Citizens were asked what are all the apps that they have given their contact list access to and were given multiple options. If the responses are analysed, 84% of citizens have given access to their contact list on Whatsapp, 51% have given access to Facebook or Instagram and 41% have given access to Truecaller.
Breaking down the poll, 49% said 'Google apps,' 33% said 'Skype' and 20% said 'Twitter.' There were also 31% of citizens who said 'Paytm, PhonePay, Mobiwik' and 10% said 'Snapchat, Signal, Telegram' and 14% said 'others.'
According to LocalCircles, these apps and sites only take secondary consent and do not make users aware of where or how this information will be used. It says, "The key for sites and apps that are using verbal conversations of users is to comply and ensure the usage is clearly defined in the terms and conditions of their app and the key for the government is to ensure that if there is a breach reported or suo moto, take penal action against the violators."
In the absence of a data protection regime, some websites and apps are using loopholes to manipulate data for various advertising purposes.
For instance, LocalCrcles says some users have also alleged that a caller identification app popularly used, TrueCaller, reveals personally identifiable information, including the name registered with a mobile number and sometimes occupation, email address and even employer's name on the app without the user providing consent to share that information.
"The information is sourced from a user of Truecaller, who has shared their contact list to use the app, and the individual happens to be in that list. In the absence of a data protection law in India, Truecaller continues to use this practice," it added.
Governments worldwide are cracking down on companies that misuse people's data. One of the most prominent laws that pertain to data collection is the General Data Protection Regulation (GDPR) put in place by the European Union (EU) in 2018.
However, the Parliament of India is yet to approve the Personal Data Protection Bill 2019 and the joint parliamentary committee (JPC) has been meeting with different stakeholders since 2018. The Bill aims to provide legislative and statutory protection to users' or citizens' personal information and recognises protecting the data of individuals as their rights. This Bill, once approved, will provide the due powers to a newly created Central Data Protection Authority (CDPA) to act against violators if a personal data breach is established.
Citizens, via LocalCircles, had escalated various inputs on what constitutes private information to a common citizen along with penalties for data breach to the government in 2017; these were used as a key input in the draft of the Personal Data Protection Bill.
As the JPC conducts stakeholder consultations and the Parliament debates the Bill in the upcoming sessions, LocalCircles says it will share these recently received concerns for their consideration.