The researchers used 10 Android phones and ran an automated programme to interact with over 9,000 apps (out of 17,260 apps the researchers analysed) that had permission to access the camera and microphone. They were looking for any media files that were sent, particularly to an unexpected receiver. They noticed that some screenshots and video recordings of what people were doing in apps were being sent to third party domains and the users didn’t know about it.
Limitations of the research
The phones that researchers used were being operated by an automated programme and not by not by actual humans, which means that the apps in question were triggered in an unnatural way, or not in a way a human could have triggered them. The phones were kept in a controlled environment. “For the first few months of the study the phones were near students in a lab at Northeastern University and thus surrounded by ambient conversation, but the phones made so much noise, as apps were constantly being played with on them, that they were eventually moved into a closet,” the report added.
Considering the above mentioned scenarios, it is possible that the results obtained by the researchers are skewed. The researchers will present their work at the Privacy Enhancing Technology Symposium Conference in Barcelona next month.